Tài liệu Module 4: Managing Attribute Values Using Joins and Attribute Flow Rules pdf

Introduction to Managing Attribute Values Metadirectory #Configure joins to link entries in the connector namespace and metaverse.. Linking Entries Using MMS Account Joiner If the connec

Contents

Overview 3

Review 23

Module 4: Managing Attribute Values Using Joins and Attribute Flow Rules

Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product

names or titles Replace this example list with list of trademarks provided by copy editor Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

<This is where mention of specific, contractually obligated to, third party trademarks, which are added by the Copy Editor>

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Overview

! What are Attributes and Attribute Values?

! Introduction to Managing Attribute Values

! Linking Entries by Configuring Joins

! Establishing Attribute Flow Rules

Managing entries is covered in module 3, “Configuring Management

Agents to Manage Directory Entries”, in course 2062A, Implementing

Microsoft Metadirectory Services 2.2

Understanding how to manage attribute values by using joins and attribute flow rules is important in configuring a fully functional Microsoft® Metadirectory Services version 2.2 (MMS) implementation

At the end of this module, you will be able to:

! Explain the difference between attributes and attribute values

! Describe how joins and attribute flow rules work together to manage the flow of attribute values

! Link entries in the connector namespace to entries in the metaverse namespace by configuring joins

! Define which data store is authoritative for an attribute value by establishing attribute flow rules

! Describe best practices for implementing joins and attribute flow rules to manage attribute values

In this module, you will learn

about managing attribute

values by configuring joins

and establishing attribute

flow rules

Note

What Are Attributes and Attribute Values?

Attribute Attribute Value

Employee Number 555-55-5555

Telephone Number 555-1212

E-mail Address Jasmith@nwtraders.msft

Children’s Names Penelope

Entry: James Smith

Olivia Multi-Valued

Multi-Valued

Single-Valued Single-Valued

A directory entry consists of a number of attributes and the values of those

attributes that relate to the specific object represented by the entry An attribute

is a space allocated for a particular item of information that is associated with

an entry For example, an entry representing a person may include attributes for surname, employee number, and e-mail address

An attribute value is the data associated with a particular instance of an

attribute In the previous example, the attributes identified might be assigned values of Smith, 555-55-5555, and jasmith@nwtraders.msft

Attributes can be either single or multi-valued Surname, for instance, is a single-valued attribute, while an attribute such as Children’s Names would be defined as multi-valued, so that you could add multiple values without overwriting the existing ones

The MMS schema contains definitions of many common attributes Some are already defined in the X.500 standard, while others are product-specific, defined explicitly for use in MMS

Topic Objective

To describe the differences

between attributes and

attribute values

Lead-in

An attribute is a space

allocated for a particular

item of information that is

associated with an entry,

while an attribute value is

the data associated with a

particular instance of an

attribute

Introduction to Managing Attribute Values

Metadirectory

#Configure joins to link entries in the connector namespace and metaverse.

#Establish attribute flow rules to determine which data store is authoritative.

Metaverse Namespace

Metaverse Namespace

James Smith Title Employee # E-mail Address

James Smith Title Employee # E-mail Address

Connector Namespace

Connector Namespace

Connector

Jamessmith Title Employee #

Jamessmith Title Employee # Join

Connector Namespace

Connector Namespace

Connector

Jasmith Title E-mail Address

Jasmith Title E-mail Address

Join

James Smith Title Employee # E-mail Address

James Smith

Title

Employee # E-mail Address

When a management agent operating in Reflector mode creates a new entry in the metaverse namespace, a join is automatically established between the entry in the connector namespace and the entry in the metaverse namespace

Establishing Attribute Flow Rules

After you have configured the necessary joins, you can establish attribute flow

rules to define the flow of attribute values between data stores For example, if

two connected directories, Human Resources Database and Exchange, each contain a Title attribute for an entry, you might specify that an attribute value in the Human Resources Database will update the corresponding value in the metaverse namespace In addition, you can specify that changes to the attribute value in the Human Resources Database will update the corresponding value in the metaverse namespace, and the value in the metaverse namespace would update the value for the corresponding entry in Exchange

joins and establishing

attribute flow rules

For Your Information

While it is recommended to

specify one data store as

authoritative for a particular

attribute, you can establish

attribute flow rules that allow

multiple connected

directories to update the

same attribute in the

metaverse namespace

Note

$ Linking Entries by Configuring Joins

! Overview of Joins

! Linking Entries Manually

! Linking Entries by Performing a Server-Based Join

! Linking Entries Using MMS Account Joiner

If the connector namespace contains entries from two or more connected directories, and those entries relate to a single entry in the metaverse namespace, you can configure joins to link the entries in the connector namespace to the single entry in the metaverse namespace When performing joins, you can link entries manually, one entry at a time In addition, you can configure a management agent to perform a server-based join, which links multiple entries at the same time Finally, you can perform joins interactively

by using MMS Account Joiner Understanding how to link entries by using joins is fundamental to managing attribute values in MMS

