Configuring Data Imports
With MIIS installed and running, you can create and configure management agents, which are responsible for connecting directories to MIIS. Although the power and flexibility of the management agents might make them appear daunting, the underlying theory is fairly simple. MIIS maintains a metaverse—a consolidated, synchronized view of all objects and attributes that management agents have imported. Each agent stores information about a particular connected directory, including its location and the credentials necessary to access it, in tables separate from the metaverse.
You can run management agents manually or invoke them through a script. The agents import data from a connected directory to the agent's connector space, which you can think of as a staging area for import and export operations. MIIS must synchronize objects and attributes in the connector space with objects and attributes in the metaverse. During the synchronization process, MIIS checks join rules to determine whether an object in the connector space can be uniquely linked, or joined, to one object in the metaverse. When the object in the connector space can be joined to an object in the metaverse, MIIS synchronizes it. If MIIS can't join an object because no corresponding object exists in the metaverse, MIIS searches for a projection rule that governs whether the object should be created in the metaverse.
Figure 2 shows join and projection rules for the inetOrgPerson object type in a management agent that imports objects from AD. Metaverse objects aren't necessarily the same as the objects in the connector space or the connected directory. Directories often contain many types of objects that can be used interchangeably. For example, AD can use user, person, and inetOrgPerson object types to store information about an individual, but the metaverse can store information about an individual only in a person object type. If the metaverse has no suitable object type to represent an object type from a directory or you need to customize an existing object type, you can use Metaverse Designer to extend the metaverse schema.
To configure a management agent, you must be logged on to the system as a member of the MIISAdmins group. To add a new agent, click Management Agents on the MIIS main window's toolbar and select Create from the list of actions in the right-hand pane. A wizard guides you through the agent-creation process.
The process can vary slightly depending on the directory you want to import from. When configuring an agent to import data from a connected directory, you can select which object classes (aka object types) to import (e.g., user, inetOrgPerson). For AD and ADAM, three object types are mandatory: container, domainDNS, and organizationalUnit.
After you specify all the object types you want to import, you can select the attributes to import for those objects. MIIS lists the most commonly used objects and attributes for you to select from. If the object or attribute you want doesn't appear in the list, you can select the Show All check box. To control which objects to import from the directory, you can use filters based on the attributes you want to import. Comparison operators for filters depend on the attribute type and include Equals, Does not equal, Starts with, Is present, and Contains.
You need to configure how attributes that belong to objects in the connector space flow to object types and attributes in the metaverse during synchronization. You configure attribute flow in the Create Management Agent window. Web Figure 1 shows attribute flow configured for a management agent that imports inetOrgPerson and user objects from AD to the metaverse.
You also need to configure deprovisioning to control how objects that are no longer joined are processed. Joins are broken when an object is removed from the metaverse—for example, when it's removed from a connector space as the result of its deletion from the connected directory. The final step in configuring a management agent lets you configure rules extensions and password-protection operations on directory partitions.
Running Management Agents
After you configure a management agent, you create run profiles for it. Run profiles control how the agent is run, whether it performs a full or delta import from a directory to the connector space, and whether the connector space is synchronized with the metaverse and, if so, whether a full or delta synchronization takes place. You can also configure exportation of data from the metaverse through the connector space to a connected directory.
You can run a management agent by selecting Run from the list of Actions in the right-hand pane of the Management Agents window, as Figure 3 shows. When you run an agent, MIIS shows a summary of results, including the metaverse objects that were added, modified, or deleted. You can double-click a Synchronization Statistics item, such as Adds or Deletes, to drill down into the results and get detailed information about the objects to which the statistic applies. You can also search the connector space and the metaverse for objects to see the results of import, synchronization, and export operations on those objects in an attempt to identify where problems might exist. Figure 4 shows the results of a metaverse search.
Because requiring administrators to log on to MIIS and manually run management agents isn't feasible in many production environments, MIIS provides a means to script operations using Windows Management Instrumentation (WMI). MIIS will even generate scripts for you. Web Listing 1 shows a sample script for running MIIS management agents on a specific server. You generate a script by choosing Configure Run Profiles from the list of Actions, selecting the name of a run profile to script (e.g., Full Import, Synchronize), and clicking the Script button. MIIS prompts you for a location at which to save the script. You can modify scripts to combine code from other scripting operations and to specify credentials to use when controlling MIIS remotely.
Prev. page
1
[2]
3
next page 
