Lab A: Creating and Configuring an Active Directory Management Agent Objectives After completing this lab, you will be able to: ! Create and configure the Active Directory management agent. ! Integrate data from Active Directory into the metadirectory. ! Perform attribute flow on Active Directory data. Prerequisites Before working on this lab, you must have: ! Knowledge about attribute flow rules. ! Experience joining connector namespace entries with metaverse namespace entries. ! Experience operating management agents. Lab Setup To complete this lab, you need the following: ! MMS Server and MMS Compass installed. ! Human Resources and Microsoft Exchange 5.5 data integrated into the metaverse namespace. Estimated time to complete this lab: 30 minutes 2 Lab A: Creating and Configuring an Active Directory Management Agent BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 1 Creating an Active Directory Management Agent In this exercise, you will create an Active Directory management agent to integrate the information from the Claims and Investigations departments into the metadirectory. Scenario The Claims and Investigations departments of Northwind Traders have started to deploy Active Directory. You need to integrate the department’s Active Directory information into the metadirectory. This will lay the groundwork for deploying Active Directory throughout the organization. Tasks Detailed steps 1. Log on to Windows 2000, start MMS Compass, and then log on to your MMS server. a. Log on to Windows 2000 as Administrator with a password of password. b. Start MMS Compass, and then log on to your MMS server as mmsadmin@nwtraders.msft with a password of password. 2. Create an instance of the Active Directory management agent called domain MA (where domain is your domain name). a. In the control pane of MMS Compass, click Bookmarks, and then click Management Agents. b. In the directory pane, click server (where server is your computer name), and then in the control pane, click Create New Management Agent. c. In the Create Management Agent dialog box, in the Name of the Management Agent box, type domain MA (where domain is your domain name). d. In the Type of the Management Agent box, click Microsoft Active Directory Management Agent, and then click Create. 3. Configure the management agent with the following parameters: • Management Agent Mode: Association • Forest to discover: domain.nwtraders.msft • Username: domain\Administrator • Password: password a. In the Configure the Management Agent dialog box, on the Connected Directory Specifics tab, on the Mode and Namespace Management tab, under Management Agent Mode, click Association. b. On the Active Directory Discovery Settings tab, under Discovery Settings, in the Forest to discover box, type domain.nwtraders.msft c. Under Active Directory Login Information, in the Username box, type domain\Administrator and in the Password box, type password and then click OK. d. In the Change Password dialog box, in the Confirm New Password for UserPassword box, type password and then click OK. Lab A: Creating and Configuring an Active Directory Management Agent 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 2 Joining Active Directory Entries into the Metaverse Namespace In this exercise, you will integrate the Claims and Investigations information into the metadirectory by joining the Active Directory data with the existing metaverse namespace data. Scenario The Claims and Investigations departments of Northwind Traders have started to deploy Active Directory. You need to integrate their Active Directory information into the metadirectory. This will lay the groundwork for deploying Active Directory throughout the organization. Tasks Detailed steps 1. Configure the join to specify displayname and sn for the join criteria attributes. a. In the directory pane of MMS Compass, click domain MA, and then in the control pane, click Join. b. In the Server-Based Join dialog box, on the Configure the Join tab, in the Search using these attributes box, add the following attributes: $cd.displayname $cd.sn Important: Do not perform the join at this time. 1. (continued) c. Click OK to close the Server-Based Join dialog box. 2. Run the Active Directory management agent. a. In the directory pane, verify that domain MA is selected, and then in the control pane, click Operate MA. b. On the Management Agent Logs tab, display the Operator’s Log tab. c. Click Run the Management Agent. The Operator's Log displays the management agent's progress. This process may take some time to complete. Was the management agent configured for delta mode? What mode did the management run in and why? Yes, from the Operational Settings tab, the mode is set to delta. From the Operator's Log, the management agent ran in full mode because it automatically switches to this mode the first time the management agent runs, thereby initially populating the metadirectory. 2. (continued) d. Click OK to close the Operate the Management Agent dialog box. 3. Verify the organizational structure has been imported into the connector namespace and user entries have been created. a. In the directory pane, expand domain MA, expand domain.nwtraders.msft, and then verify that the nwtraders users organizational unit exists. b. Expand nwtraders users, and then verify that user accounts exist. 