Dela via


Getting Started with MIIS 2003 Walkthrough: Implementation Steps

Applies To: Windows Server 2003 with SP1

Previous Steps in This Walkthrough

  1. Overview

  2. Scenario Design

  3. Lab Setup

To implement this walkthrough, you must set up a server by using the procedures outlined in Lab Setup. If you have not completed setting up your test environment, you must do so now before you can continue with this walkthrough.

In a typical MIIS 2003 design and planning process, you first identify the data sources that will be providing data that is imported into MIIS 2003 and the data sources that will be receiving data that is exported out of MIIS 2003. Once the data sources are identified, a worksheet needs to be made for each data source that explicitly defines the data that is to be imported or exported and how it is to be stored inside MIIS 2003. These worksheets are then used to develop a data flow model. The data flow model defines exactly how the data will be imported from the data source into MIIS 2003 and how data will be exported from MIIS 2003 out to any data sources.

Note

This walkthrough assumes the design and planning process is completed based on the information presented earlier and the worksheets are complete. The walkthrough is designed to step the reader through the implementation of the proposed design based on the data that would typically be included in the worksheets. For complete information about designing and planning an MIIS 2003 deployment and samples of the worksheets, see the MIIS 2003 Design and Planning Collection at the MIIS 2003 Planning, Deploying, and Administering Web site (https://go.microsoft.com/fwlink/?LinkId=36736).

Prepare the Data Sources

In this walkthrough, both data sources are comma delimited text files. One represents data extracted from an employee database and the other represents data extracted from a telephone system database. Data needs to be imported into MIIS 2003 from both data sources and then the telephone data needs to be exported to the employee data source.

To simplify the testing environment, you do not create complete databases to represent the employee management and telephone systems or extract the data needed for this walkthrough. Instead, you create two text files that represent the data extracted from the databases.

Create the Employees.txt File

First, create the text file containing the employee data. The file needs to be a comma delimited text file and can be created with any program capable of saving files in the .txt format such as notepad.exe. The file should be named employees.txt and contain the following data:

EmpID,EmpName,Telephone,Location,Status

US124423,Mike Danseglio,,A2373,Active

US385548,Christa Geller,,B1142,Active

US448502,Jeune Ji,,B4718,Active

US567739,Ken Kwok,,A3177,Inactive

US432884,Esther Valle,,D9932,Active

Make sure that you spell all the entries in the first record correctly; they are used later during the configuration of MIIS 2003. Also, be sure to include all commas. Notice how the commas are delimiting a blank field in the employee data. This blank field will eventually contain the telephone number. Save the employees.txt file in a folder called C:\Data. If the folder does not exist, create it.

Create the Phone.txt File

Next, create the phone.txt file. This file is also a comma delimited text file and it contains a blank field similar to the employees.txt file. Use the following data to create phone.txt:

EmployeeID,Phone,Office

US448502,555-2846,

SVR00319,555-3833,

US124423,555-6723,

US567739,555-8217,

US432884,555-9943,

Save the phone.txt file in C:\Data.

Create the Management Agents

To import and export data MIIS 2003 needs to be connected to one or more data sources. A data source can be a database, such as SQL Server, a messaging system, such as Lotus Notes, or a directory service, such as Active Directory® directory service. Data sources can even be simple text files.

e4631485-5caf-48e3-9187-33c04fe9a469

Figure 1: Examples of Connected Data Sources

Note

This diagram shows examples of different types of connected data sources. In this walkthrough only text files are used as connected data sources.

MIIS 2003 needs to be capable of communication with many different types of connected data sources. It also needs to be able to support new data sources that might be developed and become available in the future. MIIS 2003 makes this possible by using management agents to control all communication with connected data sources. In order to connect a data source to MIIS 2003, you must first configure a management agent designed to support the data source you are attempting to connect. Management agents are provided for each supported data type.

