Step 8 - Create Resource Forest Management Agent
Applies To: Windows Server 2008, Windows Server 2008 R2
This step explains how to create the Microsoft® Identity Lifecycle Manager 2007 (ILM 2007) FP1 resource management agent for the accounts forest. This will allow you to synchronize user accounts into the resource forest.
To create the management agent
Log on to RES-DC.resource.fabrikam.net as Administrator.
Click Start, click All Programs, click Microsoft Identity Integration Server, and then click Identity Manager.
In Identity Manager, click the Management Agents button at the top.
In the Management Agents view, under Actions, click Create. This will bring up the Create Management Agent dialog box.
On the Create Management Agent dialog box, under Management Agent for, select Active Directory. Under Name enter RESOURCE and then click Next.
On the Connect to Active Directory Forest dialog box, enter resource.fabrikam.net for Forest name. Enter Administrator for the User name. Enter Pass1word$ for the Password. Enter RESOURCE for the Domain. Click Next.
On the Configure Directory Partitions dialog box, under Select directory partitions, put a check in DC=resource,DC=fabrikam,DC=net. Under Select containers for this partition, click the Containers button. This will bring up the Select Containers dialog box.
On the Select Containers dialog box, clear the check from the root DC=resource,DC=fabrikam,DC=net box. This will remove the check marks in all of the boxes. Now place a check in the ResourceForestUsers box. Click OK. This will close the Select Containers dialog box.
On the Configure Directory Partitions dialog box, click Next.
On the Select Object Types dialog box, check user and then click Next.
On the Select Attributes dialog box, place a check in the Show All box in the upper-right.
On the Select Attributes dialog box, place a check in the box for each attribute in the following list. When finished click Next.
cn
displayName
employeeID
givenName
mail
sIDHistory
sn
On the Configure Connector Filter dialog box, click Next.
On the Configure Join and Projection Rules dialog box, select user and then click New Join Rule. This will bring up the Join Rule for user dialog box.
On the Join Rule for user dialog box, under Data source attribute select employeeID.
On the Join Rule for user dialog box, under Mapping Type select Direct.
On the Join Rule for user dialog box, under Metaverse Object Type select person.
On the Join Rule for user dialog box, under Metaverse attribute select employeeID.
On the Join Rule for user dialog box, click Add Condition. If you see a dialog box that says, You are attempting a join mapping with a non-indexed metaverse attribute, you can safely ignore it and click OK.
On the Join Rule for user dialog box, click OK. This will close the Join Rule for user dialog box.
On the Configure Join and Projection Rules dialog box, click Next.
On the Configure Attribute Flow dialog box, under Data source object type select user.
On the Configure Attribute Flow dialog box, under Metaverse object type select person.
On the Configure Attribute Flow dialog box, under Data source attribute select cn.
On the Configure Attribute Flow dialog box, under Mapping Type select Direct.
On the Configure Attribute Flow dialog box, under Flow Direction select Export.
On the Configure Attribute Flow dialog box, under Metaverse attribute select cn.
On the Configure Attribute Flow dialog box, click New. This flow rule will appear above. Repeat these steps for each attribute in the following table. When finished, click Next.
CORP MA Attribute Flow
Data Source Object Type Metaverse Object Type Data Source Attribute Mapping Type Flow Direction Metaverse Attribute user
person
cn
Direct
Export
cn
user
person
displayName
Direct
Export
displayName
user
person
sn
Direct
Export
sn
user
person
employeeID
Direct
Export
employeeID
user
person
givenName
Direct
Export
givenName
user
person
sIDHistory
Direct
Import
sIDHistory
user
person
mail
Direct
Import
mail
On the Configure Deprovisioning dialog box, click Next.
On the Configure Extensions dialog box, click Finish.
Close Identity Manager.