Topic Objective

To identify important topics

related to linking entries by

using joins

Lead-in

If the connector namespace

contains entries from two or

more connected directories,

and those entries relate to a

single entry in the

metaverse namespace, you

can configure joins to link

the entries in the connector

namespace to the entry in

the metaverse namespace

Overview of Joins

Metadirectory

Connector Namespace

Connector Namespace

Metaverse

JaSmith E-mail Address Title

JaSmith E-mail Address Title

James Smith Title Employee # E-mail Address

James Smith Title Employee # E-mail Address

Connector Namespace

Connector Namespace

JamesS Title Employee #

JamesS Title Employee #

Connector Namespace

Connector Namespace

Jamessmith Division Department

Jamessmith Division Department

Join

Join Disconnector Connector

Connector

A join is the relationship between entries in a management agent’s connector

namespace and an integrated entry in the metaverse namespace Entries in the connector namespace are either joined to entries in the metaverse namespace or they are not When an entry in the connector namespace is joined to an entry in the metaverse namespace, links are established between them Essentially, these two entries represent the same object An entry in the connector namespace that

is joined to an entry in the metaverse namespace is referred to as a connector

To determine which connectors are associated with an entry in the metaverse namespace, select the metaverse namespace entry in the directory

pane of MMS Compass, click Administration in the control pane, and then display the Joined To tab in the Entry Administration dialog box

An entry in the connector namespace that is not joined to an entry in the metaverse namespace is referred to as a disconnector No links exist because the management agent has not yet determined exactly to which entry in the

metaverse namespace (if any) the disconnector corresponds

The attribute values associated with a disconnector will not be included

in the metaverse namespace until the disconnector is joined to an entry in the metaverse namespace

namespace entries and their

corresponding entries in the

metaverse namespace

Note

Note

Linking Entries Manually

Select an entry and copy and paste, or drag and drop it to the desired location

Bookmarks Actions

Properties Administration Access Control

The Known Universe The Known Universe

vancouverdom nwtraders msft

Claims

Adri Duhem

Servers Context Security Search

OK Selected: 1

Connector

Metaverse Name…

Import Child Entries Connected Directory

Entry Name

Exclude from JOIN

Thu Jul 20 15:26:19 2000 cn=Adri Duhem,ou=Claims,dc=vancouverdom,dc=nwtraders,dc=msft

You can configure a join manually through the MMS Compass interface to create a link between an entry in the connector namespace and an entry in the metaverse namespace Configuring a join manually can be useful if you need to configure joins for selected entries among a larger group of entries

To link entries manually, perform the following steps:

1 In the control pane of MMS Compass, navigate to the connector namespace entry that you want to link, and then double-click the entry

2 In the Connector dialog box, click …

3 In the … dialog box, under The Known Universe, navigate to the

metadirectory entry to which you want to link, and then drag-and-drop the

entry into the box near the top of the Connector dialog box

The distinguished name of the entry in the metaverse namespace appears in the box

4 In the Connector dialog box, click Connected, and then click OK

You must refresh the MMS Compass interface to view the change in status of the connector namespace entry

Topic Objective

To identify the process for

manually linking entries in

the connector namespace to

entries in the metaverse

namespace

Lead-in

You can configure joins

through the MMS Compass

interface to link entries

one-at-a-time

Note

Linking Entries by Performing a Server-Based Join

Administrator via Vancouver – MMS Compass

File Edit Configure Options View Help

Bookmarks Actions

Properties Operate MA

Administration Access Control

Update Management Agent Design MA

Join Configure MA Attribute Flow Schedule

The Known Universe The Known Universe vancouverdom nwtraders msft

Test the Join Perform the Join OK Cancel

condition 1

$cd.empld = $mv.empld condition 2

$cn.sn = $mv.sn

$cd.telephoneNumber = $mv telephoneNumber Join using these inclusion rules…

Limit joins to this search base…

Join Criteria

The Join link connector entries to corresponding metaverse entries based

on the criteria you specify

in this form It is the same configuration form presented by the Join Action but only allows configuration , not execution To perform the join on an entire connector space you normally use the Join Action, but, when

the Attempt to join option

is chosen, a management agent can also use the join search criteria on an entry-

Join Criteria

Join Criteria

Inclusion Rules

Inclusion Rules

Configuration Options

Configuration Options

Test the Join

You can use a server-based join to link multiple entries at the same time When you perform a server-based join, the management agent uses join criteria to match entries in the connector namespace to their corresponding entries in the

metaverse namespace You configure a server-based join on the Configure the Join tab of the Server-Based Join dialog box for a management agent To display the Server-Based Join dialog box, in the directory pane of MMS

Compass, navigate to and select the entry for a specific management agent, and

then in the control pane, click Join

Establishing Join Criteria

The first step in performing a server-based join is to define which attribute or attributes in the connected directory to search for in the metaverse namespace, and the order in which to search for them You specify join criteria in the

Search using these attributes box

When you establish join criteria, you can use any of the attributes in the connected directory as search attributes MMS initiates a separate search for the value of each item in the search attributes list, in the order in which they appear

It is recommended that you order the list of attributes so that the most likely and most authoritative potential matches are listed first

