Lab A: Implementing a Central Account Scenario Using TAMA Objectives After completing this lab, you will be able to: ! Create and configure TAMA resources. ! Assign TAMA resources to TAMA account profiles Prerequisites ! Before working on this lab, you must have experience creating and operating management agents. Lab Setup To complete this lab, you need the following: ! MMS Server installed and running. ! MMS Compass configured to connect to your server. ! Run the C:\Moc\2062A\Labfiles\Lab8a.cmd batch file. This will prepare your computer for this lab. Estimated time to complete this lab: 45 minutes 2 Lab A: Implementing a Central Account Scenario Using TAMA BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 1 Creating a Management Agent for the Human Resources Directory In this exercise, you will create a management agent for the Human Resources directory. Scenario Your company, NorthWind Traders, has decided to use MMS to centrally manage the creation and deletion of user accounts. An existing Human Resources directory will be used to create and delete all user accounts. User accounts that are created and deleted in the Human Resources directory need to be automatically created and deleted in Active Directory and Microsoft Exchange Server 5.5 as well. To accomplish this, you will use the TAMA component of MMS. Tasks Detailed Steps 1. Create a new management agent to connect the Human Resources directory to MMS using the following parameters: • Name of the Management Agent: HR MA • Type of the Management Agent: Tutorial HR (LDIF) Management Agent • Metaverse location: ou=metaverse,dc=domai n,dc=nwtraders,dc=msft (where domain is your assigned domain name) • Management Agent Mode: Reflector • Discovery Parameters: Humongous Insurance. a. Log on as Administrator with a password of password. b. On the desktop, double-click MMS Compass. c. In the Login dialog box, in the Password box type server (where server is your computer name), and then click OK. d. In the Servers dialog box, click your server name, and then click OK. e. On the Action pane, click Bookmarks, click Management Agents, and then click Create New Management Agent. f. In the Create Management Agent dialog box, in the Name of the Management Agent box, type HR MA g. In the Type of the Management Agent box, click Tutorial HR (LDIF) Management Agent, and then click Create. h. In the Configure the Management Agent dialog box, on the Connected Directory Specifics tab, on the Mode and Namespace Management tab, in the Metaverse Location box, type ou=metaverse, before the beginning of the current metaverse location (including the comma). i. Ensure that the Management Agent Mode is set to Reflector. j. On the Discovery Parameters tab, ensure that the Dataset to use is set to Humongous Insurance. k. Click OK to create the new management agent. l. Leave MMS Compass open. Lab A: Implementing a Central Account Scenario Using TAMA 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 2 Connecting Active Directory In this exercise, you will create and configure a management agent for Active Directory. Scenario Before you can use TAMA to add objects to Active Directory, you need to create and configure a management agent for Active Directory. The Active Directory management agent needs to create enabled user accounts. The logon name for each account needs to a combination of the user’s first initial and surname, the user needs to change their password at the initial logon and the default password needs to be set to the user’s surname. Tasks Detailed Steps 1. Create a new management agent to connect Active Directory to MMS by using the following parameters: • Name of the Management Agent: AD MA • Type of the Management Agent: Microsoft Active Directory Management Agent • Management Agent Mode: Association • Forest to discover: domain.nwtraders.msft • Username: domain\administrator • Password: password. a. In MMS Compass, in the directory pane, click computer_name (where computer_name is your assigned computer name). b. In the control pane, click Create New Management Agent. c. In the Create Management Agent dialog box, in the Name of the Management Agent box, type AD MA d. In the Type of the Management Agent box, click Microsoft Active Directory Management Agent, and then click Create. e. In the Configure the Management Agent dialog box, under Management Agent Mode, click Association. f. On the Active Directory Discovery Settings tab, in the Forest to discover box, type domain.nwtraders.msft (where domain is your assigned domain name). g. In the Username box, type domain\administrator in the Password box, type password. h. Leave the Configure the Management Agent dialog box open. 4 Lab A: Implementing a Central Account Scenario Using TAMA BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Tasks Detailed Steps 2. Configure the Active Directory Object Creation Settings by using the following parameters: • User Logon Name Construction: First initial and surname (Jsmith) • User Account Creation Settings: Enabled user • Password Generation Script: $sn • User must change password at next logon: Enabled. a. On the Active Directory Object Creation Settings tab click Account Settings. b. In the Account Settings dialog box, under User Logon Name