Step 11: Verify the installation

Applies To: Forefront Identity Manager

In the final step of the test lab guide, you will verify that the test lab is functional by performing various actions that simulate administration of a production BHOLD environment:

• Create a department

• Create an employee

Create a department

In the test lab guide scenario, departments are managed through the HR database that represents a human relations management system. When you create a department in the HR database, the department is provisioned to the BHOLD Core database as a new organizational unit (orgunit).

To create a department in the HR database

1. Log on to APP1 as CORP\Administrator.

2. Click Start, click All Programs, click Microsoft SQL Server 2008, and then click SQL Server Management Studio.

3. In Microsoft SQL Server Management Studio, in the Connect to Server dialog box, ensure that Server Name contains APP1 and that Authentication contains Windows Authentication, and then click Connect.

4. In the Object Explorer pane, expand Databases, expand HR, expand Tables, right-click dbo.Org, and then click Edit Top 200 Rows.

5. In the APP1.HR – dbo.Org tab, under OrgID, click NULL, and then type the numeral 1.

6. Under Organization, click NULL, and then type Sales.

7. Under Parent, click NULL, and then type root, making sure that it is all lowercase.

8. Press the Enter key to save the record.

   Note

   SQL Server automatically supplies the value for id when the database record is saved.

9. Close Microsoft SQL Server Management Studio, and then log off APP1.

After creating the department record in the HR database, you must run FIM Management agents to provision the new department into BHOLD Core as a new orgunit.

To provision the department as a BHOLD Core organizational unit

1. Log on to FIM1 as CORP\Administrator.

2. Click Start, click All Programs, click Microsoft Forefront Identity Manager, and then click Synchronization Service.

3. In Synchronization Service Manager, click Management Agents.

4. In the Management Agents list, click HROrg, under Actions, click Run, and then in the Run Management Agent dialog box, click OK.

5. Wait until the state of the HROrg management agent returns to Idle.

6. Click AMCOrgunits, under Actions, click Run, and then in the Run Management Agent dialog box, click OK.

7. Wait until the state of the AMCOrgunits management agent returns to Idle, and then close Synchronization Service Manager.

8. Click Start, click All Programs, and then click Internet Explorer.

9. In the Internet Explorer address bar, type https://FIM1:5151/BHOLD/Core, and then press the Enter key.

   Tip

   Instead of opening Internet Explorer and typing the URL, you can double-click the Microsoft BHOLD Suite – Core shortcut that was added to your desktop when you installed BHOLD Core.

10. On the left side of the BHOLD Core home page, click Organizational units, and then verify that the Sales organizational unit is listed.

11. On the left side of the BHOLD Core home page, click Roles, and then verify that the MR-Sales membership role is listed.

Create an employee

In the test lab guide scenario, users (employees) are managed through the HR database that represents a human relations management system. When you create an employee in the HR database, the employee is provisioned to AD DS as a new user account and to the BHOLD Core database as a new user. The new BHOLD user is added to the appropriate organizational unit, is assigned a role, and receives permission from that role.

To create an employee

1. Log on to APP1 as CORP\Administrator.

2. Click Start, click All Programs, click Microsoft SQL Server 2008, and then click SQL Server Management Studio.

3. In Microsoft SQL Server Management Studio, in the Connect to Server dialog box, ensure that Server Name contains APP1 and that Authentication contains Windows Authentication, and then click Connect.

4. In the Object Explorer pane, expand Databases, expand HR, expand Tables, right-click dbo.Emp, and then click Edit Top 200 Rows.

5. In the APP1.HR – dbo.Emp tab, under EmpName, click NULL, and then type Kim Akers.

6. Repeat the following step, using the following columns and values.

   Column	Value
   EmpType	Full Time Employee
   EmpFunction	Corp Sales
   EmpDepartment	Sales
   EmpAccountName	KimA
   EmpEmployeeID	1
   EmpEmail	kim.akers@contoso.com

7. Press the Enter key to save the record.

   Note

   SQL Server automatically supplies the value for EmpID when the database record is saved.

8. Close Microsoft SQL Server Management Studio and log off APP1.

After creating the employee record in the HR database, you must run FIM Management agents to provision the new employee into BHOLD Core and Active Directory.

To provision the new employee into BHOLD Core and Active Directory

1. Log on to FIM1 as CORP\Administrator.

2. Click Start, click All Programs, click Microsoft Forefront Identity Manager, and then click Synchronization Service.

3. In Synchronization Service Manager, click Management Agents.

4. In the Management Agents list, click ADUsers, under Actions, click Run, in the Run Management Agent dialog box, in the Run profiles list, click Sync, and then click OK.

5. Wait until the state of the ADUsers management agent returns to Idle.

6. In the Management Agents list, click HRPerson, under Actions, click Run, and then in the Run Management Agent dialog box, click OK.

7. Wait until the state of the HRPerson management agent returns to Idle.

8. In the Management Agents list, click AMCUsers, under Actions, click Run, and then in the Run Management Agent dialog box, click OK.

9. Wait until the state of the AMCUsers management agent returns to Idle.

10. In the Management Agents list, click ADUsers, under Actions, click Run, in the Run Management Agent dialog box, in the Run profiles list, click Export and import AD users, and then click OK.

11. Wait until the state of the ADUsers management agent returns to Idle.

12. In the Management Agents list, click AMCUsers, under Actions, click Run, and then in the Run Management Agent dialog box, click OK.

13. Wait until the state of the AMCUser management agent returns to Idle.

14. Click Start, click All Programs, and then click Internet Explorer.

15. In the Internet Explorer address bar, type https://FIM1:5151/BHOLD/Core, and then press the Enter key.

    Tip

    Instead of opening Internet Explorer and typing the URL, you can double-click the Microsoft BHOLD Suite – Core shortcut that was added to your desktop when you installed BHOLD Core.

16. On the left side of the BHOLD Core home page, click Users, and verify that Kim Akers is listed.

17. On the left side of the page, click Organizational units.

18. In the Organizational units list, click Sales, expand Users, and verify that Kim Akers (CORP/KimA) is listed.

19. On the left side of the page, click Roles and verify that PR-Kim Akers and JT-Corp Sales are listed, and then click MR-Sales.

20. Expand Users and verify that Kim Akers (KAkers) is listed.

21. On the left side, click Roles again, click JT-Corp Sales, expand Users, and verify that Kim Akers (KAkers) is listed.

22. Close Internet Explorer, and the log off FIM1.

23. Log on to DC1 as CORP\Administrator.

24. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

25. In Active Directory Computers and Users, in the console tree, expand corp.contoso.com, click FIMManaged, and verify that Kim Akers is listed in the details pane.

26. Close Active Directory Users and Computers, and then log off DC1.

Snapshot the configuration

This completes the BHOLD Access Management Connector test lab. To save this configuration for additional test labs, do the following:

1. On all physical computers or virtual machines in the test lab, close all windows and then shut down the machines.

2. If your lab uses physical computers, create disk images to save the test lab configuration. If your lab is based on virtual machines, save a snapshot of each virtual machine and name each snapshot BHOLD Access Management Connector Test Lab.