6fd8256a-2f19-4588-ac22-2b5b73dbf721

Figure 2: Management Agents

When data is imported into MIIS 2003, it is stored in a database. All access to the data in the database is managed by MIIS 2003. Data sources are not allowed to access the data directly. When a data source needs to access data stored in MIIS 2003, that access is managed by MIIS 2003 and takes place through the management agent for that data source.

When you deploy MIIS 2003, the first step is to create the necessary management agents. For this walkthrough, you create two instances of the management agent for delimited text files. One is for the employee data and the other is for the phone data.

Create the Management Agent for the Employee Data Source

Click Management Agents at the top of Identity Manager to access Management Agent Designer.

ec43f784-4e4e-4f28-b76c-355eb1acc542

Figure 3: MIIS 2003 Identity Manager

Under Actions, click Create. This opens a series of dialog boxes that walk you through the steps needed to create a management agent. Proceed through each screen to configure the different management agent options.

Create Management Agent

First you need to select the type of management agent you want to create and then give it a name.

  1. Select the type of management agent you want to create. In this walkthrough, you are using text files that contain comma delimited data. In the Management Agent For drop-down list, choose Delimited Text File.

  2. In the Name text box, enter Employees as the name of the management agent you are creating. In the Description text box, enter Management agent for the employee database. Click Next.

Select Template Input File

During the creation of a management agent you need to set various configuration options so the management agent can successfully communicate with its associated data source. The configuration options differ from management agent to management agent based on the requirements of each data source. When using the delimited text file management agent, the next configuration option allows you to identify a template input file.

A template input file is a file that contains sample data and uses the same format as the text file the management agent connects to. The management agent for delimited text files uses the template input file to determine the format of the file it connects to.

You can use the actual data file or a representative set of records as a template input file. The format of the template input file must match the format of the actual data file.

When you create a management agent for delimited text files, MIIS 2003 uses the template input file to determine how many fields are in each record. If a header record is used in the file, MIIS 2003 also uses the header record to determine the name associated with each field. MIIS 2003 needs this information so it can be correctly configured to manage the flow of data to and from the file.

In the employees.txt file, the first record is a header record containing the field names. Each field name, and the corresponding field in each record, is separated by a comma. This file is small enough that it can be used for both the template input file and the actual data file.

  1. Click the Browse button next to the Template Input File text box.

  2. Navigate to the C:\Data folder and highlight the employees.txt file and click Open.

  3. Leave the Code Page setting at the default value, Western European (Windows). Click Next.

Delimited Text Format

Next, configure the delimited text option. The Delimited Text Format screen displays the test data that MIIS 2003 reads from the template input file. Because you used the actual data file as the template input file, the actual data appears. This gives you a chance to see how MIIS 2003 interprets the data it read in the file, configure the delimiter character, and indicate whether a header record is used or not.

The data files for this walkthrough use a comma for the delimiter. Also, they use the first record as a header record to provide the names associated with each field in a record.

  1. Ensure that the Use first row for header names check box is selected.

  2. For the Delimiter option, ensure that Comma is selected.

  3. In the Text qualifier drop-down list choose <none>.

    Note

    If you are not running MIIS 2003 Service Pack 1 the <none> option will not be available. If this is the case, choose the double quotation marks ( “ ). Although this will not affect the procedures in this walkthrough, be aware that the data written to the output files during the export portions of this walkthrough will be enclosed in quotation marks. Although this behavior is not a problem for this walkthrough, it would be an important factor to be aware of in an actual deployment.

  4. Click Next.

Set the Anchor Attribute

MIIS 2003 uses objects and attributes to store and manage data. An object often has many different attributes. For example, an employee object might contain an employee’s first name, last name, phone number and office number. An object is defined by its type. The object type defines the attributes associated with each object. Each attribute usually has a single value, although special attributes can contain more than one value.

Note

Multivalued attributes are not used in this walkthrough.

