Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Creating a Rules Extension
Page 1 | Page 2 | Page 3 | Page 4

Suggested Changes

A.     Synchronize userAccountControl

1.      Add a ?userAccountControl? attribute to the metaverse of type number

2.      Add an attribute flow for userAccountControl to import the value from the Source Domain MA

3.      Add an attribute flow for userAccountControl to export the value to the Target Domain MA

4.      Comment out the line that sets the userAccountControl value in MVExtension.vb

5.      Recompile MVExtension.dll

6.      Run the Refresh Metaverse profile on the Source Domain MA

7.      Run the Export to AD profile on the Target Domain MA

B.     Add logic to the code to handle conflicts if a user with the same RDN, CN, exists in the target container

1.      Edit the code in MVExtension to check for existence

2.      Change the CN of the new object to be unique in the code if a conflicting one exist

3.      Recompile MVExtension.dll

C.     Add logic to the code to create objects in a different OU based on certain attributes

1.      Set the value of ParentContainer based on an attribute, such as department

?        The container must exist.

2.      Recompile MVExtension.dll

D.     Add additional fields to be synchronized based on your needs

1.      Add and configure attribute flow to the Source Domain MA

?        Attribute flow should be set to Import

2.      Add and configure attribute flow to the Target Domain MA

?        Attribute flow should be set to Export

3.      Run MAs

E.      Add logic to the code to delete or move objects in the target domain when they are deleted or disabled in the source domain

F.      Change flow to be bi-directional

1.      Update attribute flow to control which attributes should flow to and from the metaverse

2.      Update MVExtension.dll to handle creating objects in the source domain

G.     Create a file based MA to pull configuration settings into the metaverse

1.      Store the target OU paths in this file

2.      Change MVExtension.dll to get the target OU value from the metaverse instead of storing it in the code, which requires a recompiling if its changes

Conclusion

Using the steps above, the basic process of creating a VB.NET based rules extension was covered.? This article only provides the very minimum steps needed to get IIFP or MIIS to create objects in the AD.? It is very common, and required in most environments, that a rules extension is also used when trying to join and project objects into the metaverse.? When dealing with other directories and data sources, attributes are not always formatted in the same way.? For example, the CN attribute in Novell NDS is multi-valued where in the AD it is singled valued.? Therefore, you need a rules extension to determine which value in Novell should be used when talking to the AD.

The best place to get started with MIIS is to read though the documents that outline different scenarios in http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4D9D-9E48-6CF0AE0C369C&displaylang=en.

MIIS 2003 Planning, Deploying, and Administering:

http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/default.mspx

 

MIIS 2003 Virtual Labs:

http://www.microsoft.com/technet/traincert/virtuallab/miis.mspx

 

MIIS and Identity Management Solution Accelerator:

http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx?mfr=true

 

Creating a Rules Extension
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008