Step 6: Create AD Environment and Connector

Creating the initial environment consists of creating a test OU, two test users in Active Directory, a SQL database and table and then populating the the SQL table.

• Create the ECMA2 OU in Active Directory

• Create Test Users

• Set additional Attributes on our Users

• Create the AD Management Agent

• Create the run profiles for the AD management agent

Create the ECMA2 OU in Active Directory

In this step we will be creating one OU. This OU will be used to contain our Active Directory test users.

To Create the ECMA2 OU in Active Directory

1. Log on to DC1 as corp\Administrator.

2. Click Start, select Administrative Tools, and then click Active Directory Users and Computers. This will open the Active Directory Users and Computers MMC.

3. In the Active Directory Users and Computers MMC, from the tree-view on the left, right-click corp.fabrikam.com, select New, and then select Organizational Unit.

4. In the Name text box, type the following text, and then click OK:
   ECMA2

5. Close Active Directory Users and Computers.

Table 5 - Required Accounts

First Name	Last Name	User logon name	Display name	Forest	Password
Britta	Simon	bsimon	Britta Simon	corp.contoso.com	Pass1word$
Lola	Jacobson	ljacobson	Lola Jacobson	Corp.contoso.com	Pass1word$

To create the test User Accounts

1. Still on DC1, in Active Directory Users and computers, right-click ECMA2, select New and then select User. This will bring up the New Object – User window.

2. On the New Object – User screen, in the First Name box, enter Britta.

3. On the New Object – User screen, in the Last Name box, enter Simon.

4. On the New Object – User screen, in the User logon name: box, enter bsimon and click Next.

5. On the New Object – User screen, in the Password box, enter Pass1word$.

6. On the New Object – User screen, in the Confirm Password box, enter Pass1word$.

7. On the New Object – User screen, remove the check from User must change password at next logon.

8. On the New Object – User screen, add a check to Password never expires and click Next.

9. Click Finish.

10. Repeat these steps for all of the accounts listed in the Account Summary table.

Set additional Attributes on our Users

In this step we will set employee ID and employee type on our users.

To Set additional Attributes on our Users

1. In the Active Directory Users and Computers MMC, select the ECMA2 OU.

2. Select Britta Simon, right-click and select Properties.

3. Click the Attribute Editor tab. Ensure that Advanced Features is enabled.

4. Scroll down to employeeID, click edit, enter 10 for the value and click Apply.

   

5. Scroll down to mail, click edit, enter bsimon@corp.contoso.com for the value and click Apply. Click OK.

6. Select Lola Jacobson, right-click and select Properties.

7. Click the Attribute Editor tab. Ensure that Advanced Features is enabled.

8. Scroll down to employeeID, click edit, enter 11 for the value and click OK.

9. Scroll down to mail, click edit, enter ljacobson@corp.contoso.com for the value and click Apply and click OK.

Create the AD Management Agent

Now we will create the Active Directory management agent in the synchronization service.

To create the AD management agent

1. Log on to FIM1 as CORP\Administrator.

2. Click Start, click All Programs, click Microsoft Forefront Identity Manager, and then click Synchronization Service.

3. In the Synchronization Service, click the Management Agents button at the top.

4. In the Management Agents view, on the right, under Actions, click Create. This will bring up the Create Management Agent dialog box.

5. On the Create Management Agent screen, under Management Agent for, select Active Directory Domain Services. Under Name enter AD and then click Next.

   

6. On the Connect to Active Directory Forest screen, enter corp.contoso.com for Forest name. Enter Administrator for the User name. Enter Pass1word$ for the Password. Enter CORP for the Domain. Click Next.

   

7. On the Configure Directory Partitions screen, under Select directory partitions, put a check in DC=corp,DC=contoso,DC=com. Under Select containers for this partition, click the Containers button. This will bring up the Select Containers dialog box.

8. On the Select Containers screen, clear the check in the root DC=corp,DC=contoso,DC=com box. This will remove the check marks in all of the boxes. Now place a check in the ECMA2 box. Click OK. This will close the Select Containers dialog box.

   

9. On the Configure Directory Partitions screen, click Next.

   

10. On the Configure Provisioning Hierarchy screen click Next.

    

11. On the Select Object Types screen, check user and then click Next.

    

12. On the Select Attributes screen, place a check in the Show All box in the upper-right.

13. On the Select Attributes screen, place a check in the box for each attribute in the following list. When finished click Next.

    • cn

    • displayName

    • employeeID

    • samAccountName

    • givenName

    • mail

    • sn

    

14. On the Configure Connector Filter dialog box, click Next.

    

15. On the Configure Join and Projection Rules dialog box, select user and then click New Projection Rule. This will bring up the Projection dialog box.

16. On the Projection dialog box select Declared and then click OK. This will close the Projection dialog box.

17. On the Configure Join and Projection Rules dialog box, click Next.

    

18. On the Configure Attribute Flow dialog box, under Data source object type select user.

19. On the Configure Attribute Flow dialog box, under Metaverse object type select person.

20. On the Configure Attribute Flow dialog box, under Data source attribute select samAccountName.

21. On the Configure Attribute Flow dialog box, under Mapping Type select Direct.

22. On the Configure Attribute Flow dialog box, under Flow Direction select Import.

23. On the Configure Attribute Flow dialog box, under Metaverse attribute select accountName.

24. On the Configure Attribute Flow dialog box, click New. This flow rule will appear above. Repeat these steps for each attribute in the following table. When finished, click Next.

    Table 1 – Attribute Flow

    Data Source Attribute	Flow Direction	Metaverse attribute
    samAccountName	Import	accountName
    mail	Import	mail
    employeeID	Import	employeeID
    displayName	Import	displayName
    givenName	Import	firstName
    sn	Import	lastName
    displayName	Export	displayName
    mail	Export	mail
    employeeID	Export	employeeID
    givenName	Export	firstName
    sn	Export	lastName

    

25. On the Configure Deprovisioning dialog box, click Next.

    

26. On the Configure Extensions dialog box, click Finish.

    

Create the run profiles for the AD management agent

Now that the AD management agent has been created, you will need to create run profiles for the management agent.

To Create the run profiles for the AD management agent

1. In the Synchronization Service, on the right of the portal page, under Actions menu, click Configure Run Profiles. This opens the Configure run Profiles window.

2. Click New Profile. This will begin the Configure Run Profile wizard.

3. On the Profile Name page, in the text box under Name, type the following, and then click Next:
   Full Import

4. On the Configure Step page, from the drop-down list under Type, select Full Import (Stage Only), and then click Next.

5. On the Management Agent Configuration page, click Finish.

6. Click New Profile. This will begin the Configure Run Profile wizard.

7. On the Profile Name page, in the text box under Name, type the following, and then click Next:
   Export

8. On the Configure Step page, from the drop-down list under Type, select Export, and then click Next.

9. On the Management Agent Configuration page, click Finish.

10. Click New Profile.

11. On the Profile Name page, in the text box under Name, type the following text, and then click Next:
    Full Synchronization

12. On the Configure Step page, from the drop-down list under Type, select Full Synchronization, and then click Next.

13. On the Management Agent Configuration page, click Finish.