Run Profiles in MIIS 2003
Updated: August 14, 2006
Applies To: Windows Server 2003 with SP1
This document is available for download as a Microsoft Word document at http://go.microsoft.com/fwlink/?LinkId=30737.
An MIIS 2003 run profile is a set of steps, or instructions, that determine how a management agent is run.
In this subject
What Are Run Profiles?
The identity management process implemented by MIIS 2003 consists of three distinct processes: staging, synchronization, and export.
Each process can calculate identity information at any time, independently from the other processes. For example, the staging process can request data from the connected data source without this data being processed further in MIIS 2003. Likewise, you can run the synchronization process for the available identity information without having to retrieve the latest updates from the connected data source.
The activities that occur in each of these processes, or in combinations of these processes, are determined by run profiles. A run profile is a set of steps, or instructions, that determine how a management agent is run. A management agent can have multiple run profiles, which are stored with the management agent configuration.
A run profile is composed of at least one run profile step. Run profile steps are configuration settings that determine how a management agent runs.
MIIS 2003 provides the following run profile steps:
Import, which can include:
Synchronization, which can include:
- Full synchronization
Each of these steps has associated subtypes that you can use to fine-tune the behavior of the management agent when you apply a run profile.
MIIS 2003 provides predefined run profiles that include combinations of these steps. For example, Full Import and Full Synchronization is a run profile that performs the activities of the import and full synchronization steps. When you apply a run profile, you can specify a collection of several steps that are processed in the specified order.
How Run Profiles Work
Import run profile steps request data from the connected data source. When processing import data, MIIS 2003 requests either all objects from the connected data source that meet the specified location and object type (a full import) or only the data that has changed since the last import (a delta import). Full and delta imports are the most complex run profile steps.
For a full import, MIIS 2003 requests all designated objects from the connected data source and deletes all staging objects for which a corresponding object has not been received during this import. As a result, this run profile step is useful for cleaning up the staging objects in the connector space. The objects that have been received from the connected data source are staged in the connector space.
For the delta import to provide the desired results, the connected data source must implement some sort of watermark. The connected data source uses the watermark to indicate when the most recent changes to an object occurred. MIIS 2003 reads the watermark to determine what to include in the delta import.
The export run profile step processes all staging objects that have pending exports and attempts to export them to the connected data source.
The synchronization run profile step defines the inbound and outbound synchronization processes. The synchronization run profile step has two subtypes:
During delta synchronization, MIIS 2003 processes only imported objects, which are those staging objects that are flagged as pending import. This run profile step is useful for processing only those objects that have pending changes, but were not processed during a previous synchronization run.
Delta synchronization is used in two predefined run profiles, and behaves slightly differently in each one. The first run profile is Delta Synchronization, where no import from any connected source is performed, but all objects in the connector space are evaluated, and any objects with pending changes are processed. The second run profile is Delta Import and Delta Synchronization combined. This run profile imports only those objects and attributes from the connected data source whose values have changed since the last time the management agent was run. Management agent rules are then reapplied only to objects that have pending changes from the delta import. Objects without pending changes from that delta import are not evaluated.
During full synchronization, MIIS 2003 evaluates and applies synchronization rules to all of the staging objects in a connector space. Full synchronization should be initiated whenever changes have been applied to the rules of a given environment. Depending on the number of objects in your connector space, this can be a time and resource intensive operation, so frequent changes to synchronization rules in your production environment should be avoided.