Step 8 - Create Resource Forest Management Agent

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

This step explains how to create the Microsoft® Identity Lifecycle Manager 2007 (ILM 2007) FP1 resource management agent for the accounts forest. This will allow you to synchronize user accounts into the resource forest.

To create the management agent

  1. Log on to RES-DC.resource.fabrikam.net as Administrator.

  2. Click Start, click All Programs, click Microsoft Identity Integration Server, and then click Identity Manager.

  3. In Identity Manager, click the Management Agents button at the top.

  4. In the Management Agents view, under Actions, click Create. This will bring up the Create Management Agent dialog box.

  5. On the Create Management Agent dialog box, under Management Agent for, select Active Directory. Under Name enter RESOURCE and then click Next.

  6. On the Connect to Active Directory Forest dialog box, enter resource.fabrikam.net for Forest name. Enter Administrator for the User name. Enter Pass1word$ for the Password. Enter RESOURCE for the Domain. Click Next.

  7. On the Configure Directory Partitions dialog box, under Select directory partitions, put a check in DC=resource,DC=fabrikam,DC=net. Under Select containers for this partition, click the Containers button. This will bring up the Select Containers dialog box.

  8. On the Select Containers dialog box, clear the check from the root DC=resource,DC=fabrikam,DC=net box. This will remove the check marks in all of the boxes. Now place a check in the ResourceForestUsers box. Click OK. This will close the Select Containers dialog box.

  9. On the Configure Directory Partitions dialog box, click Next.

  10. On the Select Object Types dialog box, check user and then click Next.

  11. On the Select Attributes dialog box, place a check in the Show All box in the upper-right.

  12. On the Select Attributes dialog box, place a check in the box for each attribute in the following list. When finished click Next.

    • cn

    • displayName

    • employeeID

    • givenName

    • mail

    • sIDHistory

    • sn

  13. On the Configure Connector Filter dialog box, click Next.

  14. On the Configure Join and Projection Rules dialog box, select user and then click New Join Rule. This will bring up the Join Rule for user dialog box.

  15. On the Join Rule for user dialog box, under Data source attribute select employeeID.

  16. On the Join Rule for user dialog box, under Mapping Type select Direct.

  17. On the Join Rule for user dialog box, under Metaverse Object Type select person.

  18. On the Join Rule for user dialog box, under Metaverse attribute select employeeID.

  19. On the Join Rule for user dialog box, click Add Condition. If you see a dialog box that says, You are attempting a join mapping with a non-indexed metaverse attribute, you can safely ignore it and click OK.

  20. On the Join Rule for user dialog box, click OK. This will close the Join Rule for user dialog box.

  21. On the Configure Join and Projection Rules dialog box, click Next.

  22. On the Configure Attribute Flow dialog box, under Data source object type select user.

  23. On the Configure Attribute Flow dialog box, under Metaverse object type select person.

  24. On the Configure Attribute Flow dialog box, under Data source attribute select cn.

  25. On the Configure Attribute Flow dialog box, under Mapping Type select Direct.

  26. On the Configure Attribute Flow dialog box, under Flow Direction select Export.

  27. On the Configure Attribute Flow dialog box, under Metaverse attribute select cn.

  28. On the Configure Attribute Flow dialog box, click New. This flow rule will appear above. Repeat these steps for each attribute in the following table. When finished, click Next.

    CORP MA Attribute Flow

    Data Source Object Type Metaverse Object Type Data Source Attribute Mapping Type Flow Direction Metaverse Attribute

    user

    person

    cn

    Direct

    Export

    cn

    user

    person

    displayName

    Direct

    Export

    displayName

    user

    person

    sn

    Direct

    Export

    sn

    user

    person

    employeeID

    Direct

    Export

    employeeID

    user

    person

    givenName

    Direct

    Export

    givenName

    user

    person

    sIDHistory

    Direct

    Import

    sIDHistory

    user

    person

    mail

    Direct

    Import

    mail

  29. On the Configure Deprovisioning dialog box, click Next.

  30. On the Configure Extensions dialog box, click Finish.

  31. Close Identity Manager.