Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 30 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
30
Dung lượng
0,96 MB
Nội dung
Contents Overview 1 Introduction to Advanced MA Configuration 2 Managing Changes to Metadirectory Data 4 Creating Inclusion and Exclusion Filters 6 Configuring Specific Management Agents 7 Lab A: Creating and Configuring an Active Directory ManagementAgent 15 Processing Foreign Entries 16 Lab B: Processing Foreign Entries 22 Best Practices 23 Review 24 Module6:PerformingAdvancedManagementAgentConfiguration BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles. The publications specialist replaces this example list with the list of trademarks provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. <The publications specialist inserts mention of specific, contractually obligated to, third-party trademarks, provided by the copy editor> Other product and company names mentioned herein may be the trademarks of their respective owners. Module6:PerformingAdvancedManagementAgentConfiguration i BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Instructor Notes Instructor_notes.doc Presentation: xx Minutes Lab: xx Minutes Module6:PerformingAdvancedManagementAgentConfiguration 1 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Overview ! Introduction to Advanced MA Configuration ! Managing Changes to Metadirectory Data ! Creating Inclusion and Exclusion Filters ! Configuring Specific Management Agents ! Processing Foreign Entries ! Best Practices Management agents are the key to the metadirectory because they integrate the data in each connected directory through synchronization. The overall process of synchronization using a managementagent is controlled by the managementagent control scripts. Microsoft ® Metadirectory Services version 2.2 (MMS) includes a number of predefined management agents, each of which is configured to integrate information in a specific type of connected directory. You create and configure a Generic managementagent to gather information from a connected directory that is not supported by a specific predefined management agent. In addition, in a predefined management agent, you can manage changes to metadirectory data, configure inclusion and exclusion filters to process connected directory entries selectively, and process foreign entries. At the end of this module, you will be able to: ! Describe advancedmanagementagentconfiguration options. ! Manage changes to metadirectory data. ! Create inclusion and exclusion filters to process connected directory entries selectively. ! Configure directory-specific options in a particular management agent. ! Configure a managementagent to process foreign entries. ! Identify best practices for performingadvancedmanagementagent configuration. Topic Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about performingadvancedmanagementagent configuration. 2 Module6:PerformingAdvancedManagementAgentConfiguration BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Introduction to Advanced MA Configuration Metadirectory Connector Namespace Connector Namespace Connector Namespace Connector Namespace Metaverse Namespace Metaverse Metaverse Namespace Namespace Connector Namespace Connector Namespace Configure MAs for Specific Requirements Configure MAs for Configure MAs for Specific Specific Requirements Requirements Exchange Server 5.5 MA Active Directory MA SQL Server SQL Server SQL Server Exchange Server 5.5 Exchange Exchange Server 5.5 Server 5.5 Active Directory Active Active Directory Directory Generic MA When creating a management agent, you typically use a predefined management agent. A predefined managementagent provides the components required to extract information from a connected directory (for example, e-mail systems, network operating systems, and other directory systems) into files, synchronize those files with the metadirectory, and produce updated files containing changes that are sent to the connected directory. After creating the management agent, you can use the advancedconfiguration options in that managementagent to fine-tune functionality, depending on the requirements of your organization. All management agents consist of a control script that determines what happens when you run the management agent. The control script specifies a series of programs that are run on the MMS Server and provides the parameters that management agents need from the metadirectory to update connected directories. There are three phases of managementagent operations: discovery, synchronization, and update. Each of these phases is under the control of a managementagent control script. The configuration options in all of these phases vary by managementagent type. Some of the configuration options, such as Prime Namespace, metaverse namespace renaming, and inclusion and exclusion filters, are common to all types of management agents. However, there are other configuration options that are specific to a particular management agent. Topic Objective To describe advancedmanagementagentconfiguration options. Lead-in Module6:PerformingAdvancedManagementAgentConfiguration 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY MMS contains several predefined management agents. Some examples of predefined management agents are; Generic, Microsoft Exchange Server 5.5, and Active Directory. The following is a brief list of some of the specific configuration options that can be set for Generic, Microsoft Exchange Server 5.5, and Active Directory management agents: ! When configuring Generic management agents, the advancedconfiguration options include specifying advanced discovery parameters, Foreign Users parameters, and New Users Creation parameters. ! When configuring Lightweight Directory Access Protocol (LDAP) management agents, such as Microsoft Exchange Server 5.5, the advancedconfiguration options include the advanced discovery parameters, such as single-level searches versus subtree searches, and using anti-trawling measures. The LDAP management agents also include options for list of display names, managing Exchange Server 5.5 custom recipients, creating new mailboxes, and list of LDAP attributes to discover. ! When configuring Active Directory ™ directory service-based management agents, the advancedconfiguration options include specifying a list of domains to discover, and a list of objects to create. 