Establishing and Populating an Organizing Structure in the Metaverse Namespace 9 Monitoring the Management Agent Process 11 Lab A: Creating and Configuring a Configuring Management Ag
Trang 1Establishing and Populating an Organizing
Structure in the Metaverse Namespace 9
Monitoring the Management Agent Process 11
Lab A: Creating and Configuring a
Configuring Management Agent Modes 13
Scheduling Management Agent Operation 15
Lab B: Configuring Management Agent
Modes and Scheduling Management
Review 19
Module 3: Configuring Management Agents to Manage Directory
Entries
Trang 2to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property
2000 Microsoft Corporation All rights reserved
Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product
names or titles The publications specialist replaces this example list with the list of trademarks provided by the copy editor Microsoft is listed first, followed by all other Microsoft trademarks
in alphabetical order > are either registered trademarks or trademarks of Microsoft Corporation
in the U.S.A and/or other countries
<The publications specialist inserts mention of specific, contractually obligated to, third-party trademarks, provided by the copy editor>
Other product and company names mentioned herein may be the trademarks of their respective owners
Trang 3Overview
! Introduction to MA Functionality
! Creating MAs and Connecting to an External Directory
! Establishing and Populating an Organizing Structure in the Metaverse Namespace
! Best Practices
Management agents manage the relationship between a connected directory and
the metadirectory at both the directory entry level and the attribute level
However, management agent configuration is different for managing directory entries than it is for managing the attribute values of those entries
Managing attribute values is covered in module 4, Managing Attribute
Values Using Joins and Attribute Flow Rules, in course 2062A, Implementing
Microsoft Metadirectory Services 2.2
Understanding the purpose of management agents and how to configure them to manage directory entries is key to implementing a Microsoft Metadirectory Services (MMS) version 2.2 solution
After completing this module, you will be able to:
! Describe management agent functionality
! Explain the phases in the management agent update cycle
! Create a management agent and configure the connection to an external directory
! Establish and populate an organizing structure in the metaverse namespace
! Monitor the management agent process by using the Operator’s log
! Manage entries by configuring management agent modes
! Schedule the operation of a management agent
! Describe best practices for using management agents
Trang 4Introduction to Management Agent Functionality
Metadirectory
Connector Namespace
Connector Namespace
Connector Namespace
Connector Namespace
Metaverse Namespace
Metaverse Namespace
Management Agent 1
Management Agent 2
Connector
JamesS Title Employee # Salary
JamesS Title Employee # Salary
JamesSmith E-mail Address Title
JamesSmith E-mail Address Title
James Smith Title Employee # E-mail Address
James Smith Title Employee # E-mail Address
Connector
JamesS Title Employee #
JamesS Title Employee #
MA 1
MA 2
JamesSmith E-mail Address Title
JamesSmith E-mail Address Title
HR Database
Exchange
A management agent is responsible for importing information from a specific connected directory into the metadirectory In addition, a management agent keeps the information in the connected directory and the metadirectory synchronized Each management agent can also export metadirectory information to its connected directory, which enables the different connected directories to remain synchronized
When a management agent imports and integrates information into the metadirectory, the process occurs in two stages:
1 The management agent imports information from its associated connected directory into the connector namespace MMS allocates a specific portion of the connector namespace to each management agent
2 The management agent copies information from its portion of the connector namespace to the metaverse namespace During this process, the
management agent either updates an existing entry in the metaverse namespace, or if no related entry exists, it creates one
Generally, an entry in the connector namespace presents only selected aspects
of an object In the illustration, the entry imported from the HR Database
between a specific external
information repository, and
specific connected directory
and the metadirectory
Trang 5Overview of the Management Agent Update Cycle
Discovery
Synchronization
Connected Directory
Connected Directory
Metadirectory
Update
Import File(s)
Import File(s)
Create File(s)
Create File(s) Export File
Export File
Update
Metaverse Namespace
Metaverse Namespace
MA’s Connector Namespace
MA’s Connector Namespace
The management agent update cycle is composed of multiple phases, and you can configure a management agent to perform any or all of these phases, depending on your entry management requirements For example, you can configure a management agent to perform only phases to shorten the time required for a management agent to complete an operation
The management agent update cycle consists of the following phases:
1 Discovery phase The management agent, based upon its configuration,