Any type of data can be represented by using an object. For example, an Employee object might have attributes named First, Last, Phone, and Office, and use those attributes to store an employee’s first name, last name, telephone number and office number respectively. A different type of object, such as a Printer type object, might have attributes such as Name, Paper Size, Color, and Location to store data about the name used to refer to the printer, available paper sizes, whether or not it can print in color, and the physical location of the printer within the office.

The management agent for delimited text files stores each record of a text file in an object and treats each field in the record as an attribute. It analyzes the data in the template input file to determine the attributes that are associated with each record in the file.

MIIS 2003 needs to identify an attribute or group of attributes for each object type as a unique identifier so it has a way of identifying each object. The attribute used as the unique identifier is referred to as an anchor. MIIS 2003 uses the template input file to parse the sample data and build a list of attributes. You need to identify the anchor attribute. Each employee has a unique employee ID number, so this walkthrough uses the EmpID attribute as the anchor.

  1. Click Set Anchor.

  2. Highlight EmpID and click Add.

  3. Click OK and then click Next.

Define Object Types

MIIS 2003 needs to create objects in the connector space to store data imported from the data source. The connector space schema provides the object definitions needed for the creation of these objects. When new management agents are created, MIIS 2003 adds the new object definitions to the connector space schema.

This walkthrough uses the delimited text file management agent. During the creation of the management agent, you identify the object types used by this management agent so those definitions can be added to the schema. Based on the template input file and the use of the header record (if any), MIIS 2003 will display the object and attribute names that it will add to the connector space schema so you can verify that they are correct.

In an earlier step, you configured the management agent to use the first row in the text file as a header record. This means that the data in the first record of the file is used to determine the names of the attributes of the object used by this management agent to store the data in the connector space. In this case, the object will have attributes named EmpID, EmpName, Telephone, Location and Status. These attribute names should be listed in the Name column. If these names do not appear in the list then check to make sure the first record in Employees.txt was typed correctly. Make sure the spelling and placement of commas matches the sample data provided earlier in this walkthrough. Also make sure that you selected the proper delimited text options while configuring the Delimited Text Format options. If these options are set properly, the attribute names are configured automatically, and no additional changes need to be made.

  1. Click Next.

Configure a Connector Filter

Data flows between the connector space and the metaverse during the process called Synchronization. When data flows from the connector space to the metaverse it is referred to as inbound synchronization. When data flows from the metaverse to the connector space it is referred to as outbound replication.

It is possible to control which objects get synchronized by filtering the data. A filter sets conditions that control which objects get synchronized. For example, look at the attributes associated with the person object that this management agent is going to use.

Note

If you click the Back button, you see the list of attributes. Make sure that you click Next to return to the Configure Connector Filter screen before proceeding with the steps outlined in this procedure.

An attribute named status contains the current status of each employee and stores a value of either Active or Inactive. In this walkthrough there is no need to process data for inactive employees. A filter can be used to prevent data related to inactive employees from being added to the metaverse during synchronization.

Ensure that data for inactive employees is not synchronized by configuring a connector filter that looks for records where the status attribute is set to Inactive. Configuring a filter this way excludes those objects from synchronization. This is an example of how filtering is used to control which objects are synchronized.

  1. ClickNew….

  2. Under Data source attribute, highlight Status.

  3. Under Operator, highlight Equals.

  4. In the Value text box, type Inactive and then click Add Condition.

  5. Click OK.

  6. Click Next.

Configure Join and Projection Rules

MIIS 2003 stores data in two different locations, the connector space and the metaverse. When data is imported by a management agent, it is stored in the connector space. The connector space is also the location where management agents look for any data that is ready to be exported from MIIS 2003 to the connected data sources.

The main data store used by MIIS 2003 is called the metaverse. All access to the data in the metaverse is strictly controlled by MIIS 2003 and only MIIS 2003 is allowed direct access to it. All other requests for data in the metaverse must come from a management agent.

