Contents Overview 1 What is a Metadirectory? 2 The Business Needs for a Metadirectory 3 Overview of Microsoft Metadirectory Services 9 MMS Directory Elements 13 How Information Flows in MMS 17 Centralized vs. Distributed Management of Data 19 Review 20 Module 1: Introduction to MMS BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles. Replace this example list with list of trademarks provided by copy editor. Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. <This is where mention of specific, contractually obligated to, third party trademarks, which are added by the Copy Editor> The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Module 1: Introduction to MMS i BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Instructor Notes Instructor_notes.doc Presentation: xx Minutes Lab: xx Minutes Module 1: Introduction to MMS 1 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Overview ! What is a Metadirectory? ! The Business Needs for a Metadirectory ! Overview of Microsoft Metadirectory Services ! MMS Directory Elements ! How Information Flows in MMS ! Centralized vs. Distributed Management of Data Microsoft ® Metadirectory Services (MMS) version 2.2 is a centralized service that stores and integrates identity information from multiple directories in an organization. The goal of a metadirectory is to provide to an organization with a unified view of all known identity information about users, applications, and network resources. A metadirectory solves important business issues that result from having information being stored in multiple, disparate data repositories throughout an organization. The success in planning and implementing a metadirectory solution by using MMS relies on how well you understand your organization’s business reasons for a metadirectory, the logical structure of MMS, and how MMS works. At the end of this module, you will be able to: ! Describe the purpose of a metadirectory. ! Describe the business solutions that a metadirectory provides for an organization's data management requirements. ! Describe the functions of the components that comprise MMS. ! Describe the directory elements of MMS, including the directory tree, object entries, and entry attributes. ! Describe the flow of information within MMS. ! Differentiate between managing data in the metadirectory or managing data in the connected directory. Topic Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about Microsoft Metadirectory Services, how MMS meets the data management needs of an organization, the logical components of MMS, and how information flows in MMS. The goal of this module is to give you a high level understanding of MMS upon which subsequent modules in this course will build. 2 Module 1: Introduction to MMS BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY What is a Metadirectory? Metadirectory Metadirectory Suzan Fine Logon name E-mail alias Cost center Employee # Suzan Fine Logon name E-mail alias Cost center Employee # ERP Database ERP ERP Database Database Fine, Suzan Title Cost center Manager Fine, Suzan Title Cost center Manager Directory Service Directory Directory Service Service Sfine Logon name Full Name DN Sfine Logon name Full Name DN E-mail Directory E E - - mail mail Directory Directory Suzanf Display name E-mail alias Phone # Suzanf Display name E-mail alias Phone # HR Database HR HR Database Database Suzan Fine Title Employee # Salary Suzan Fine Title Employee # Salary A metadirectory is a service that collects information from different data sources throughout an organization and then joins all or part of that information into an integrated, unified view. This unified view presents all of the information about an object, such as a person or network resource, that is contained throughout the organization. In most organizations, this information is typically scattered in different directories, databases, and other data repositories throughout the Information Technology (IT) infrastructure. The metadirectory: ! Joins all the information about each person or resource into a single entry. ! Removes redundant or conflicting information. ! Presents back out to the organization the unified view of all known information about each person or resource. After all the information about a person or resource is joined together in the metadirectory, you can apply rules about how this information is managed and how changes to this information flow back out to all the directories that are connected to the metadirectory. Therefore, the metadirectory propagates any changes that originate in one directory to the other directories in the organization. Topic Objective To describe the purpose of a metadirectory. Lead-in A metadirectory is a repository that contains identity information about all people within an enterprise, even if the identify information originates from disparate directories or databases within that enterprise. Module 1: Introduction to MMS 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # The Business Needs for a Metadirectory ! Identity Is the Summary of Information About People, Applications, or Resources ! A Metadirectory Manages Identity Information By: $ Aggregating identity information $ Managing identity information $ Managing changes and updates $ Managing information integrity A metadirectory solution integrates and manages the identity information for an entire organization. Identity is the summary of information about people, applications, and resources that is contained in different and often incompatible directories and databases throughout the organization. Most often, organizations acquire disparate systems because each system provides the best solution to a business need, not because a system works well together with the other systems. Different systems within an organization make it difficult, if not impossible, to