Step 9: Install the ECMA and Configure the FIM Synchronization Service

  • Article

Creating and configuring the Extensible Connectivity 2.0 Management Agent test lab consists of the following:

  • Create the SQL_ECMA2

  • Configure the SQL_ECMA2 Run Profiles

  • Create the AD_ECMA2

  • Configure the AD_ECMA2 Run Profiles

  • Configure Attribute Precedence

  • Configure Object Deletion

Create the SQL_ECMA2

Now we will create the SQL_ECMA2 management agent in the synchronization service.

To create the SQL_ECMA2

  1. Back in the Synchronization Service, click Management Agents and

  2. In the Synchronization Service, at the top, select Management Agents and over on the right, under Actions, select Create. This will open a Create Management Agent wizard.

  3. On the Create Management Agent screen, next to Management Agent for: select Extensible Connectivity 2

  4. On the Create Management Agent screen, next to Name: enter SQL_ECMA2

    SQL_ECMA_1

  5. Remove the check from Run this management agent in a separate process. This will allow for debugging should the need arise.

  6. Click Next.

  7. On the Select Extension DLL screen, click Browse and select SQL_ECMA2.dll. Click OK.

  8. On the Select Extension DLL screen, click Refresh interfaces. This will populate the box below. It should support Import, Full Import, and Export operations.

    SQL_ECMA_2

  9. Click Next.

  10. On the Connectivity screen, next to Server enter: APP1.

  11. On the Connectivity screen, next to Database enter: CONTOSO.

  12. On the Connectivity screen, next to Table enter: HR.

    SQL_ECMA_3

  13. Click Next.

  14. On the Configure Partitions and Hierarchies screen, leave the defaults.

    SQL_ECMA_4

  15. Click Next.

  16. On the Select Object Types screen, select Person.

    SQL_ECMA_5

  17. Click Next.

  18. On the Select Attributes screen, select all six.

    SQL_ECMA_6

  19. Click Next.

  20. On the Configure Anchors screen, click Specify Anchor. This will open a Set Anchor dialog box.

  21. On the Set Anchor dialog box, select EmployeeID and click Add>. Click OK.

    SQL_ECMA_7

  22. Click Next.

  23. On the Configure Connector Filter screen, click Next.

    SQL_ECMA_8

  24. On the Configure Join and Projection Rules screen, click New Projection Rule. This will open a Projection dialog box.

  25. On the Projection dialog box, verify Declared is selected.

  26. On the Projection dialog box, verify Person is in the box next to Metaverse object type.

  27. Click OK.

  28. On the Configure Join and Projection Rules screen, click New Join Rule. This will open a Join Rule for Person dialog box.

  29. Under Data source attribute select EmployeeID.

  30. Under Metaverse attribute select employeeID.

  31. Click OK. This will bring up a dialog box that states you are attempting to join a non-indexed metaverse attribute. Click OK. Click OK.

    SQL_ECMA_9

  32. Click Next.

  33. On the Configure Attribute Flow screen, from the drop-down list under Data source object type, select Person.

  34. On the Configure Attribute Flow screen, from the drop-down list under Metaverse object type list, select person.

  35. On the Configure Attribute Flow screen, for Mapping Type, select Direct.

  36. On the Configure Attribute Flow screen, from the list below Data source attribute, select FirstName.

  37. On the Configure Attribute Flow screen, from the list below Metaverse attribute, select givenName.

  38. On the Configure Attribute Flow screen, for Flow Direction, select Import. Ensure that Allow Nulls is not selected. Click New.

  39. Repeat the above steps for each of the attribute entries in the following table.

    Important

    Be sure to change the Flow Direction where applicable. Also ensure that Allow Nulls is not checked.

    Table 1 – Attribute Flow

    Data Source Attribute Flow Direction Metaverse attribute

    AccountName

    Import

    accountName

    EMail

    Import

    mail

    FirstName

    Import

    givenName

    FullName

    Import

    displayName

    EmployeeID

    Import

    employeeID

    LastName

    Import

    sn

    AccountName

    Export

    accountName

    EMail

    Export

    mail

    FirstName

    Export

    givenName

    FullName

    Export

    displayName

    LastName

    Export

    sn

    SQL_ECMA_10

  40. Click Next.

  41. On the Configure Deprovisioning screen, select Stage a delete on the object for the next export run and click Next.

    SQL_ECMA_11

  42. On the Configure Extensions screen click Finish.

    SQL_ECMA_12

Configure the SQL_ECMA2 Run Profiles

Now that the SQL_ECMA2 has been created, you will need to create run profiles for the management agent.