2a203cd4-a394-42e1-812f-fb784130ea49

Figure 4: Data Storage in MIIS 2003

Once data is in the connector space, it can then be stored in the metaverse during the inbound synchronization process. During inbound synchronization, MIIS 2003 evaluates the data in the connector space based on conditions you define and determines whether or not the data needs to be stored in the metaverse. The conditions you define are called join and projection rules and they determine whether or not data gets stored in the metaverse.

You can define both join rules and projection rules. Projection rules create and store new objects in the metaverse and link them to related objects in the connector space. Join rules link connector space objects with objects that already exist in the metaverse. Projection and join rules establish the relationships between connector space and metaverse objects so that links between their attributes can be defined allowing data to flow between them during MIIS synchronization.

During the inbound synchronization process, MIIS 2003 searches for objects in the metaverse that correspond to the objects being imported. If matches are found by comparing the anchor attributes, MIIS 2003 uses any applicable join rules to create links between the existing objects. If MIIS 2003 does not find matching objects, then it assumes the objects do not exist and looks for applicable projection rules it can use to create new objects in the metaverse.

You need to define a projection rule so MIIS 2003 will create the objects in the metaverse for the employee data and link those objects to their associated objects in the connector space.

  1. Click New Projection Rule….

  2. Make sure that the Declared option is selected.

  3. For Metaverse object type, select person from the drop-down list. Click OK.

  4. Click Next.

Configure Import Attribute Flow

MIIS 2003 uses connector space objects to store data moving from and to the connected data sources during import and export operations. MIIS 2003 uses metaverse objects to store the data in the metaverse. The process of moving data between connector space objects and metaverse objects is called attribute flow. Attribute flow occurs during synchronization and is governed by attribute flow rules.

Attribute flow rules control how data flows between connector space and metaverse objects during synchronization. Attribute flow rules map individual attributes of connector space objects to individual attributes of metaverse objects and define whether data flows between the mapped pairs of attributes during inbound or outbound synchronization. Attribute flow rules can also be used to assign a specific value to an attribute during synchronization rather than to flow a value from another object.

During synchronization, import attribute flow rules control how data flows into attributes of metaverse objects. The data can come from attributes of connector space objects, such as when newly imported data flows from the connector space to the metaverse, or the data might be a constant value defined in the attribute flow rule. Export attribute flow rules control how data flows from attributes of metaverse objects into attributes of connector space objects. The export attribute flow rule defines whether the data comes from metaverse objects or is a constant value defined in the rule itself. This is how data being exported flows from the metaverse out to the connector space.

Different connected data sources use different object types to store their data. Based on the number and type of connected data sources involved in a deployment, MIIS 2003 might be required to manage many different object types. In order for MIIS 2003 to be able to support data flow between multiple object types, you must configure the data flow of the attributes of one object to the attributes of another object. This configuration must be done for each attribute of each object that you want to synchronize.

In this walkthrough, the employee data is imported by using a default connector space object type called person. Note that this is not the same as the metaverse object type called person. Based on the fields created by the commas in the employees.txt file, the connector space object used to retrieve the data by the management agent for delimited text files has five attributes: EmpID, EmpName, Telephone, Location, and Status. The metaverse object type used to store this information has many different attributes. In this walkthrough, you will configure MIIS 2003 to use the displayName attribute of the metaverse person object to store the value from the EmpName attribute of the connector space object. The EmpID, Location, and Status attributes of the connector space object will be stored in the employeeID, location, and employeeStatus attributes of the metaverse object respectively.

abd70238-753a-4ad1-ad2e-ccf9b0bf253d

Figure 5: How Attributes of Metaverse Objects Map to Attributes of Connector Space Objects

Configure import attribute flow when you create the management agent.

  1. Make sure that person is selected from the Data source object type drop-down list.

  2. Make sure that person is selected from the Metaverse object type drop-down list.

  3. Select Direct under Mapping Type.

  4. Select Import under Flow Direction.

  5. In the Data source attribute list, highlight EmpID.

  6. In the Metaverse attribute list, highlight employeeID.

  7. Click New. This mapping allows the employee ID data to flow from the connector space to the metaverse during inbound synchronization.