Construction, click First initial and surname (JSmith). c. Under User Account Creation Settings, click Enabled user, and then click Edit the account password generation script. d. In the Edit the account password generation script dialog box, replace the current script with $sn and then click OK. e. In the Account Settings dialog box, ensure that User must change password at next logon is disabled. f. Click OK to close the Account Settings dialog box, and then click OK to close the Configure the Management Agent dialog box. g. In the Change password dialog box, type password and then click OK. h. Leave MMS Compass open. Lab A: Implementing a Central Account Scenario Using TAMA 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 3 Create an Advanced Flow Script for the HR MA In this exercise, you will create an Advanced Flow Script for the HR MA. This Advanced Flow Script will add the msMMS-ManagedByMA attribute to metaverse namespace entries that are created by the HR MA. Scenario One of the business requirements your organization needs to meet with MMS is to have user accounts created in Active Directory for each employee that is in the Human Resources database. The Active Directory management agent, by default, only creates contacts. To have the Active Directory management agent create users, you need to assign the msMMS-ManagedByMA attribute to all entries in the metaverse namespace that are created by the HR MA. Additionally, you need to assign the distinguished name of the Active Directory management agent as a value for the msMMS-ManagedByMA attribute. You will do this by creating an Advanced Flow Script for the HR MA. Tasks Detailed steps 1. Create an Advanced Flow Script for the HR MA to assign the following attribute and value to metaverse namespace entries created by the HR MA: • Attribute: msMMS- !ManagedByMA. • Value: ma=AD !MA,DsaName=server !,ou=Servers,dc=domai !n,dc=nwtraders,dc=m !sft a. In MMS Compass, click HR MA, and then in the control pane, click Attribute Flow. b. On the Advanced Flow Script tab type $mv.msMMS- ! !! !ManagedByMA = ma=AD ! !! !MA,DsaName=server,ou=Servers,dc=domain,dc=nwtraders,dc= ! !! !msft and then click OK. How can you determine the distinguished name of a management agent? Select the management agent, and then on the View menu, click All attributes. 1. (continued) c. Leave MMS Compass open. 6 Lab A: Implementing a Central Account Scenario Using TAMA BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 4 Connecting Microsoft Exchange Server 5.5 In this exercise, you will create a management agent for Microsoft Exchange Server 5.5. Scenario Before you can use TAMA to populate Microsoft Exchange Server 5.5, you need to create a management agent for Microsoft Exchange Server 5.5. Tasks Detailed Steps 1. Create a new management agent to connect Active Directory to MMS by using the following parameters: • Name of the Management Agent: Exchange MA • Type of the Management Agent: Microsoft Exchange (LDAP-based) Management Agent • Metaverse location: ou=metaverse,dc=domai n,dc=nwtraders,dc=msft • Management Agent Mode: Association • LDAP server address/name: server (where server is your assigned computer name) • LDAP TCP/IP port: 391 • Context prefix: ou=server,o=domain. • Login as: cn=administrator,cn=do main. • Login password: password a. In MMS Compass, in the directory pane, select your server. b. In the control pane, click Create New Management Agent. c. In the Create Management Agent dialog box, in the Name of the Management Agent box, type Exchange MA d. In the Type of the Management Agent box, click Microsoft Exchange (LDAP-based) Management Agent, and then click Create. e. In the Configure the Management Agent dialog box, on the Connected Directory Specifics tab, on the Mode and Namespace Management tab, in the Metaverse Location box, type ou=metaverse, before the current metaverse location. f. In the Configure the Management Agent dialog box, under Management Agent Mode, click Association. g. Click the Discovery tab. h. In the LDAP server address/name box, type computer_name. i. In the LDAP TCP/IP port box, type 391 j. In the Context prefix box, type ou=serversite,o=domain k. In the Login as box, type cn=administrator,cn=domain l. In the Login password box, type password m. Click Test your configuration. A message box appears indicating that your connection was successful. If the message box indicates that your connection was unsuccessful, confirm that all of the above parameters were entered correctly and then test your connection again. n. Click OK to close the Microsoft Metadirectory Services Flash Message message box, and then click OK to close the Configure the Management Agent dialog box. o. Leave MMS Compass open. Lab A: Implementing a Central Account Scenario Using TAMA 7 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 5 Operating the Management Agents In this exercise, you will operate the management agents that were created in the previous exercises. Scenario Now that you have created and configured the required management agents, the next step is to operate them in order to connect your directories to MMS. Tasks Detailed steps 1. Operate the HR MA and populate the Metadirectory with the organizational structure and users from