To configure the SQL_ECMA2 Run Profiles

  1. In the Synchronization Service, on the right, under Actions menu, click Configure Run Profiles. This opens the Configure run Profiles window.

  2. Click New Profile. This will begin the Configure Run Profile wizard.

  3. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Full Import

  4. On the Configure Step page, from the drop-down list under Type, select Full Import (Stage Only), and then click Next.

  5. On the Management Agent Configuration. Click Finish.

  6. Click New Profile.

  7. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Full Synchronization

  8. On the Configure Step page, from the drop-down list under Type, select Full Synchronization, and then click Next.

  9. On the Management Agent Configuration page click Finish.

  10. Click Finish.

  11. Click New Profile.

  12. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Delta Synchronization

  13. On the Configure Step page, from the drop-down list under Type, select Delta Synchronization, and then click Next.

  14. On the Management Agent Configuration page click Finish.

  15. Click Finish.

  16. Click New Profile.

  17. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Export

  18. On the Configure Step page, from the drop-down list under Type, select Export, and then click Next.

  19. On the Management Agent Configuration page click Finish.

  20. Click Finish.

Create the AD_ECMA2

Now we will create the AD_ECMA2 management agent in the synchronization service.

To create the AD_ECMA2

  1. Back in the Synchronization Service, click Management Agents and

  2. In the Synchronization Service, at the top, select Management Agents and over on the right, under Actions, select Create. This will open a Create Management Agent wizard.

  3. On the Create Management Agent screen, next to Management Agent for: select Extensible Connectivity 2

  4. On the Create Management Agent screen, next to Name: enter AD_ECMA2

    AD_ECMA2_1

  5. Remove the check from Run this management agent in a separate process. This will allow for debugging should the need arise.

  6. Click Next.

  7. On the Select Extension DLL screen, click Browse and select AD_ECMA2.dll. Click OK.

  8. On the Select Extension DLL screen, click Refresh interfaces. This will populate the box below. It should support Import, Full Import, and Export operations.

    AD_ECMA2_2

  9. Click Next.

  10. On the Connectivity screen, next to User Name enter: Administrator.

  11. On the Connectivity screen, next to Password enter the Administrators password.

  12. On the Connectivity screen, next to Domain enter: CORP.

    On the Connectivity screen, next to Domain FQDN enter: corp.contoso.com.

    AD_ECMA2_3

  13. Click Next.

  14. On the Configure Provisioning Hierarchy screen, leave the defaults.

    AD_ECMA2_4

  15. Click Next.

  16. On the Configure Partitions and Hierarchies screen, select DC=corp,DC=contoso,DC=com.

    AD_ECMA2_6

  17. Click the Containers button. Ensure that ECMA2 is selected. Click OK.

    AD_ECMA2_5

  18. Click Next.

  19. On the Select Object Types screen, select user.

    AD_ECMA2_7

  20. Click Next.

  21. On the Select Attributes screen, select the following:

    • displayName

    • employeeID

    • givenName

    • mail

    • sAMAccountName

    • sn

    AD_ECMA2_8

  22. Click Next.

  23. On the Configure Anchors screen, click Specify Anchor. This will open a Set Anchor dialog box.

  24. On the Set Anchor dialog box, select EmployeeID and click Add>. Click OK.

    AD_ECMA2_9

  25. Click Next.

  26. On the Configure Connector Filter screen, click Next.

    AD_ECMA2_10

  27. On the Configure Join and Projection Rules screen, click New Projection Rule. This will open a Projection dialog box.

  28. On the Projection dialog box, verify Declared is selected.

  29. On the Projection dialog box, verify Person is in the box next to Metaverse object type.

  30. Click OK.

  31. On the Configure Join and Projection Rules screen, click New Join Rule. This will open a Join Rule for Person dialog box.

  32. Under Data source attribute select employeeID.

  33. Under Metaverse attribute select employeeID.

  34. Click OK. This will bring up a dialog box that states you are attempting to join a non-indexed metaverse attribute. Click OK. Click OK.