integrate and manage identity information. Additionally, the complexity of managing identity information increases each time the organization deploys an additional application or platform. Therefore, the primary challenges faced by organizations are the cost and complexity of supporting many different systems that contain identity information. A metadirectory meets the business needs by providing the following identity management solutions: ! Aggregating identity information. ! Managing identity information. ! Managing changes to identity information. ! Managing the integrity of identity information. Identity information associated with people includes names, mailboxes, employee numbers, and job titles. Identity information for applications includes the network addresses where clients can find servers and lists of services that applications provide. Identity information for network resources, such as a printer, includes physical location and the printing capabilities it supports. Topic Objective To introduce the business needs for a metadirectory. Lead-in Provide examples of identity data for people, applications, and network resources. Note 4 Module 1: Introduction to MMS BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Aggregating Identity Information Metadirectory Metadirectory Suzan Fine E-mail alias Mailbox Logon name Phone # Title Employee # Suzan Fine E-mail alias Mailbox Logon name Phone # Title Employee # E-mail Directory E E - - mail mail Directory Directory Suzanf E-mail alias Mailbox Suzanf E-mail alias Mailbox HR Database HR HR Database Database Suzan Fine Title Employee # Suzan Fine Title Employee # Directory Service Directory Directory Service Service Sfine Logon name Phone # Sfine Logon name Phone # ! A Metadirectory Aggregates Identity Information By: $ Joining identity information from multiple directories $ Presenting a single view of all identity information for users and resources $ Providing a single point of access and administration A metadirectory allows you to collect identity information from several different directories and then join that information into a logical view that represents the sum of all identity information for a given object. Business Problem In most organizations, identity information exists in many different data repositories. This situation creates the following issues: ! Duplication of identity information. Different directories often contain duplicate information about the same person or resource. ! Incompatibilities between directories that hold identity information. These incompatibilities include different naming conventions, different directory schemas, and different data formats. ! Identify information resides in multiple locations. This creates a situation where administrators, applications, and users have to access many different data repositories to manage or obtain information about a single person or resource. Additionally, the number of places where organizations must manage identity information increases with the addition of new systems. Topic Objective To describe how a metadirectory aggregates identity information to solve the business problems of multiple, disparate directories. Lead-in Point out in the preceding illustration how each pair of attributes from each directory is concatenated into the entry in the metadirectory. Module 1: Introduction to MMS 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Solution To solve the issues resulting from identity data that resides in multiple repositories, join the data for a specific person or resource in the metadirectory to create a single entry that contains some or all of the identity information from each directory. The result is that the metadirectory presents a single, unified view that contains some or all of the attributes from the different directories, regardless of whether the directories are compatible or not. Because it presents a unified view of identity information, the metadirectory also provides one place where administrators, applications, and users can access or manage the identity information for a specific object. For example, identity information about a user named Suzan Fine is stored in different directories, and each directory stores different types of identify information. Additionally, this data about Suzan Fine is stored under a different name in each directory. The metadirectory solves this issue by joining all the identity information about Suzan Fine in one entry in the metadirectory. 6 Module 1: Introduction to MMS BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Managing Identity Information ! A Metadirectory Manages Identity Information By: $ Flowing identity information between directories $ Synchronizing identity information between directories $ Establishing rules that determine the authoritative source for identity information Metadirectory Metadirectory Title Email alias Logon name Title Email alias Logon name Directory Service Directory Directory Service Service Sue Fine Logon name Sue Fine Logon name E-mail Directory E E - - mail mail Directory Directory Susan Fine Email alias Susan Fine Email alias HR Database HR HR Database Database Suzan Fine Title Suzan Fine Title Suzan Fine Suzan Fine Suzan Fine A metadirectory allows you to manage identity information by controlling the flow of identity information between directories. This capability enables you to determine what data from each directory to included in the metadirectory entry. Business Problem Different directories often contain conflicting identity information about the same person or resource. Additionally, the department or IT group that owns and manages the data in a specific directory usually believes that their data is authoritative compared to similar data that resides in a different directory. In these cases, data owners are often reluctant