  8. In the Data source attribute list, highlight EmpName.

  9. In the Metaverse attributelist, highlight displayName.

  10. Click New. This mapping allows the employee name data to flow from the connector space to the metaverse during inbound synchronization.

  11. In the Data source attribute list, highlight Location.

  12. In the Metaverse attribute list, highlight location.

  13. Click New. This mapping allows the employee office number data to flow from the connector space to the metaverse during inbound synchronization.

  14. In the Data source attribute list, highlight Status.

  15. In the Metaverse attribute list, highlight employeeStatus.

  16. Click New. This mapping allows the employee status data to flow from the connector space to the metaverse during inbound synchronization. Only objects that make it past the filter you configured earlier (filtering out inactive employees) will flow data into the metaverse.

    When you are finished, the configuration should appear as follows.

    b632d255-caf6-4d9a-af3d-a64c3b58a7c8Figure 6: Configure Attribute Flow

  17. Click Next.

Configure Deprovisioning

Deprovisioning is not necessary for this walkthrough. Leave the default settings as they are.

  1. Click Next.

Configure Extensions

Extensions are code that is written, compiled, and configured for use with MIIS 2003 that makes it possible to add functionality to the rules provided in Identity Manager. They are not necessary for this walkthrough.

  1. Click Finish.

MIIS 2003 will use this management agent to retrieve the data from the employee data source represented by the employees.txt file and stage it in the connector space. The configuration options set during the creation of this management agent define how MIIS 2003 will synchronize the connector space for this management agent with the metaverse.

Troubleshooting the Creation of the Management Agent for the Employee Data Source

If you are having problems creating the management agent for the Employees data source, consider the following:

  • Make sure the data in the file you used as a template input file is formatted correctly. The data in the first record is used to define attribute names in the connector space. If spelling errors are in the first record, the attribute names that appear for setting options such as the anchor and the attribute flow will be incorrect. Also, remember to include commas to delimit the blank fields in each record so the management agent knows how to parse each record.

Create the Management Agent for the Telephone System Data Source

Now you need to create a management agent to get the telephone system data into the metaverse. Because both the employee and the telephone data sources are comma delimited text files, the process of creating the management agent for the telephone data is similar to the process you used to create the management agent for the employee data. There are two main differences.

First, the management agent for the telephone data is configured to use join rules instead of projection rules. This is because the management agent for the employee data creates the metaverse objects so they will already exist when the telephone management agent is run. The management agent for the telephone data uses import attribute flow to import the telephone number data from the phone.txt file and stores it in the attributes of matching metaverse objects.

Second, the fields in the records contained in the phone.txt file are different than the fields used in the employees.txt file, resulting in different attributes being used to store the telephone data. You will use these new attributes when you configure attribute flow.

With these changes in mind, create the management agent for the telephone data.

Open Identity Manager and create the management agent for the telephone data source. Click Management Agents at the top of Identity Manager. Under Actions, click Create to access the Management Agent Designer.

Create Management Agent

First select the type of management agent and then give it a name.

  1. The phone.txt file is a comma delimited text file. In the Management Agent For drop-down list, choose Delimited Text File.

  2. In the Name text box, enter Phone as the name of the management agent you are creating. In the Description text box, enter Management agent for the telephone system database. Click Next.

Select Template Input File

Remember, a template input file is a file that contains data and uses the same format as the text file that the management agent will connect to. Similarly to how you configured the template input file for the management agent for the employee data source, you can use the phone.txt file for both the template input file and the actual data file for the management agent for the telephone system.

  1. Click the Browse button next to the Template Input File text box.

  2. Navigate to the C:\Data folder and highlight the Phone.txt file and click Open.

  3. Leave the Code Page setting at the default value, Western European (Windows). Click Next.

Delimited Text Format

Next, configure the delimited text option. The data files used for this walkthrough use a comma for the delimiter. Also, they use the first record as a header record to provide the names associated with each field in a record.

