Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Configuring IIFP to Sync User Attributes
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7

Populating the Metaverse

Now that the run profiles have been created on the MAs, the next step is to run them to populate the metaverse.  In the steps below, we will populate the metaverse with the objects in the source domain.  We will then view these objects using the Metaverse Search page.

A.    Running the Source Domain MA

1.      On the Management Agents  page, click the ?Source Domain? MA

2.      Under actions, click Run

3.      Select Setup Metaverse

4.      You should notice the State will go from Idle to Running and then back to Idle after a few moments

5.      In the lower left hand section of the page you should now see statistics on the steps that were run, click Step 1

6.      My test environment had six users in the OU, or container, selected when the MA was created, click on Adds or the number

a.       This will bring up the list of objects, their parent object (OU), and domain they exist in

?         This list will be based on the objects in the OU selected when the ?Source Domain? MA was created.  In my environment, I selected the ?CTU? OU under domainb.service1.net.

b.      Click Close

B.     Viewing the objects in the metaverse

1.      In the Identity Manager console, click the Metaverse Search button

2.      To the right, click the Search button

3.      After a moment, the list of users who were in the OU that you selected should be shown

?         The only attribute displayed by default is the displayName attribute.  This can be customized by clicking on Column Settings?  You can refine your search by adding search clauses by clicking on Add Clause under Action.

4.      Click on one of the users and click Properties under actions to the right of the Search Results window

a.       This will bring up a list of all attributes that were replicated from the source AD domain into the metaverse, as shown below

b.      Click Close

Preparing to synchronize object attributes

Currently, we have two MAs created.  One will import data into the metaverse from the source domain, and the other will export data from the metaverse into the target domain.  Without a rules extension, MIIS is not able to actually create objects in any data source.  IIFP includes one rules extension for creating contacts in the Active Directory.  This rules extension, GALSync.DLL, is used by the Active Directory global address list (GAL) MA and is covered in an article written by Marc Grote on MSExchange.org.  Detailed information is available from Microsoft in a scenarios walkthrough file at the following link: http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4D9D-9E48-6CF0AE0C369C.  

In part 3 of this article series I will cover creating a basic rules extension that will create new user accounts in the target domain.  Without a rules extension, MIIS will only synchronize attributes on existing objects.  Therefore, we need to create objects in the target domain that have the same sAMAccountName (pre-Windows 2000 logon).  When we defined both MAs, we linked the sAMAcccountName attribute from the AD to the uid attribute in the metaverse using a join rule.  Because of this, MIIS will join any object found in the source directory to a metaverse object with a matching uid.  If an object is not found in the metaverse with a matching uid, an object will be created in the metaverse based on the projection rule added to the Source Domain MA.  When MIIS exports data from the metaverse to the target domain, the same rule is used to link a metaverse object to the correct object in the target domain.

A.    Creating accounts in the target domain

1.      Using Active Directory Users & Computers, navigate to the OU selected when the Target Domain MA was created

2.      Create a new user in this OU

a.       Enter anything for the ?Full name:? field

?         The Full name field is used for the object CN in the AD.  MIIS cannot change this attribute value without a rules extension.  Since the MAs we created are only using the sAMAccuontName to find objects, this is the only attribute value that matters.  MIIS will overwrite the values for any attribute selected in an export attribute flow, except for special attributes like CN.

?         The CN will later be updated by the rules extension created in part 3 of this article.

b.      Enter in same pre-Windows 2000 (sAMAccountName) as the source object in the source domain

?         MIIS is case sensitive, so make sure the case matches between the source user and the new user being created

c.       Click Next >

d.      Enter in a password for this new account

?         MIIS and IIFP can be used to synchronize passwords, however, this is not covered in this article series.

?         Make sure the password you entered meets your password complexity requirements.

3.      Create at least one more test user

 

Configuring IIFP to Sync User Attributes
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008