extracts information about objects in the connected directory into one or more import files
2 Update phase The management agent reads the import file(s) and creates or
updates entries in the connector namespace and the metaverse namespace The management agent then determines what information, such as new entries or changed attributes, needs to be sent back to the connected directory, and places this information into create and export files
3 Synchronization phase The management agent updates the connected
directory with the information from the create and export files
Topic Objective
To identify the phases in the
management agent update
cycle
Lead-in
When you operate a
management agent, it
performs a full or partial
update cycle, depending on
its configuration and the
options chosen
Trang 6# Creating Management Agents and Connecting to an External Directory
! Configuring the Connection to an External Directory
Creating a management agent involves creating an instance of one of the predefined management agents Predefined management agents contain the capabilities to integrate a specific type of external directory, for example a cc: Mail directory, with the metadirectory You then associate the newly created management agent with an actual connected directory by adding configuration information specifying the location and access requirements of the connected directory Understanding how to create and connect a management agent to an external directory is essential to implementing MMS
Topic Objective
To introduce the topics
associated with creating
management agents and
connecting to an external
directory
Lead-in
Creating a management
agent involves creating an
instance of one of the
predefined management
agents
Trang 7Overview of Predefined Management Agents
Novell NDS (LDAP)
Novell
VINES Lotus cc: Mail
Lotus NOTES
Active Directory Exchange
(LDAP)
Exchange (MAPI)
Windows NT
Netscape LDAP
Novell Group- Wise
Microsoft Metadirectory Services
! Predefined Management Agents also include:
• Microsoft Active Directory • Novell NDS (LDAP-based)
• Microsoft Exchange (LDAP-based) • Novell Netware
• Microsoft Exchange (MAPI based)
MMS includes three additional predefined management agents, each of which has a specific function:
! Generic The Generic management agent is a starting point to build your
own management agent
! Report The Report management agent is used for creating flat file reports
! Together Administration The Together Administration management agent
(TAMA) works in conjunction with the other management agents to provide full enterprise provisioning and object management
MMS also includes four predefined management agents that are associated with the tutorial included with the product
specific type of connected
directory with the
metadirectory
Note
Trang 8Creating a Management Agent
Administrator via Vancouver – MMS Compass
File Edit Configure Options View Help
Bookmarks Actions
Properties Create New Management Agent Administration
Access Control
The Known Universe The Known Universe vancouverdom nwtraders msft Servers ADMIN FRS BASIC FRS
Vancouver
Directory Methods Server Methods Together Administrators Directory Administrators
Create Management Agent
Name the Management Agent:
Type of the Management Agent:
Create Cancel
Banyan VINES Management Agent
Generic Management Agent Lotus cc:Mail Management Agent Lotus NOTES Management Agent
When you create a management agent, you must specify which predefined management agent you want use as the basis for that management agent
To create a management agent, perform the following steps:
1 In the directory pane of MMS Compass, navigate to and click on the entry for the MMS server
2 In the control pane, click Create New Management Agent
3 In the Create Management Agent dialog box, in the Name of the Management Agent box, type a name for the management agent
4 In the Type of the Management Agent list, select the predefined
management agent associated with your external directory
5 In the Create Management Agent dialog box, click Create to create the
new management agent under the entry for the MMS server
The Configure the Management Agent dialog box appears, prompting you
for information regarding the connection to the external directory
Topic Objective
To identify how to create a
management agent
Lead-in
When you create a
management agent, you
must specify which of the
predefined management
agents in MMS you want
use as the basis for that
management agent
Delivery Tip
Demonstrate how to create
an instance of the Exchange
(LDAP) management agent
Trang 9Configuring the Connection to an External Directory
External Directory
External Directory
Server Name Protocol Authentication
Server Name Protocol Authentication
Metadirectory Management Management Agent Agent
Configure the Management Agent
Connected Directory Specifics Metadirectory Relationships Personal Names Inclusions and Exclusions
Attributes to Discover Mailbox Creation
Custom Recipients Display Names
Advanced Discovery Mode and Namespace Management LDAP server
Test you configuration
LDAP Discovery Parameters LDAP Server Address/Name
Enter the Server IP address
or name that the management agent accesses
to import or export Exchange directory entries The LDAP server address is the IP address or name of the server.