4 Module6:PerformingAdvancedManagementAgentConfiguration BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Managing Changes to Metadirectory Data Configure the ManagementAgent Connected Directory Specif ics Metadirectory Relationships Personal Names Inclusions and Exclusions Discovery Parameters Mode and Namespace Management Foreign Users New Users Creation Metaverse Location: o=Focus Inc,c=US ManagementAgent Mode Reflector Association Creator Select this managementagent as the “Prime Namespace” Configure the ManagementAgent Connected Directory Specifics Metadirectory Relationships Personal Names Inclusions and Exclusions Configuration Metaverse Re naming Configure The Join Effect of CD Name Changes Don’t reflect CD name changes in the metaverse Normally, a CD name change in a reflector managementagent updated the metaverse name accordingly. This option suppresses this behavior. Connected Directory Anchor Attribute Name of your CD Anchor Attribute: The Connected Directory Anchor Attribute is used to recognize Connected Directory namespace changes (it remains constant when, for example, a surname changes or a person moves from one organization to another) Determines the Location of an Entry Creation in the Metaverse Determines the Location of an Entry Creation in the Metaverse Disables the Default Behavior of MA Disables the Default Behavior of MA Ties Together the Object Entries in a Connector Namespace and a Connected Directory Ties Together the Object Entries in a Connector Namespace and a Connected Directory The location of an entry in the connector namespace can differ from the location of the corresponding entry in the metaverse namespace due to a difference in the organizational structure. MMS allows you to configure managementagent options, such as Prime Namespace and Metaverse Renaming, to handle the task of matching the entries in the metaverse namespace and the connector namespace. Designating a Prime Namespace Designating a managementagent that operates in Reflector mode as Prime Namespace allows the managementagent to take precedence over the other management agents when naming entries in the metaverse namespace. For example, if you have two management agents operating in Reflector mode that have different metaverse namespace naming rules that are used to establish the distinguished name, the Prime Namespace managementagent determines where the entry is created in the metaverse namespace. Prime Namespace creates the same organizing structure in the metaverse namespace that is in the connector namespace. If the organizing structure changes, or if an object’s distinguished name changes in the connector namespace, the changes will also occur in the metaverse namespace. You can also designate Prime Namespace if you have other management agents that use the function $SET_REFLECTION(“ON/OFF”) in their Construction templates, and you want to override management agents’ distinguished name rules for placing object entries in the metaverse namespace and a join is not possible. Topic Objective To manage changes to metadirectory data. Lead-in Delivery Tip Demonstrate how to designate Prime Namespace and enable the Metaverse Renaming options in MMS Compass. Module6:PerformingAdvancedManagementAgentConfiguration 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Enabling Metaverse Renaming If a person in a connected directory changes his or her name (due to marriage or a data entry error) or changes another distinguished name component (such as organizational unit), the managementagent may treat the entry as representing a different person, this would trigger a deletion of the old record and it would add a new record. It can become difficult or impossible for the managementagent to relate that person to an existing entry, based on the old name in the metaverse namespace. The Connected Directory Name Changes and Anchor Attribute options on the Metaverse Renaming tab help solve this problem. ! Connected Directory Name Changes. The same person may have a different name in the metaverse namespace and in the connected directory. In such a situation, a managementagent in Reflector mode normally renames the entry in the metaverse namespace to correspond to the connected directory name, no matter what the flow rules. Selecting the Don't reflect CD name changes in the metaverse option disables this default behavior. The name is the most specific part of the entry's distinguished name, that is, its relative distinguished name. Changes to the other parts of a distinguished name are controlled by the Prime Namespace setting. ! Anchor Attribute. An anchor attribute is used to associate connector namespace object entries and connected directory object entries. A unique attribute in the connected directory, such as an employee ID, is the best candidate to establish as an anchor attribute. Not configuring an anchor attribute to associate the connector namespace and connected directory entries can be problematic. Without an anchor attribute, MMS uses the distinguished name to associate the connector namespace entry to the connected directory entry. For example, if an employee changes her name (that is, through marriage or divorce), you want the metaverse namespace and connector namespace entries to be renamed. Because the distinguished name changed, MMS will delete the connector namespace entry for the old name and then insert a new connector namespace entry for the new name. The delete and insert may be problematic because it may result in lost data during the deletion. The anchor attribute for a given connected directory must be a unique identifier with respect to that connected directory. The unique identifier must not change throughout the lifetime of an object. Important 6 Module6:PerformingAdvancedManagementAgentConfiguration BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Creating Inclusion and Exclusion Filters Configure the ManagementAgent Connected Directory Specifics Metadirectory Relationships Personal Names Inclusions and Exclusions Metadirectory Connected Directory Foreign Entries New Accounts Exclusions Inclusions message 100 $embedded (“groupOfNames’,$v_objClass) = T $v_ldapObject ! LIST message 101 $embedded (“Remote-Address’,$v_objClass) = T $MA($zcExchangeExcludeCustomRecipients) = TRUE Filter is Applied to the Import File Filter is Applied to the Import File Exclusion Rules Exclusion Rules Filter is Applied to the Metaverse Namespace Filter is Applied to the Metaverse Namespace Filter is Applied to the Connector Namespace Filter is Applied to the Connector Namespace Filter is Applied to Any Metaverse