In the Configure the Management Agent dialog box, on the Connected Directory Specifics tab, on the Mode and Namespace Management tab, in the Metaverse Location box, type ou=metaverse,
Trang 1Lab A: Implementing a Central
Account Scenario Using TAMA
Objectives
After completing this lab, you will be able to:
! Create and configure TAMA resources
! Assign TAMA resources to TAMA account profiles
Prerequisites
! Before working on this lab, you must have experience creating and operating management agents
Lab Setup
To complete this lab, you need the following:
! MMS Server installed and running
! MMS Compass configured to connect to your server
! Run the C:\Moc\2062A\Labfiles\Lab8a.cmd batch file This will prepare your computer for this lab
Estimated time to complete this lab: 45 minutes
Trang 2Your company, NorthWind Traders, has decided to use MMS to centrally manage the creation and
deletion of user accounts An existing Human Resources directory will be used to create and delete all user accounts User accounts that are created and deleted in the Human Resources directory need
to be automatically created and deleted in Active Directory and Microsoft Exchange Server 5.5 as
well To accomplish this, you will use the TAMA component of MMS
1 Create a new management
agent to connect the Human
(where domain is your
assigned domain name)
• Management Agent
Mode: Reflector
• Discovery Parameters:
Humongous Insurance
a Log on as Administrator with a password of password
b On the desktop, double-click MMS Compass
c In the Login dialog box, in the Password box type server (where
server is your computer name), and then click OK
d In the Servers dialog box, click your server name, and then click OK
e On the Action pane, click Bookmarks, click Management Agents, and then click Create New Management Agent
f In the Create Management Agent dialog box, in the Name of the
Management Agent box, type HR MA
g In the Type of the Management Agent box, click Tutorial HR
(LDIF) Management Agent, and then click Create
h In the Configure the Management Agent dialog box, on the
Connected Directory Specifics tab, on the Mode and Namespace Management tab, in the Metaverse Location box, type
ou=metaverse, before the beginning of the current metaverse location
(including the comma)
i Ensure that the Management Agent Mode is set to Reflector
j On the Discovery Parameters tab, ensure that the Dataset to use is set
to Humongous Insurance
k Click OK to create the new management agent
l Leave MMS Compass open
Trang 3Exercise 2
Connecting Active Directory
In this exercise, you will create and configure a management agent for Active Directory
Scenario
Before you can use TAMA to add objects to Active Directory, you need to create and configure a
management agent for Active Directory The Active Directory management agent needs to create
enabled user accounts The logon name for each account needs to a combination of the user’s first
initial and surname, the user needs to change their password at the initial logon and the default
password needs to be set to the user’s surname
1 Create a new management
agent to connect Active
a In MMS Compass, in the directory pane, click computer_name (where
computer_name is your assigned computer name)
b In the control pane, click Create New Management Agent
c In the Create Management Agent dialog box, in the Name of the
Management Agent box, type AD MA
d In the Type of the Management Agent box, click Microsoft Active
Directory Management Agent, and then click Create
e In the Configure the Management Agent dialog box, under
Management Agent Mode, click Association
f On the Active Directory Discovery Settings tab, in the Forest to
discover box, type domain.nwtraders.msft (where domain is your
assigned domain name)
g In the Username box, type domain\administrator in the Password
box, type password
h Leave the Configure the Management Agent dialog box open
Trang 4Tasks Detailed Steps
2 Configure the Active
Directory Object Creation
Settings by using the
• User Account Creation
Settings: Enabled user
• Password Generation
Script: $sn
• User must change
password at next logon:
Enabled
a On the Active Directory Object Creation Settings tab click Account
Settings
b In the Account Settings dialog box, under User Logon Name
Construction, click First initial and surname (JSmith)
c Under User Account Creation Settings, click Enabled user, and then click Edit the account password generation script
d In the Edit the account password generation script dialog box, replace the current script with $sn and then click OK
e In the Account Settings dialog box, ensure that User must change
password at next logon is disabled
f Click OK to close the Account Settings dialog box, and then click OK
to close the Configure the Management Agent dialog box
g In the Change password dialog box, type password and then click
OK
h Leave MMS Compass open
Trang 5Exercise 3
Create an Advanced Flow Script for the HR MA
In this exercise, you will create an Advanced Flow Script for the HR MA This Advanced Flow
Script will add the msMMS-ManagedByMA attribute to metaverse namespace entries that are
created by the HR MA
Scenario
One of the business requirements your organization needs to meet with MMS is to have user
accounts created in Active Directory for each employee that is in the Human Resources database
The Active Directory management agent, by default, only creates contacts To have the Active
Directory management agent create users, you need to assign the msMMS-ManagedByMA
attribute to all entries in the metaverse namespace that are created by the HR MA Additionally, you need to assign the distinguished name of the Active Directory management agent as a value for the
msMMS-ManagedByMA attribute You will do this by creating an Advanced Flow Script for the
HR MA
1 Create an Advanced Flow
Script for the HR MA to
assign the following
attribute and value to
!msft and then click OK
How can you determine the distinguished name of a management agent?