the HR database. Review the Operator’s Log during the process. a. In MMS Compass, click HR MA, and then in the control pane, click Operate MA. b. In the Operate the Management Agent dialog box, click the Operational Settings tab. c. On the When Running the Management Agent tab, under Tasks to Run¸ ensure that both Discover Connected Directory and Update the Metadirectory are selected. d. Under Types of Objects to Process, ensure that both Process Organizing Structure and Process Users are selected. e. Click Run the Management Agent. f. Review the Operator’s Log for errors, and then click OK. Did the HR MA create entries in the connector namespace and the metaverse namespace? Why or why not? Yes. Since the HR MA is running in Reflector mode, entries were created in both the connector namespace and the metaverse namespace. Were the metaverse namespace entries assigned the msMMS-ManagedByMA attribute? Why or why not? Yes. The Advanced Flow Script for the HR MA assigned the msMMS-ManagedByMA attribute to the metaverse namespace entries it created. 1. (continued) g. Leave MMS Compass open. 8 Lab A: Implementing a Central Account Scenario Using TAMA BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Tasks Detailed Steps 2. Operate the AD MA to discover Active Directory. Review the Operator’s Log during the process. a. In the Directory pane, navigate to the management agents, click AD MA, and then in the Control pane, click Operate MA. b. Click Run the Management Agent. c. Review the Operator’s Log for errors, and then click OK. Did the AD MA create any entries in the metaverse namespace? Why or why not? No, the AD MA did not create entries in the metaverse namespace because it is operating in Association mode. 2. (continued) d. Leave MMS Compass open. 3. Operate the Exchange MA to discover Microsoft Exchange 5.5. Review the Operator’s Log during the process. a. In the Directory pane, click Exchange MA, and then in the Control pane, click Operate MA. b. Click Run the Management Agent. c. Review the Operator’s Log to ensure that the management agent completed successfully, and then click OK. Did the Exchange MA create any entries in the metaverse namespace? Why or why not? No, the Exchange MA did not create entries in the metaverse namespace because it is operating in Association mode. 3. (continued) d. Leave MMS Compass open. Lab A: Implementing a Central Account Scenario Using TAMA 9 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Exercise 6 Creating and Configuring TAMA Resources In this exercise, you will create and configure TAMA resources. Scenario Now that you have connected the Human Resources database, Active Directory, and Exchange Server 5.5 to MMS, you need to create TAMA resources. You will specify which management agent is associated with which resource and also, where in the connector namespace of a particular management agent TAMA will create connectors. For the Exchange MA, all connectors need to be created directly below the Recipients container so you will create a single, flat resource. For the Active Directory MA, you will want to add the Claims, Investigations, Marketing, and Sales organizational units, and all of the entries contained in those organizational units, to Active Directory. The entries in the MoneyDept organizational unit need to be added to an organizational unit in Active Directory called Accounting. You will create a complex resource to accomplish the first requirement and a flat resource to accomplish the second requirement. Tasks Detailed steps 1. Create a TAMA Resource for Exchange by using the following parameters: • Relative Name: Exchange Resource • Object Class: zcTaAccountResource • Distinguished Attribute: res a. In MMS Compass, in the control pane, click Bookmarks, and then click Servers. b. In the directory pane, double-click the Together Administration folder. c. In the directory pane, right-click and then click Insert. d. In the Insert Object Under dialog box, click the Custom tab. e. In the Relative Name box, type Exchange Resource f. In the Object Class list, select zcTaAccountResource. g. In the Distinguished Attribute box, type res Why use res as the Distinguished Attribute for TAMA Resources instead of cn? Using res allows you to easily tell the difference between TAMA Resources and other types of objects. 1. (continued) h. Click Insert to create the TAMA Resource. A dialog box appears when you click Insert. Notice that the dialog box does not have any text in the title bar. 10 Lab A: Implementing a Central Account Scenario Using TAMA BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Tasks Detailed Steps 2. Configure the Exchange Resource by using the following parameters: • Resource Description: TAMA Resource for Exchange • Management Agent: Exchange MA • Location Under MA (Optional): Recipients • Leaf Objects: person. a. On the Resource Information tab, in the Resource Description box, type TAMA Resource for Exchange b. Under Type of resource, ensure that Flat is selected. c. Click OK to close the dialog box, and then click Cancel to close the Insert Object Under dialog box. d. In the directory pane, double-click Exchange Resource. e. Click Select the MA. f. In the Select the MA dialog box, click Exchange MA, drag and drop it into