After each search, the management agent checks the results against the join

inclusion rules, which determine which, if any, of the possible joins the

management agent should accept If a search result passes the inclusion rules, the management agent joins the entry in the connector namespace to the corresponding entry in the metaverse namespace

Topic Objective

To identify the process for

linking entries by performing

a server-based join

Lead-in

You can use a server-based

join to link multiple entries at

the same time

Key Point

Join criteria are used to

match entries in the

connected directory to

entries in the metaverse

namespace You can refine

Defining Join Inclusion Rules

Before you perform a server-based join, you can define join inclusion rules to specify criteria that a management agent can use to identify in what cases to

perform a join You define join inclusion rules in the Join using these inclusion rules box

If you do not define inclusion rules, all entries matched during the search are joined

The join inclusion rules are applied in the order listed Therefore, as with attributes you specify as join criteria, it is recommended that your join inclusion rules be ordered so that the most likely and most authoritative potential matches are listed first

Join inclusion rules consist of a series of conditions, each containing one or more conditional statements that are expressed in the template language in MMS The following is an example of a join inclusion rule:

condition 1

$cd.empid = $mv.empid condition 2

$cd.sn = $mv.sn

$cd.telephoneNumber = $mv.telephoneNumber

In this example, condition 1 indicates that a join will be made if the value of the Employee ID attribute (empid) in the connected directory ($cd) matches the value of the Employee ID attribute in the metaverse namespace ($mv)

Condition 2 indicates that a join will be made if the value of the Surname attribute (sn) in the connected directory matches the value of the Surname attribute in the metaverse namespace, and if the value of the Telephone Number attribute (telephoneNumber) in the connected directory matches the

corresponding attribute value in the metaverse namespace

There is an implicit AND between each statement within a condition group, and there is an implicit OR between each condition group The condition numbers are for identification purposes only, and do not affect the order in which the inclusion rules are processed

The template language is discussed in more detail in module 5,

“Modifying and Creating Templates”, in course 2062A, Implementing

Microsoft Metadirectory Services 2.2

Note

Note

Specifying Additional Configuration Information

In addition to establishing join criteria and defining join inclusion rules, you can also specify additional configuration information for a server-based join

These configuration options are available under Join Configuration

Attempting To Join

You can specify that the management agent use the join inclusion rules to attempt to match new entries that the management agent creates in the connector namespace to existing entries in the metaverse namespace If there is

a match, the entry in the connector namespace is immediately joined to the existing entry in the metaverse namespace If there is no match, a management agent operating in Reflector mode creates a new entry in the metaverse namespace and joins the connector to it If the management agent is operating

in Association mode, it makes the connector a disconnector

It is recommended that you always use the default configuration, which specifies to attempt to join

Limiting Joins to a Specific Portion of the Metaverse Namespace

Because there might be a large number of searches involved, you can greatly improve performance of the join process by limiting searches to the relevant parts of the metaverse namespace If you want to begin a search of the metaverse namespace at a location other than the root, you can type in the distinguished name of the search base you want to use or you browse the directory tree to select a starting point

Performing Attribute Flow During the Join

A basic join only links entries in the connector namespace and entries in the metaverse namespace, but does not modify them (except for adding the links) Attribute information is changed only during subsequent directory

synchronization operations However, you can configure a join to modify attributes immediately, according to the existing attribute flow rules

Testing the Join

As with management agent updates, you can test a join to produce a detailed log without actually updating any metadirectory entries If the log shows too many unmatched entries, you then have an opportunity to refine your join strategy

Note

Linking Entries Using MMS Account Joiner

Microsoft Account Joiner – Administrator MMS vancouver

File View Configure Help

Gedman Globe

Graffis

Grebner Guirguis Gutcher June Kotval

Andy Adriana

Deidre

Aamir Angelle Candice Ardith Augusto

dgraffis

agrebner aguirguis cgutcher ajune akotval Predefined Queries:

Account ID First and Last Last Name

Search

2 records

Disconnector

Queries Action Buttons

Results

Disconnector

MMS Account Joiner is a stand-alone metadirectory client that you use to match and join disconnector entries with entries in the metaverse namespace After performing a server-based join, use MMS Account Joiner to attempt to join any remaining disconnector entries

As with MMS Compass, when you run MMS Account Joiner, you must first log on to MMS Server

MMS Account Joiner displays disconnectors grouped by management agent, and allows you to compare them to likely matches among entries in the metaverse namespace You can use this process to join an individual pair of entries or to develop join criteria for use in a server-based join

Exploring the MMS Account Joiner Interface

The MMS Account Joiner user interface consists of two horizontal panes The upper pane contains a tab for each management agent, and each tab lists the disconnectors associated with that management agent

The lower pane of the user interface lists entries in the metaverse namespace that are possible matches for the disconnectors associated with the management agent The management agent identifies these potential matches based on the predefined selection criteria that you specify for that management agent You

Topic Objective

To identify the process for

linking entries by using

MMS Account Joiner

Lead-in

MMS Account Joiner is a

stand-alone metadirectory

client that you use to match

disconnector entries with

entries in the metaverse

namespace and join them

Delivery Tip

Use the illustration to point

out the various components

of the MMS Account Joiner

interface

Note