Configuring Data Exports
Using MIIS to build a metaverse isn't very useful in itself. What you really want MIIS to be able to do is to export data through connector spaces to connected directories, where applications can access the data. The process of configuring a management agent to export objects and attributes is almost identical to creating an agent to import data. The main differences are that an export management agent doesn't have join or protection rules for exported attributes, the attribute flow is from metaverse to connector space instead of in the reverse direction, and you need to implement a rules extension.
Working with rules extensions can be the most off-putting part of implementing MIIS. Rules extensions are DLLs written in Visual Basic .NET or Visual C# .NET, compiled, and stored in the Extensions folder under MIIS's installation root folder. A rules extension is required to create an anchor attribute, which uniquely identifies an object in the management agent's connector space. For Lightweight Directory Access Protocol (LDAP)-compliant directories such as AD and ADAM, the anchor attribute is the object's distinguished name (DN) attribute. For a SQL Server or plaintext file, both of which the full version of MIIS supports, the anchor attribute might be an employee ID or any one of several combinations of attributes defined by the MIIS administrator. You don't need to code a rules extension manually. To create a Visual Studio (VS) project that contains a template rules extension source code file in your preferred language, click Tools in the main MIIS window, select Configure Extensions, then click Create Rules Extension Project.
Compiling a rules extension project creates a DLL and a debugging (.pdb) file. You must copy both to the Extensions folder for them to become visible to MIIS. Rules extension DLLs are disabled by default, and only one can be enabled at any time. To enable a rules extension, click Tools, select Configure Extensions, then select the Enable metaverse rules extension check box and the Enable Provisioning Rules Extension check box. Whenever you run an export or import management agent, MIIS loads and processes the DLL. Depending on the implementation, you might find that management agents that aren't designed to use the extension will fail or report errors when run, so you might need to enable and disable the failing agent manually or programmatically.
Listing 1 shows the code for a rules extension that creates a DN attribute for objects that will be written to an ADAM directory. Note that certain values are hard-coded, specifically the name of the management agent (DMZ ADAM, in this case) and a component of the DN that's unique to the ADAM directory, the partition common name (CN=DMZUsers,DC=CONTOSO,DC=COM).
After you configure the management agent and put the rules extension in place, you can use an Export step to create a Run Profile for the agent. This step exports the objects in the metaverse to the connected directory. After the agent runs, MIIS displays the results of the operation. Web Figure 2 shows the results of an export operation. After you perform an export operation, it's a good idea to run an import operation to check that the export was successful.
Management agents don't need to be dedicated as import or export agents—they can both import and export attributes. Management agents that both import and export are typical for environments that require multiple directories to synchronize with each other. MIIS ships with a developer's guide and Help file, both of which contain details about how to implement rules extensions.
Synchronicity
Now you know how to use IIFP to synchronize AD and an ADAM directory by creating import and export agents. To successfully export to a directory such as ADAM, you need to write a rules extension in Visual Basic .NET or Visual C# .NET. The full version of MIIS supports databases such as SQL Server as well as many third-party LDAP directory products, and rules extensions can easily accommodate these sources of identity. For more information about MIIS and IIFP, visit the Microsoft Web site at http://www.microsoft.com/windowsserver2003/technologies/directory/miis/ default.mspx.
End of Article
Prev. page
1
2
[3]
next page -->