the Management Agent box, and then click OK to close the Select the MA dialog box. g. Click Select a location. h. In the Select a location dialog box, expand Exchange MA, expand organization (where organization is your assigned Exchange organization), expand site (where site is your assigned Exchange site), click Recipients, drag and drop it into the Location Under MA (Optional) box, and then click OK to close the Select a location dialog box. i. Click the Object Classes tab. j. In the Leaf Objects box type person and then click OK to close the dialog box. 3. Create a TAMA Resource for Active Directory by using the following parameters: • Relative Name: Flat Active Directory Resource • Object Class: zcTaAccountResource • Distinguished Attribute: res a. Repeat the steps in Task 1 to create a TAMA Resource for Active Directory by using the following parameters: • Relative Name: Flat Active Directory Resource. • Object Class: zcTaAccountResource • Distinguished Attribute: res [...]... TRAINER PREPARATION PURPOSES ONLY 20 Lab A: Implementing a Central Account Scenario Using TAMA Tasks Detailed Steps Were the Claims, Investigations, Marketing, and Sales organizational units created? Were the entries from the MoneyDept organizational unit created below the Accounting organizational unit? Were the user accounts created as enabled or disabled accounts? Were the user logon names created... CERTIFIED TRAINER PREPARATION PURPOSES ONLY Lab A: Implementing a Central Account Scenario Using TAMA Tasks 3 17 Detailed Steps Verify that the Provisioning Agent management agent created connectors in the correct places in the Exchange MA and AD MA connector namespaces by navigating the relevant connector namespaces and answering the following questions a Verify that the Provisioning Agent management agent... c Leave MMS Compass open BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 16 Lab A: Implementing a Central Account Scenario Using TAMA Exercise 8 Operating the Management Agents In this exercise, you will operate the Provisioning Agent, the Active Directory MA, and the Exchange MA to allow TAMA to create the required accounts in the appropriate directories Scenario Now that you... users are required to change their passwords at the next log on 7 (continued) b Close Active Directory Users and Computers BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Lab A: Implementing a Central Account Scenario Using TAMA 21 Exercise 9 Adding New Accounts Using TAMA In this exercise, you will add two new employees to the Human Resources database and use TAMA to automatically.. .Lab A: Implementing a Central Account Scenario Using TAMA Tasks 11 Detailed Steps Configure the Flat Active Directory Resource by using the following parameters: • • Location Under MA (Optional): Accounting • 5 Management Agent: AD MA Leaf Objects: person Create a second TAMA Resource for Active Directory by using the following parameters: • Relative Name: Complex Active Directory... 22 Lab A: Implementing a Central Account Scenario Using TAMA Tasks Detailed Steps Were connectors added to the AD MA and Exchange MA connector namespaces for the two new hires? Yes, entries were created for both new hires in both places Operate the AD MA and the Exchange MA to add the new entries to Active Directory and Exchange Check the Operator’s log for errors a In MMS Compass, operate the AD MA... the Operate the Management Agent dialog box h 5 (continued) Leave MMS Compass open a From the Microsoft Exchange menu, open Microsoft Exchange Administrator b Navigate to the Recipients container if necessary BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Lab A: Implementing a Central Account Scenario Using TAMA Tasks 19 Detailed Steps Were the Exchange mailboxes created? Yes,... A: Implementing a Central Account Scenario Using TAMA 13 Exercise 7 Assigning TAMA Resources to Account Profiles In this exercise, you will assign TAMA resources to Account Profiles You will use both direct assignment and assignment by using TAMA rules Scenario Now that you have created the required TAMA Resources, the next step is to assign those resources to account profiles Recall that the business... that you have created the required TAMA Resources and assigned them to the appropriate Account Profiles, you are ready to use TAMA to populate Active Directory and Exchange with the accounts in the metaverse namespace that were created by the HR MA Tasks Detailed steps 2 Configure the Provisioning Agent management agent to operate only on the metaverse namespace entry and subordinate entries Operate the... are assigning the other two resources? The Flat Active Directory Resource should only be assigned to the MoneyDept organizational unit Assigning it to the metaverse namespace entry would cause it to be assigned to all subordinate entries BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 14 Lab A: Implementing a Central Account Scenario Using TAMA Tasks Detailed Steps Can you assign . Lab A: Implementing a Central Account Scenario Using TAMA Objectives After completing this lab, you will be able to: ! Create and configure TAMA. $mv.zcTaAccountResourceDNs += res=Flat Active !Directory Resource,$v_TAMABaseDN endif Lab A: Implementing a Central Account Scenario Using TAMA 15