  1. Make sure the Use first row for header names check box is selected.

  2. For the Delimiter option, make sure that Comma is selected. Click Next.

  3. In the Text qualifier drop-down list choose <none>.

Note

If you are not running MIIS 2003 Service Pack 1 the <none> option will not be available. If this is the case, choose the double quotation marks ( “ ). Although this will not affect the procedures in this walkthrough, be aware that the data written to the output files during the export portions of this walkthrough will be enclosed in quotation marks. Although this behavior is not a problem for this walkthrough, it would be an important factor to be aware of in an actual deployment.

  1. Click Next.

Set the Anchor Attribute

Identify the anchor that MIIS 2003 can use to uniquely identify the telephone system objects. Each employee has a unique employee ID number, so use the EmployeeID attribute as the anchor for this walkthrough.

  1. Click Set Anchor.

  2. Highlight EmployeeID and click Add.

  3. Click OK and then click Next.

Define Object Types

Once again, the object definitions used by this management agent must be added to the connector space schema. The attributes defined will be determined by the header record in the data file. In this case, the attributes will be EmployeeID, Phone, and Office. Because this is configured automatically based on the template input file, no additional changes need to be made.

  1. Click Next.

Configure a Connector Filter

Remember, you can control which objects get joined or projected by filtering the data during inbound synchronization. During the synchronization of the employee data, you want to filter out all employees with a status of Inactive. This is the only filtering needed in this walkthrough and it is done by the management agent for the employee data source. No filtering of the telephone data is required.

  1. Click Next.

Configure Join and Projection Rules

Projection rules govern the creation of new objects in the metaverse. Join rules control how information is added to existing objects. The management agent for the employee data source creates all the objects needed in the metaverse based on the projection rule you created earlier. The management agent for the telephone system uses join rules to create links between connector space objects containing the phone data and the metaverse objects created by the Employees management agent. The links created by the join rules make it possible to configure attribute flow so that the telephone data can be added to those metaverse objects.

You need to configure a join rule for the management agent for the telephone system. This is done by defining conditions that need to be satisfied in order for a join to occur. In the simplest form, this means mapping one or more pairs of data source and metaverse object attributes. During synchronization, the values of the attributes defined in the join rules are compared and if their values are equal, then the join takes place.

For example, the connector space objects from a telephone system might have two attributes, name and phone number. The employee objects in the metaverse might use the following attributes: empName, empPhone, empLocation, and empStatus. You could create a join rule that matches the name attribute of the phone system connector space object to the empName attribute of the metaverse employee object. During synchronization, the values of these two attributes are compared and if they are equal, MIIS 2003 allows a join to occur. This means that a link is established between the two objects. This link makes it possible to configure attribute flow (which you will do in later steps) so the telephone data can flow from the connector space into the metaverse.

2bcb612c-73e8-41db-8fd0-4f666936d482

Figure 7: Join and Projection

The goal of this walkthrough is to add the telephone numbers to the employee information stored in the employee data source. Both the employees.txt file and the phone.txt file use an employee ID number. The Employees management agent stores it in the EmpID attribute. The Phone management agent uses EmployeeID. Based on the attribute flow defined for the Employees management agent, MIIS 2003 stores the contents of the EmpID attribute in the employeeID attribute of the metaverse object for each employee during inbound synchronization. You must create a join rule that compares the EmployeeID attribute of the phone data to the employeeID attribute of the metaverse objects to determine whether or not to add the phone data to the metaverse objects. This means that during synchronization, when the value stored in EmployeeID from the phone system equals the value stored in employeeID in the metaverse, MIIS 2003 creates a link between the connector space object and the metaverse object. This link makes it possible to create attribute flow rules that allow data flow to occur between the two objects.

