Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Configuring IIFP to Sync User Attributes
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7

Synchronize attributes between the metaverse and the target domain

Now that the metaverse has been populated with the objects in the source domain and placeholder objects have been created in the target domain, we are ready to synchronize data.  Using the steps below, we will run the Target Domain MA to first populate the metaverse with the newly created users in the target domain.  This is required so that MIIS can join the objects in the target domain to the objects in the metaverse.  Once the objects are joined in MIIS, attributes of those objects can be synchronized from the source domain to the metaverse and then from the metaverse to the target domain.  In the last part of this article, we will use a rules extension to create the objects in the target domain.  The user objects will not need to be created first.

A.    Populating the metaverse with the target domain data

1.      In the Identity Manager console, click the Management Agents button

2.      Click the ?Target Domain? MA and click Run under actions

3.      Select Setup Metaverse and click OK

5.      You should notice the State will go from Idle to Running and then back to Idle after a few moments

6.      In the lower left hand section of the page you should now see statistics on the steps that were run, click Step 1

7.      Click on Adds or the number

a.       This will bring up the list of objects, their parent object (OU), and domain they exist in

b.      Click Close

B.     Reviewing the joining of the source and target domain objects

?         Now that the target domain placeholder users have been imported into the metaverse, they should be linked to the objects in the metaverse that have the same uid as their sAMAccountName.  Using the steps below you can view the connector objects from both the source and target domain that are linked to the object in the metaverse.

1.      Click the Metaverse Search button

2.      Click Search

3.      Click on of the users that you created in the target domain with the same sAMAccountName as a user in the source domain and choose Properties under actions

4.      Click the Connectors tab

a.       On this screen we can see that the user object from both the source and target domain are linked to ?Jack Bauer? in the metaverse, click Close

?         Note the ?Join Method? above.  The source domain has ?projection-rules? because the MA has a projection rule which told MIIS to create an object in the metaverse if one does not already exist with a uid that matches the sAMAccountName of the connector object being processed.  The MA for the target domain shows ?join-rule? because it only has a rule that says to look for existing objects in the metaverse.

C.     Synchronizing attributes from the metaverse to the target domain

1.      Click the Management Agents button

2.      Select the ?Target Domain? MA and click Run under actions

3.      Select Export to AD and click OK

4.      In the lower left hand section of the page you should now see statistics on the steps that were run, click Step 2

5.      Click on Updates or the number

a.       This will bring up the list of objects that were updated

b.      Click Close

D.    Reviewing the updated objects

1.      Open ADU&C for the target domain and navigate to the OU where the placeholder objects were created manually

2.      Open one of the objects

a.       You see attributes populated that were left blank when the user object was created

?         The CN or Full Name, in the example above ?Test456? is not changed by MIIS.  In order to change the CN of an object, you must use a rules extension for the AD.

Conclusion

Using the steps above, a Management Agent was created that will import objects, and their attributes, from the selected OU in the source domain to the metaverse.  The second MA then exports attribute values from the metaverse to the users in the target domain who have the same sAMAccountName as users in the source domain.  This allows for the synchronization of basic attributes of multiple user accounts between multiple domains without writing any code.

The next part of this article series will go over the code required to actually create objects in the target domain.

Configuring IIFP to Sync User Attributes
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008