Namespace Portion that is Dragged to Connector Namespace Filter is Applied to Any Metaverse Namespace Portion that is Dragged to Connector Namespace The inclusion and exclusion filters define the directory namespace boundaries within which a managementagent locates entries. The inclusion filter specifies which entries in the import file extracted from the connected directory during the discovery phase must be included in the metadirectory update. The exclusion filter specifies which entries in the import file extracted from the connected directory during the discovery phase must not be included in the metadirectory update. The inclusion and exclusion filters can be used in place of each other, or along with each other. The inclusion and exclusion filters consist of a series of rules that are labeled message #. The rules contain one or more conditional statements written in the template language. There is an implicit AND between each condition in a condition group, and there is an implicit OR between each group. Inclusions are processed before exclusions. There are different filters for each phase of an update cycle. The type of entries being updated identifies these filters. The following list describes the different filters for each phase of an update cycle: ! Metadirectory. This filter is applied to the import file when you update the metadirectory. ! Connected Directory. This filter is applied to the connector namespace when you construct a create file to send to a connected directory. ! Foreign Entries. This filter is applied to the metaverse namespace when you create an export file to send to a connected directory. ! New Accounts. This filter is applied to any portion of the metaverse namespace that you drag to the connector namespace to create new connected directory accounts. Topic Objective To create inclusion and exclusion filters to process connected directory entries selectively. Lead-in Explain briefly what are foreign entries, if students want more information about foreign entries, ask them to see the “Processing Foreign Entries” topic in this module. Delivery Tip Demonstrate how to set inclusion and exclusion filters for the metadirectory, connected directory, foreign entries, and new accounts. [...]... CERTIFIED TRAINER PREPARATION PURPOSES ONLY 10 Module6:PerformingAdvancedManagementAgentConfiguration Configuring the Exchange Server 5.5 MA Topic Objective To configure the Exchange Server 5.5 predefined managementagent Lead-in Create ManagementAgent Name the Management Agent: Exchange MA Type of the Management Agent: Microsoft Active Directory ManagementAgent Create Exchange Create Exchange 5.5... MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module6:PerformingAdvancedManagementAgentConfiguration 13 Configuring the Active Directory MA Topic Objective To configure the Active Directory predefined managementagent Lead-in Create ManagementAgent Name the Management Agent: AD MA Type of the Management Agent: Microsoft Active Directory ManagementAgent Create Cancel Create Active Create Active... management agents, see appendix A, AdvancedConfiguration Options in Predefined MAs,” on the Student Materials compact disc BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 8 Module6:PerformingAdvancedManagementAgentConfiguration Configuring the Generic MA Topic Objective To configure the Generic managementagent Create ManagementAgent Name the Management Agent: SQL.. .Module 6:PerformingAdvancedManagementAgentConfiguration 7 # Configuring Specific Management Agents Topic Objective To introduce topics related to configuring specific management agents ! Configuring the Generic MA Lead-in ! Configuring the Exchange Server 5.5 MA ! Configuring the Active Directory MA You can configure a managementagent by editing templates and scripts within the predefined management. .. managementagent Finally, you will configure a managementagent to process foreign entries Explain the lab objectives Lab .doc BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module6:PerformingAdvancedManagementAgentConfiguration 23 Best Practices Topic Objective To identify best practices for performingadvancedmanagementagentconfiguration Establish a Unique Attribute As an... PURPOSES ONLY 20 Module6:PerformingAdvancedManagementAgentConfiguration Configuring Transactions Using Delta Operations Topic Objective To configure transactions by using delta operations Lead-in Operate the ManagementAgent Specify Import File Specify Import File Contains Deltas Contains Deltas ManagementAgent Logs Operational Settings Intermediate Files When Running the ManagementAgent Logging... ONLY Module6:PerformingAdvancedManagementAgentConfiguration 25 3 You need to create a custom managementagent for an Accounting connected directory The Accounting administrator is providing you with a flat file of the data You would like to retrieve the file from a remote server when running the managementagent What is the simplest way to retrieve the file? Create a Generic management agent, ... an example control script in a Generic managementagent Explain the code used in the example The simplest way to build a custom managementagent is to modify an existing managementagent by creating an instance of it and editing its templates and script The Generic managementagent is a starting point to build a managementagent The Generic managementagent has no templates and a limited control script... made by management agents, which usually include the majority of the changes You can specify whether or not an individual managementagent writes its changes to the transaction stack by using MMS Compass to configure the managementagent The default setting is to write to the transaction stack BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module6:PerformingAdvanced Management. .. access the managementagent' s attributes by enclosing the attribute name in percent signs, %attribute% %attribute% is replaced by its current value before running the script BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Module6:PerformingAdvancedManagementAgentConfiguration 9 The control script is modified to specify the discovery mechanism the custom managementagent will . of the module topics and objectives. Lead-in In this module, you will learn about performing advanced management agent configuration. 2 Module 6: Performing. Objective To describe advanced management agent configuration options. Lead-in Module 6: Performing Advanced Management Agent Configuration 3 BETA MATERIALS