This procedure only defines the conditions that must be met to create the link between the two objects. Configuring which attributes actually flow data is defined in the next procedure.

Define a join rule based on the employee ID numbers used by the two management agents.

  1. Click New Join Rule….

  2. Highlight EmployeeID in the Data source attribute: list.

  3. Make sure that the Direct option is selected for Mapping Type.

  4. Select person from the Metaverse object type drop-down list.

  5. Highlight employeeID in the Metaverse attribute: list.

  6. Click Add Condition.

  7. You will be prompted with a warning stating that you are attempting a join mapping with non-indexed metaverse attributes. For this walkthrough, you can ignore this message. Click OK.

  8. Click OK to return to the Configure Join and Projection Rules screen.

  9. Click Next.

Configure Import Attribute Flow

The next step is to configure the import attribute flow so that the telephone data can be added to the metaverse objects.

In the previous step, you created a join rule where MIIS 2003 compares EmployeeID attribute of objects from the Phone management agent with the employeeID attribute of objects in the metaverse to determine which connector space objects get linked to metaverse objects. Now you are going to configure the import attribute flow that needs to occur for the objects that are linked when the conditions of the join rule are met.

d28b41d7-047a-4c76-ba4a-70468e967d2e

Figure 8: Import Attribute Flow for the Phone Management Agent

In this case, you configure an import attribute flow that takes the value of the Phone attribute in the connector space and flows it into the telephoneNumber attribute of the metaverse object.

  1. Make sure that person is selected from the Data source object type drop-down list.

  2. Make sure that person is selected from the Metaverse object type drop-down list.

  3. Select Direct under Mapping Type.

  4. Select Import under Flow Direction.

  5. In the Data source attribute list highlight Phone.

  6. In the Metaverse attribute list highlight telephoneNumber.

  7. Click New.

  8. Click Next.

    Note

    Note that you do not need to configure import attribute flow for EmployeeID. The Employees management agent is already configured to store that value in the metaverse as a result of import attribute flow. The EmployeeID attribute from the Phone management agent is only used for comparison during the processing of the join rule. There is no need to store the EmployeeID attribute value from the telephone system in the metaverse so there is no need to configure an attribute flow for it.

Configure Deprovisioning

Deprovisioning is not necessary for this walkthrough. Leave the default settings as they are.

  1. Click Next.

Configure Extensions

Extensions are code that is written, compiled, and configured for use with MIIS 2003 that makes it possible to add functionality to the rules provided in Identity Manager. They are not necessary for this walkthrough.

  1. Click Finish.

Troubleshooting the Creation of the Management Agent for the Telephone System Data Source

If you are having problems creating the management agent for the telephone system, consider the following:

  • Make sure the data in the file you used as a template input file is formatted correctly. The data in the first record is used to define attribute names in the connector space. If spelling errors are in the first record, the attribute names that appear for setting options such as the anchor and the attribute flow will be incorrect. Also, remember to include commas to delimit the blank fields in each record so the management agent knows how to parse each record.

Stage the Data

Data flow in MIIS 2003 occurs in four phases: import, inbound synchronization, outbound synchronization, and export. Importing is the process of retrieving data from a connected data source and storing it in the connector space. Objects must exist in the connector space to store the data being imported. If new objects are needed in the connector space, they are created during the import operation. The process of creating the new objects and storing the newly imported data in the connector space is referred to as staging. Once data is staged it is ready for inbound synchronization.

Inbound synchronization is the process that adds the staged data to the metaverse. During the import operation, all data is imported into the connector space, including objects that meet the filtering criteria. All filtered objects in the connector space are ignored during inbound synchronization so they do not get processed and are not added to the metaverse. Join and projection rules are applied during inbound synchronization to create metaverse objects as necessary and link connector space objects to metaverse objects. Import attribute flow rules are applied during inbound synchronization to further control exactly what data flows from the connector space to the metaverse.

