Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site
Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
  Disaster Recovery (Backup/Restore)
Implementing User Entitlements with MIIS

Page 1 | Page 2 | Page 3

 

The first solution that most Microsoft-based solution architects think of when implementing an asynchronous process is the incorporation of MSMQ.  If you are unfamiliar with MSMQ (message queuing), it provides the capability for a program executing inside of MIIS to call a procedure (to perform a specific task) and have it run at a different time or even on a different computer.  This allows MIIS to continue doing what it is doing without worrying about how long the task will take to perform or even if the server has connectivity to perform the task.  This is a very viable solution, but may be difficult to setup and maintain.  In addition, getting the proper information to the target of the message (the program actually performing the task) can be a challenge without writing data to some centralized location such as a SQL Server database.

 

Now we finally get to the solution.  Instead of having MIIS perform tasks directory or sending messages to MSMQ, I propose the use of custom Windows Services to perform user entitlements.  Once again, allow me to use the home directory provisioning example to illustrate.  You can have a custom Home Directory Windows Service running on multiple file servers performing only the tasks that pertain to their server.  In addition, because it is running asynchronously from MIIS, it can automatically deal with such issues as network connectivity, AD replication and error recovery.  Error recovery is important because if something happens, such as having the network go down while moving a home directory, the windows service can be made smart enough to continue where it left off when the network comes back online.  This keeps MIIS running smoothly and makes system administrators happy because they don’t have to fix anything manually.  The beauty of it all is that MIIS can still orchestrate and even react when the tasks have been completed.

 

How does it work?  You can implement a simple SQL Server management agent that exports a subset of the MIIS MetaVerse out to a SQL Server table.  The table is populated with an exact replica of only those objects and attributes in the MetaVerse that you want to deal with (using provisioning logic).  You can then have one or more Windows Services running that monitors that table for changes.  For example, you could export out the UID and homeDirectory to a table, and have the Windows Service maintain another copy of the table with the data that it last utilized during execution.  The Windows Service can now not only determine when the MIIS data has changed, but it can also perform deltas and know exactly how the data has changed.

 

Page 1 | Page 2 | Page 3
Implementing User Entitlements with MIIS