Group Creation and Provisioning Walkthrough

Applies To: Windows Server 2003 with SP1

Download Instructions

This document is available for download as a Windows Installer package at https://go.microsoft.com/fwlink/?LinkId=34336.

In This Walkthrough

This document describes a step-by-step process for setting up and using Microsoft Identity Integration Server 2003 to accomplish group creation and provisioning. It is part of a series of documents designed to help you understand and use the features available in Microsoft Identity Integration Server 2003. This walkthrough comprises the following topics:

• Scenario Overview

• Scenario Design

• Implementation Steps

• Additional Scenario Steps

Scenario Overview

This scenario explains how to the configure Microsoft Identity Integration Server 2003 to create groups with membership information. The data that is used to create groups is derived from the metaverse in Microsoft Identity Integration Server 2003. The groups are defined by using queries on attributes and objects in the metaverse. These calculated groups, including their membership information, are provisioned into Active Directory.

This scenario is an extension to the Simple Account Provisioning scenario and uses the person objects and attributes that are derived from the HR system of the fictional company Fabrikam.

Microsoft Identity Integration Server 2003 Features in this Scenario

This scenario uses the same Microsoft Identity Integration Server 2003 features as the Simple Account Provisioning scenario. You need to read the Simple Account Provisioning scenario document and run the Simple Account Provisioning scenario before proceeding with the Group Creation and Provisioning scenario. Also be sure to save the resulting settings from running the Simple Account Provisioning scenario.

Scenario Requirements

The requirements for this scenario are the same as the requirements outlined in the Simple Account Provisioning scenario document. For more information, see Simple Account Provisioning in the \Scenarios folder on the Microsoft Identity Integration Server 2003 installation media.

In addition to the setup requirements outlined in the Simple Account Provisioning scenario, you must perform the following operations:

1. Copy all the contents of the \Scenarios\GroupManagement folder on the Microsoft Identity Integration Server 2003 installation media to the C:\Scenarios\GroupManagement folder on the server running Microsoft Identity Integration Server 2003.

2. Start Notepad, open the GroupPopulatorSync.cmd file, and then change the following variables to reflect your environment:

   MaData: Add the directory of the Microsoft Identity Integration Server 2003 management agent working directory (for example C:\Program Files\Microsoft Identity Integration Server\MaData).

   Save the changes, and then close Notepad.

3. In the \Extensions folder on the server running Microsoft Identity Integration Server 2003, in Notepad, open the simpleprov.xml file, and then change the following:

   Change the <groups/> tag to specify the organizational unit in Active Directory where the groups should be created (for example: <groups>OU=Groups</groups>).

   Save the changes, and then close Notepad.

Next

• Scenario Design