Step 7 - Create Accounts Forest Management Agent
Applies To: Windows Server 2008, Windows Server 2008 R2
This step explains how to create the Microsoft® Identity Lifecycle Manager 2007 (ILM 2007) with FP1 management agent for the accounts forest. This will allow you to synchronize user accounts into the resource forest.
To create the management agent
Log on to RES-DC.resource.fabrikam.net as Administrator.
Click Start, click All Programs, click Microsoft Identity Integration Server, and then click Identity Manager.
In Identity Manager, click the Management Agents button at the top.
In the Management Agents view, under Actions, click Create. This will bring up the Create Management Agent dialog box.
On the Create Management Agent dialog box, under Management Agent for, select Active Directory. Under Name enter ACCOUNT and then click Next.
On the Connect to Active Directory Forest dialog box, enter corp.fabrikam.com for Forest name. Enter Administrator for the User name. Enter Pass1word$ for the Password. Enter CORP for the Domain. Click Next.
On the Configure Directory Partitions dialog box, under Select directory partitions, put a check in DC=corp,DC=fabrikam,DC=com. Under Select containers for this partition, click the Containers button. This will bring up the Select Containers dialog box.
On the Select Containers dialog box, clear the check in the root DC=corp,DC=fabrikam,DC=com box. This will remove the check marks in all of the boxes. Now place a check in the AccountsForestsUsers box. Click OK. This will close the Select Containers dialog box.
On the Configure Directory Partitions dialog box, click Next.
On the Select Object Types dialog box, check user and then click Next.
On the Select Attributes dialog box, place a check in the Show All box in the upper-right.
On the Select Attributes dialog box, place a check in the box for each attribute in the following list. When finished click Next.
cn
displayName
givenName
sn
employeeID
mail
On the Configure Connector Filter dialog box, click Next.
On the Configure Join and Projection Rules dialog box, select user and then click New Projection Rule. This will bring up the Projection dialog box.
On the Projection dialog box select Declared and then click OK. This will close the Projection dialog box.
On the Configure Join and Projection Rules dialog box, click Next.
On the Configure Attribute Flow dialog box, under Data source object type select user.
On the Configure Attribute Flow dialog box, under Metaverse object type select person.
On the Configure Attribute Flow dialog box, under Data source attribute select cn.
On the Configure Attribute Flow dialog box, under Mapping Type select Direct.
On the Configure Attribute Flow dialog box, under Flow Direction select Import.
On the Configure Attribute Flow dialog box, under Metaverse attribute select cn.
On the Configure Attribute Flow dialog box, click New. This flow rule will appear above. Repeat these steps for each attribute in the following table. When finished, click Next.
CORP MA Attribute Flow
Data Source Object Type Metaverse Object Type Data Source Attribute Mapping Type Flow Direction Metaverse Attribute user
person
cn
Direct
Import
cn
user
person
displayName
Direct
Import
displayName
user
person
sn
Direct
Import
sn
user
person
employeeID
Direct
Import
employeeID
user
person
givenName
Direct
Import
givenName
user
person
mail
Direct
Export
mail
On the Configure Deprovisioning dialog box, click Next.
On the Configure Extensions dialog box, click Finish.
Close Identity Manager.