Select the management agent, and then on the View menu, click All attributes
1 (continued) c Leave MMS Compass open
Trang 6Exercise 4
Connecting Microsoft Exchange Server 5.5
In this exercise, you will create a management agent for Microsoft Exchange Server 5.5
Scenario
Before you can use TAMA to populate Microsoft Exchange Server 5.5, you need to create a
management agent for Microsoft Exchange Server 5.5
1 Create a new management
agent to connect Active
a In MMS Compass, in the directory pane, select your server
b In the control pane, click Create New Management Agent
c In the Create Management Agent dialog box, in the Name of the
Management Agent box, type Exchange MA
d In the Type of the Management Agent box, click Microsoft
Exchange (LDAP-based) Management Agent, and then click Create
e In the Configure the Management Agent dialog box, on the
Connected Directory Specifics tab, on the Mode and Namespace Management tab, in the Metaverse Location box, type
ou=metaverse, before the current metaverse location
f In the Configure the Management Agent dialog box, under
Management Agent Mode, click Association
g Click the Discovery tab
h In the LDAP server address/name box, type computer_name
i In the LDAP TCP/IP port box, type 391
j In the Context prefix box, type ou=serversite,o=domain
k In the Login as box, type cn=administrator,cn=domain
l In the Login password box, type password
m Click Test your configuration
A message box appears indicating that your connection was successful If the message box indicates that your connection was unsuccessful, confirm that all of the above parameters were entered correctly and then test your connection again
n Click OK to close the Microsoft Metadirectory Services Flash
Message message box, and then click OK to close the Configure the Management Agent dialog box
o Leave MMS Compass open
Trang 7Exercise 5
Operating the Management Agents
In this exercise, you will operate the management agents that were created in the previous
exercises
Scenario
Now that you have created and configured the required management agents, the next step is to
operate them in order to connect your directories to MMS
1 Operate the HR MA and
populate the Metadirectory
with the organizational
structure and users from the
HR database Review the
Operator’s Log during the
process
a In MMS Compass, click HR MA, and then in the control pane, click
Operate MA
b In the Operate the Management Agent dialog box, click the
Operational Settings tab
c On the When Running the Management Agent tab, under Tasks to
Run¸ ensure that both Discover Connected Directory and Update the Metadirectory are selected
d Under Types of Objects to Process, ensure that both Process
Organizing Structure and Process Users are selected
e Click Run the Management Agent
f Review the Operator’s Log for errors, and then click OK
Did the HR MA create entries in the connector namespace and the metaverse namespace? Why or why not?
Yes Since the HR MA is running in Reflector mode, entries were created in both the connector namespace and the metaverse namespace
Were the metaverse namespace entries assigned the msMMS-ManagedByMA attribute? Why or why not?
Yes The Advanced Flow Script for the HR MA assigned the msMMS-ManagedByMA attribute to the metaverse namespace entries it created
1 (continued) g Leave MMS Compass open
Trang 8Tasks Detailed Steps
2 Operate the AD MA to
discover Active Directory
Review the Operator’s Log
during the process
a In the Directory pane, navigate to the management agents, click AD
MA, and then in the Control pane, click Operate MA
b Click Run the Management Agent
c Review the Operator’s Log for errors, and then click OK
Did the AD MA create any entries in the metaverse namespace? Why or why not?