to give up control of their data. Solution To solve issues resulting from conflicting identity information, use the metadirectory to manage the flow of identity information between directories to resolve conflicts in identity information throughout the organization. For each metadirectory entry, you can determine what specific identify information from each directory to import into the metadirectory. To solve data ownership issues, you can also establish rules to determine which directory contains the authoritative value for a specific attribute in a metadirectory entry and have the metadirectory update the other directories with the authoritative value. For example, the name attribute in the HR database has the value of “Suzan Fine”, the e-mail directory uses a value of “Susan Fine” and the directory services database uses a value of “Sue Fine”. After determining that the metadirectory entry will have a name attribute, you can specify that the value in the HR database must be used in the metadirectory entry. Additionally, you can specify that the name attribute value in the HR database is authoritative and that this value will be used to update the name attributes in both the e-mail directory and directory services database. Topic Objective To describe how a metadirectory solves the business problem of managing identity data that resides in different directories. Lead-in [...]... metadirectory to common directories, such as Windows NT, Active Directory, Exchange, Lotus Notes, Novell NDS, cc:Mail, and Banyan VINES Additionally, MMS includes a generic management agent that you can customize to work with a proprietary directory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Introduction to MMS 13 # MMS Directory Elements Topic Objective To introduce... Protocol (LDAP)-based administrative tool called MMS Compass Because MMS supports the LDAP protocol, you can use other LDAP-based applications to access the metadirectory MMS also supports the Hypertext Markup Language (HTML) protocol, which enables you to use a Web browser to access and manage the metadirectory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Introduction. .. to MMS 11 Management Agents Topic Objective To describe the function of management agents ! Move Data Into and Out of the Metadirectory Lead-in ! Connect a Specific Directory to the Metadirectory ! Synchronize Data from a Connected Directory With the Metadirectory $ Synchronize directory entries $ Synchronize entry attributes ! Are Controlled by Scripts, Templates, and Other Configuration Files ! MMS. . .Module 1: Introduction to MMS 7 Managing Changes to Identity Information Topic Objective To describe how a metadirectory solves the business problem of managing changes to identify information Lead-in ! A Metadirectory Manages Changes to Identity Information By: $ $ Detecting changes made to identity information Propagating changes to all directories Suzan Fine Suzan Fine... attributes, in the preceding illustration, would be Fine, 555 -12 34, and sfine@nwtraders.msft BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Introduction to MMS 15 The MMS Directory Tree Topic Objective To describe the MMS directory tree Lead-in The Known Universe msft nwtraders Root of the Root of the Directory Tree Directory Tree metaverse Accounting Claims Investigations... directory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 20 Module 1: Introduction to MMS Review Topic Objective To reinforce module objectives by reviewing key points Lead-in The review questions cover some of the key concepts taught in the module ! What is a Metadirectory? ! The Business Needs for a Metadirectory ! Overview of Microsoft Metadirectory Services ! MMS Directory... metadirectory that contains the integrated identity information from multiple connected directories The metaverse presents the integrated view of joined objects BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 10 Module 1: Introduction to MMS ! MMS clients The client component of MMS allows you to view and administer the contents of the metadirectory MMS includes a Lightweight Directory... attributes of an entry BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module 1: Introduction to MMS 17 How Information Flows in MMS Topic Objective To describe how information flows between the metadirectory and connected directories Lead-in Metadirectory Metadirectory Metaverse Namespace Connector Namespace Suzan Fine Suzan Fine Suzan Fine Suzan Fine Full Name Full Name Title Title... metadirectory A management agent takes data from the connected directory and imports that data into the metadirectory When data in the metadirectory is modified, the management agent also exports the data back out to the connected directory to keep the metadirectory synchronized with the connected directory There is one management agent for each connected directory ! Metadirectory The MMS metadirectory... entries Understanding the underlying elements of the MMS metadirectory implementation provides important foundation knowledge that will be useful as you prepare to implement MMS BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 14 Module 1: Introduction to MMS Object Entries and Attributes Topic Objective To define the directory elements of object entry, object class, attributes, . will be useful as you prepare to implement MMS . Topic Objective To introduce the topics of MMS directory elements. Lead-in 14 Module 1: Introduction to MMS BETA MATERIALS FOR MICROSOFT. can customize to work with a proprietary directory. Module 1: Introduction to MMS 13 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # MMS Directory Elements. Hypertext Markup Language (HTML) protocol, which enables you to use a Web browser to access and manage the metadirectory. Module 1: Introduction to MMS 11 BETA MATERIALS FOR MICROSOFT CERTIFIED