Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Setting up the Identity Integration Feature Pack
Page 1 | Page 2 | Page 3

Setting up the Identity Integration Feature Pack

Overview

?Identity Integration Feature Pack (IIFP) for Microsoft? Windows Server? Active Directory? manages identities and coordinates user details across Microsoft Active Directory, Active Directory Application Mode (ADAM), Microsoft Exchange 2000 Server, and Exchange Server 2003 implementations. Using Identity Integration Feature Pack, you can combine identity information for a given user or resource into a single, logical view. Identity Integration Feature Pack 1a also automates the provisioning of new and updated identity data, eliminating time-consuming, repetitive administration and the need to manually add, delete, or update identity information, groups, and user accounts.? ? From IIFP Download Site

Basically, IIFP is a trimmed down version of MIIS (Microsoft Identity Integration Server) that is focused on synchronizing data in Microsoft directories (AD & ADAM).? It only includes the Management Agents (MA) used to communicate with these directories.? It also includes a special MA to synchronize Exchange objects in two forest/GALs.? The GAL sync MA will create contacts in the foreign forest for mail enabled objects in the local forest.? For more information on setting up GAL sync, see the article written by Marc Grote on MSExchange.org.

This will be the first part of an article series that walks you though the process of configuring IIFP to synchronize user objects in two domains.  The goal is to have a source domain that objects are created in either manually or by some other process that needs to be replicated to a second domain.  This could be useful to keep a lab domain populated with the same user objects as a production domain.  This could also be used for any environment that has Exchange setup in a resource forest, but additional steps would be required to mailbox enable the new user objects in the resource forest.  In addition, permissions would need to be set correctly so that users in the account forest can access their mailboxes in the resource forest.  In Part 1, this article, I cover setting up IIFP.  Part 2 covers creating MAs to sync attributes between two domains for existing users only.   Part 3 covers creating a rules extension to create users in the target domain based on users in the source domain.

This article assumes you have a basic understanding of MIIS, click here if you do not.? It also assumes that you are able to install SQL 2000 and Visual Studio 2003 without detailed steps.? Knowledge of Active Directory and the key objects and their attributes is also needed.? A basic understanding of Visual Basic coding would be helpful, but is not required.? All code can be copied and pasted from this article with minimal edits.? For a great source on setting up multiple MA for different directory sources, see Oxford Computer Group's "Provisioning with Microsoft Identity Integration Server 2003" whitepaper, available at: http://www.oxfordcomputergroup.com/ocg_/images/resources/Provisioning%20with%20MIIS%201.0.pdf.

Requirements

The main requirement for IIFP/MIIS is Windows 2003 Enterprise Edition.? A license of IIFP is included with Enterprise Edition where MIIS is $24,999 per processor.? Because the cost of IIFP is zero, except for the Windows 2003 Enterprise Edition, SQL 2000, and Visual Studio cost, I will be using it in this article.? The next requirement is SQL 2000.? Both IIFP and MIIS use SQL to store configuration information, settings, and directory data.? SQL 2000 is being used since there are currently performance and other issues when trying to use SQL 2005.? Both Standard and Enterprise edition are supported.? The next piece of required software is Visual Studio 2003.? Visual Studio 2005 will work with MIIS if the update to SP1, covered in KB842531, is installed; KB884192 for IIFP.? Visual Studio is only required if you need to create or edit rules extensions.? In this article series we will create a rules extension that will create users in the target domain.? You do not need to create a rules extension or need Visual Studio if you just want to synchronize attributes on existing objects in two different directories.? Without rules extensions IIFP/MIIS cannot create objects or make complex changes when MAs run.? For an interoperability matrix see this post on Brad Turners Blog.? In general, IIFP/MIIS is a basic attribute synchronization engine that must call DLLs (rules extensions) to carry out more advanced operations like object creation, deletion, merging of attribute values, utilizing a workflow, and more.? MIIS mainly just provides the framework that ties the required pieces together to provide a metadirectory and directory synchronization solution.

Installation

A.     SQL 2000

?        An existing SQL server can be utilized, but it is recommended that a dedicated local SQL instance is used for best performance.

1.      Install SQL 2000 Standard or Enterprise Edition

a.       Windows Integrated or Mixed authentication can be used

2.      Install SP3 or SP4 for SQL 2000

3.      Start the MSSQLSERVER service

B.     Visual Studio .NET 2003

?        Only professional edition is needed, Enterprise Architect and Developer editions will work also.

1.      Install Visual Studio .NET 2003 Prerequisites

a.       Run SETUP from Disk 1 and go though the steps to install the prerequisites

2.      Install Visual Studio .NET 2003

a.       On the step screen, click Visual Studio .NET to begin the installation wizard

b.      Click Continue at the license screen

c.       Optionally, unselect everything accept ?Visual Basic .NET?

?        IIFP/MIIS supports both Visual Basic .NET and C# .NET based rules extensions.? You could choose to leave Visual C# .NET selected if you want to develop extensions in C#, not covered in this article.

d.      Click Install Now! to start the installation process

e.       Click Done when the installation process is finished

f.        Click Exit on the installation wizard screen
 

Setting up the Identity Integration Feature Pack
Page 1 | Page 2 | Page 3

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008