No, the AD MA did not create entries in the metaverse namespace because it is operating in Association mode
2 (continued) d Leave MMS Compass open
3 Operate the Exchange MA
to discover Microsoft
Exchange 5.5 Review the
Operator’s Log during the
process
a In the Directory pane, click Exchange MA, and then in the Control pane, click Operate MA
b Click Run the Management Agent
c Review the Operator’s Log to ensure that the management agent completed successfully, and then click OK
Did the Exchange MA create any entries in the metaverse namespace? Why or why not?
No, the Exchange MA did not create entries in the metaverse namespace because it is operating in Association mode
3 (continued) d Leave MMS Compass open
Trang 9Exercise 6
Creating and Configuring TAMA Resources
In this exercise, you will create and configure TAMA resources
Scenario
Now that you have connected the Human Resources database, Active Directory, and Exchange
Server 5.5 to MMS, you need to create TAMA resources You will specify which management
agent is associated with which resource and also, where in the connector namespace of a particular
management agent TAMA will create connectors For the Exchange MA, all connectors need to be created directly below the Recipients container so you will create a single, flat resource For the
Active Directory MA, you will want to add the Claims, Investigations, Marketing, and Sales
organizational units, and all of the entries contained in those organizational units, to Active
Directory The entries in the MoneyDept organizational unit need to be added to an organizational
unit in Active Directory called Accounting You will create a complex resource to accomplish the
first requirement and a flat resource to accomplish the second requirement
1 Create a TAMA Resource
for Exchange by using the
c In the directory pane, right-click and then click Insert
d In the Insert Object Under dialog box, click the Custom tab
e In the Relative Name box, type Exchange Resource
f In the Object Class list, select zcTaAccountResource
g In the Distinguished Attribute box, type res Why use res as the Distinguished Attribute for TAMA Resources instead of cn?
Using res allows you to easily tell the difference between TAMA Resources and other types of objects
1 (continued) h Click Insert to create the TAMA Resource
A dialog box appears when you click Insert Notice that the dialog box does not have any text in the title bar
Trang 10Tasks Detailed Steps
2 Configure the Exchange
Resource by using the
• Leaf Objects: person
a On the Resource Information tab, in the Resource Description box, type TAMA Resource for Exchange
b Under Type of resource, ensure that Flat is selected
c Click OK to close the dialog box, and then click Cancel to close the
Insert Object Under dialog box
d In the directory pane, double-click Exchange Resource
e Click Select the MA
f In the Select the MA dialog box, click Exchange MA, drag and drop it into the Management Agent box, and then click OK to close the
Select the MA dialog box
g Click Select a location
h In the Select a location dialog box, expand Exchange MA, expand
organization (where organization is your assigned Exchange organization), expand site (where site is your assigned Exchange site),
click Recipients, drag and drop it into the Location Under MA
(Optional) box, and then click OK to close the Select a location
dialog box
i Click the Object Classes tab
j In the Leaf Objects box type person and then click OK to close the
dialog box
3 Create a TAMA Resource
for Active Directory by
using the following
• Relative Name: Flat Active Directory Resource
• Object Class: zcTaAccountResource
• Distinguished Attribute: res
Trang 11Tasks Detailed Steps
4 Configure the Flat Active
Directory Resource by using
the following parameters:
• Resource Description:
Flat TAMA Resource
for Active Directory
• Management Agent: AD
MA
• Location Under MA
(Optional): Accounting
• Leaf Objects: person
b On the Resource Information tab, in the Resource Description box, type Flat TAMA Resource for Active Directory
a Under Type of resource, ensure that Flat is selected
b Click OK to close the dialog box, and then click Cancel to close the
Insert Object Under dialog box
c In the directory pane, double-click Flat Active Directory Resource
d Click Select the MA
e In the Select the MA dialog box, click AD MA, drag and drop it into the Management Agent box, and then click OK to close the Select the
MA dialog box
f Click Select a location
g In the Select a location dialog box, expand AD MA, expand
domain.nwtraders.msft, click accounting, drag and drop it into the
Location Under MA (Optional) box, and then click OK to close the Select a location dialog box
h Click the Object Classes tab
i In the Leaf Objects box, type person and then click OK to close the
dialog box
5 Create a second TAMA
Resource for Active
Directory by using the
• Relative Name: Complex Active Directory Resource
• Object Class: zcTaAccountResource
• Distinguished Attribute: res