After you create a management agent, you need to associate it with an actual external directory To accomplish this, you must configure the management agent with the location and access requirements of the directory Depending on the type of management agent that you create, these parameters might include server name, IP address, protocol, authentication, or port number
The connection configuration parameters required for each predefined management agent vary depending on the functionality of the external directory For example, the following table describes the parameters that you configure to connect the Microsoft Exchange (LDAP-based) management agent
Parameter Description
LDAP Server Address/Name
The Internet Protocol (IP) address or host name of the server that the management agent accesses to import or export Exchange directory entries
LDAP TCP/IP Port The LDAP Transmission Control Protocol/Internet Protocol
(TCP/IP) port number The default value is 389
Context prefix The distinguished name of the node in the Exchange Directory
tree where you want to start the discovery To discover the entire tree, do not specify a context prefix
Login as The user account that the management agent uses to log on to
the Exchange Server The management agent must log on as an Exchange administrator to modify or create Exchange Server directory entries
Login password The password associated with the user account the management
agent uses to log on to the Exchange server
After you create a
management agent, you
need to associate it with an
actual external directory
Delivery Tip
Continue the previous
demonstration by
configuring the connection
to the Exchange (LDAP)
directory
Point out that the arrow in
the illustration indicates that
the management agent is
initiating the connection to
the external directory
Trang 10However, connecting a management agent to a Lotus NOTES directory requires different parameters The following table describes the parameters that you configure to connect the Lotus NOTES management agent
Parameter Description
Notes Registration Server Name
The distinguished name of the Notes server, in either X.500 or Notes format
Administrator Password
The password referenced in the KeyFileName entry in the local Notes.ini file
Main Address Book Domain
The Address Book domain name, if it is not the same as the Address Book name
For detailed information on connecting to the specific directories supported by MMS, see appendix A, “Connecting to External Directories”, in
course 2062A, Implementing Microsoft Metadirectory Services 2.2
To configure a management agent’s connection to an external directory, perform the following steps:
1 In the directory pane of MMS Compass, select the entry for the management agent that you want to configure
2 In the control pane, click Configure MA
3 In the Configure the Management Agent dialog box, on the Connected Directory Specifics tab, specify values for the required connection
parameters
After you complete the configuration of the connection to the external directory, the management agent is ready for operation
Note
Trang 11Establishing and Populating an Organizing Structure in the Metaverse Namespace
North America Accounting User1 User2 Sales User3 User4 Human Recourses User5 User6
North America Accounting User1 User2 Sales User3 User4 Human Recourses User5 User6
Entries
North America Money Dept Sales Employees
North America Money Dept Sales Employees
North America Accounting Sales Human Resources
North America Accounting Sales Human Resources
Organizing Structure
Add, Delete, Rename Entries
Add, Delete, Rename Entries
North America Money Dept User1 User2 Sales User3 User4 Employees User5 User6
North America Money Dept User1 User2 Sales User3 User4 Employees User5 User6
MV CD
1 Import the Organizing Structure
2 Shape the Organizing Structure
3 Import Entries into the Organizing Structure
Because most connected directories have some type of hierarchical organization, a management agent provides for multilevel operation That is, you can configure the management agent to import entries (for example, post offices, groups, organizational units) representing the higher-level organizing structure before importing the lower level entries (mail boxes, users)
This multilevel operation is especially important when you first populate the metadirectory with information from a connected directory At this point, you can design the organizing structure to accommodate information from all of the external data stores that you plan to integrate into the metadirectory
If your first connected directory does not contain the entire organizing structure for the enterprise, you can either create additional entries in the metaverse namespace to accommodate enterprise data or you can shape the organizing structure of connected directories as you integrate them into the metaverse namespace
When you first populate the metadirectory with information from a connected directory, it is recommended that you:
1 Import into the metaverse namespace the entries that represent the organizing structure of the connected directory
2 Shape the organizing structure in the metaverse namespace You can add, delete, and rename entries, as needed, to accommodate the hierarchy and data from other connected directories that you plan to integrate with MMS
3 Import the lower-level entries from the connected directory into the organizing structure that you have established in the metaverse namespace
import entries that represent
the organizing structure,
such as post offices or,
groups) before it imports the
lower level entries
Trang 12Importing the Organizing Structure
To import the organizing structure of a connected directory, perform the following steps:
1 In the control pane of MMS Compass, click Bookmarks, and then click Management Agents
2 In the directory pane, click the entry for the management agent, and then in
the control pane, click Operate the Management Agent
3 In the Operate the Management Agent dialog box, on the Operational Settings tab, on the When Running Management Agent tab, under Tasks
to Run, verify that the Discover Connected Directory and Update the Metadirectory check boxes are selected
4 Under Types of Objects, select only the Process Organization Structure
check box
To preview the results of operating a management agent, under Test Metadirectory updates, select the Log synchronization details without updating the metadirectory check box When the option is selected, all the
selected tasks are executed, but the metadirectory contents are not actually modified Instead, a log is produced that shows the changes that will occur when you operate the management agent
5 In the Operate Management Agent dialog box, click Run the Management Agent to perform the import process
Shaping the Organizing Structure
After you import the organizing structure, you can shape the directory tree in the metaverse namespace by deleting, renaming, or adding entries These actions are performed only on the metaverse namespace portion of the tree, which shows an enterprise view of the corporate environment The connector namespace continues to represent the structure of the connected directory
Deleting entries in the metaverse namespace immediately removes them from the metaverse namespace, but leaves the corresponding entries intact in the connector namespace; however, it leaves them intact as disconnectors, rather than connectors When you operate the management agent again, the management agent recognizes disconnectors in the connector namespace, and will not add entries to the metaverse namespace
Note
Note