4 Lab A: Creating and Configuring an Active Directory Management Agent BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Tasks Detailed Steps What do the two entries directly beneath domain MA represent? The configuration.domain.nwtraders.msft entry represents Active Directory's configuration partition. The domain.nwtraders.msft entry represents Active Directory's domain partition. 4. Start Account Joiner and configure a new query to facilitate joins by using the surname attribute. a. Start MMS Account Joiner from the Microsoft Metadirectory Services menu, and then log on to your MMS server as mmsadmin@nwtraders.msft with a password of password. b. In the Microsoft Account Joiner window, display the domain MA tab. c. On the Configure menu, point to domain MA, and then click Queries. d. In the Configure Queries dialog box, click New. e. In the Query Properties dialog box, in the Query Name box, type Last Name f. In the Query Command box, type (sn=$sn) and in the Help Text box, type Match by last name and then click OK. g. Click OK to close the Configure Queries dialog box. A Last Name button is added to Predefined Queries. 5. Use Account Joiner to manually join any remaining disconnectors that have a matching entry in the metaverse namespace. a. Select the entry for Cordelie Gunnells, which has a user principal name defined. b. To the right of Predefined , click Last Name. c. In the Metadirectory Results box, select Cordelia Gunnells, click Join, and then click Yes to close the Join confirmation dialog box. Note: There are a number of default Active Directory accounts that are still disconnectors. This is acceptable because there are no corresponding entries in the metaverse namespace that match these Active Directory accounts. 5. (continued) d. Close the Microsoft Account Joiner window. Lab A: Creating and Configuring an Active Directory Management Agent 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 3 Establishing Attribute Flow In this exercise, you will establish attribute flow rules to update the metaverse namespace with the Active Directory user principal name. Scenario Northwind Traders recently integrated their Active Directory user accounts from their Claims and Investigations departments. The Microsoft Exchange Server e-mail address must match the Active Directory user principal names for these users. Tasks Detailed steps 1. Establish attribute flow rules to flow the mail attribute from Active Directory to the metaverse namespace. a. In the directory pane of MMS Compass, click domain MA, and then in the control pane, click Attribute Flow. b. In the Configure Attribute Flow dialog box, on the Specific Flow Rules tab, in the Metaverse Attributes box, click mail. c. In the Connected Directory Attributes box, click mail, and then click <. The specific attribute flow rule $mv.mail = $cd.mail appears. d. Click OK to close the Configure Attribute Flow dialog box. 2. Verify that the e-mail address for the metaverse namespace entry for Adri Duhem in the Claims department is blank. a. In the directory pane, navigate to and expand The Known Universe \ msft \ nwtraders \ domain \ metaverse \ Claims. b. Under Claims, click Adri Duhem, and then in the control pane, click Properties. c. In the Adri Duhem dialog box, on the General tab, verify that the Email box is blank. d. Click OK to close the Adri Duhem dialog box. 3. Run the management agent to update the mail attribute values in the metaverse namespace from Active Directory. a. In the control pane, click Operate MA. b. In the Operate the Management Agent dialog box, on the Management Agent Logs tab, display the Operator’s Log. c. Click Run the Management Agent. The Operator's Log displays the management agent's progress. What is the e-mail address for Adri Duhem in the metaverse namespace? The e-mail address for Adri Duhem is still blank. 6 Lab A: Creating and Configuring an Active Directory Management Agent BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Tasks Detailed Steps Why did the update of the mail attribute values in the metaverse namespace not occur? The update of the mail attribute values in the metaverse namespace did not occur because there were no changes to the connected directory objects resulting in no objects being processed in delta mode. 4. Using full update mode, update the mail attribute values in the metaverse namespace from Active Directory. a. In the directory pane, verify that domain MA is selected. b. In the control pane, click Operate MA. c. In the Operate the Management Agent dialog box, on the Operational Settings tab, clear the Operate in delta mode check box. d. On the Management Agent Logs tab, display the Operator’s Log. e. Click Run the Management Agent. The Operator's Log displays the management agent's progress. f. Click OK to close the Operate the Management Agent dialog box. What is the e-mail address for Adri Duhem in the metaverse namespace? The e-mail address for Adri Duhem is now aduhem@nwtraders.msft 5. Close MMS Compass, and then log off of Windows 2000. a. Close MMS Compass, and then close any open windows. b. Log off of Windows 2000. . Lab A: Creating and Configuring an Active Directory Management Agent Objectives After completing this lab, you will be able to: ! Create and configure. for UserPassword box, type password and then click OK. Lab A: Creating and Configuring an Active Directory Management Agent 3 BETA MATERIALS FOR MICROSOFT