    AD_ECMA2_12

  35. Click Next.

  36. On the Configure Attribute Flow screen, from the drop-down list under Data source object type, select Person.

  37. On the Configure Attribute Flow screen, from the drop-down list under Metaverse object type list, select person.

  38. On the Configure Attribute Flow screen, for Mapping Type, select Direct.

  39. On the Configure Attribute Flow screen, from the list below Data source attribute, select display Name.

  40. On the Configure Attribute Flow screen, from the list below Metaverse attribute, select displayName.

  41. On the Configure Attribute Flow screen, for Flow Direction, select Import. Ensure that Allow Nulls is not selected. Click New.

  42. Repeat the above steps for each of the attribute entries in the following table.

    Important

    Be sure to change the Flow Direction where applicable. Also ensure that Allow Nulls is not checked.

    Table 1 – Attribute Flow

    Data Source Attribute Flow Direction Metaverse attribute

    displayName

    Import

    displayName

    employeeID

    Import

    employeeID

    givenName

    Import

    givenName

    mail

    Import

    mail

    sAMAccountName

    Import

    accountName

    sn

    Import

    sn

    displayName

    Export

    displayName

    givenName

    Export

    givenName

    mail

    Export

    mail

    sAMAccountName

    Export

    sAMAccountName

    sn

    Export

    sn

    AD_ECMA2_13

  43. Click Next.

  44. On the Configure Deprovisioning screen, select Stage a delete on the object for the next export run and click Next.

    AD_ECMA2_14

  45. On the Configure Extensions screen click Finish.

    AD_ECMA2_15

Configure the AD_ECMA2 Run Profiles

Now that the AD_ECMA2 has been created, you will need to create run profiles for the management agent.

To configure the AD_ECMA2 Run Profiles

  1. In the Synchronization Service, on the right, under Actions menu, click Configure Run Profiles. This opens the Configure run Profiles window.

  2. Click New Profile. This will begin the Configure Run Profile wizard.

  3. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Full Import

  4. On the Configure Step page, from the drop-down list under Type, select Full Import (Stage Only), and then click Next.

  5. On the Management Agent Configuration. Click Finish.

  6. Click New Profile.

  7. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Full Synchronization

  8. On the Configure Step page, from the drop-down list under Type, select Full Synchronization, and then click Next.

  9. On the Management Agent Configuration page click Finish.

  10. Click Finish.

  11. Click New Profile.

  12. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Delta Synchronization

  13. On the Configure Step page, from the drop-down list under Type, select Delta Synchronization, and then click Next.

  14. On the Management Agent Configuration page click Finish.

  15. Click Finish.

  16. Click New Profile.

  17. On the Profile Name page, in the text box under Name, type the following, and then click Next:
    Export

  18. On the Configure Step page, from the drop-down list under Type, select Export, and then click Next.

  19. On the Management Agent Configuration page click Finish.

  20. Click Finish.

Configure Attribute Precedence

For this example, we are going to assume that the SQL HR database is authoritative for our organization. Because of this, we will set our attribute precedence to ensure that the SQL_ECMA2 has precedence over AD_ECMA2.

To configure Attribute Precedence

  1. In the Synchronization Service, at the top, click Metaverse Designer.

  2. Under the Object types, click person.

  3. Down under attributes, click the Import Flow bar twice. This will sort the attributes so that the ones that have 2 sources will be at the top.

  4. Highlight accountName, and on the right click Configure Attribute Flow Precedence. This will bring up the Configure Attribute Flow Precedence dialog box.

  5. On the right, use the arrow and move SQL_ECMA2 to the top position. Click OK.

    Attribute Precedence 1

  6. Repeat this for each of the attributes listed below.

    1. displayName

    2. employeeID

    3. givenName

    4. mail

    5. sAMAccountName

    6. sn

    Attribute Precedence 2

Configure Object Deletion

Now we will configure the object deletion rule. For purposes of this guide we will assume that SQL HR is authoritative for all objects. Because of this we will trigger a deletion of the user account in Active Directory if the user is removed from the SQL HR database.

To Configure Object Deletion

  1. On the same screen, the Metaverse Designer, at the top, click Configure Object Deletion Rule.

  2. Select Delete metaverse object when connector from any of the following management agents is disconnected. Place a check in the box next to SQL_ECMA2.

  3. Click OK.

    Object Deletion