Outbound synchronization is the process of retrieving data from the metaverse and storing it in the connector space so it can be exported. Exporting is the process of sending data in the connector space to a connected data source. Outbound synchronization and exporting data are discussed in more detail later in this walkthrough.

870d61f5-2b2b-4c46-930e-1b8214fd3b68

Figure 9: The Four Phases of Data Flow

Now that your data and your management agents are ready, you can begin processing the data. MIIS 2003 makes it possible for you to stop and examine the data being processed during each phase of the data flow process. In order to help you understand how the data flows through MIIS 2003, you will take advantage of this and stop and examine the data between each phase.

Stage the Employee Data

Management agents are used to initiate each of the four phases of data flow. When a management agent is run, it causes one or more phases of data flow to occur. The phases that are processed each time a management agent is run are determined by a run profile. Run profiles provide operating parameters to management agents each time they are run. The information in the run profile varies based on the management agent that uses it. For example, a run profile for a delimited text file management agent contains parameters indicating the name of the text file that is used as the connected data source and data indicating which phase of the data flow is to be processed. Each time a management agent is run, you must provide the name of the run profile that will be used.

In this walkthrough, you create multiple run profiles, one for each phase of data flow. This makes it possible to process one phase of the data flow and then stop and examine the data to make sure data is flowing as expected. This allows you to monitor and troubleshoot the implementation of a new deployment. Once data flow has been verified and you are confident everything is functioning as intended, you can create more sophisticated run profiles that perform multiple phases of data flow. For the purposes of this walkthrough and to help you learn how data flows, simpler individual run profiles are used for each phase of data flow rather than combining multiple phases into a more extensive run profile.

Configure the Staging Run Profile for the Employees Management Agent

The first run profile is used to stage the employee data. It specifies the location of the actual employees.txt file and indicates that the management agent is supposed to only stage the data.

  1. Open Identity Manager.

  2. Make sure that Management Agents is selected and the Management Agents screen is active.

  3. Click the Employees management agent to highlight it.

  4. In the Actions menu, choose Configure Run Profiles. The Configure Run Profiles for “Employees” screen opens.

  5. Click New Profile… to open the Configure Run Profile screen.

  6. Enter Staging as the name of the run profile in the Name text box and click Next.

  7. On the Configure Step screen, specify the type of operation that will occur when this run profile is used. This is where you choose the phases of data flow that will be processed when this run profile is used. In the Type drop-down list, choose Full Import (Stage Only). This option will cause all the data in the data source to be staged in the connector space.

  8. The other options on this screen are not needed for this walkthrough. Click Next.

  9. On the Management Agent Configuration screen, you need to point to the data file that will be used when this profile is processed. Data files used by the delimited text management agents must be placed in a specific location. During installation, assuming you use the default installation options, MIIS 2003 creates a folder named MaData located in C:\Program Files\Microsoft Identity Integration Server. The data file used by the delimited text management agent must be located in a folder named after the management agent and that folder must be stored inside the MaData folder. When you create the management agent, this folder will be created automatically; however, you still must copy the data file used by the management agent to this location. If you setup MIIS 2003 using default settings, the complete path to the MaData folder for the Employees management agent should be C:\Program Files\Microsoft Identity Integration Server\MaData\Employees. Click Select… and the Select File dialog box opens to allow you to select the data file. The path is displayed in the Management agent working directory text box. This is the path used by the management agent for delimited text files to find the data files you want processed. Open Windows Explorer and copy the employees.txt file you created earlier in the C:\Data folder to the C:\Program Files\Microsoft Identity Integration Server\MaData\Employees folder so the management agent can find the data.

  10. After the file has been copied to the new location, return to the Select File screen and click Refresh. Make sure that employees.txt is highlighted and click OK.

  11. Leave the Partition set to default and click Finish.

  12. Click OK to return to Identity Manager.

Stage the Employee Data

At this point you have created the data files, created the management agents, configured a run profile and copied the data file to the proper location so that the management agent can find it. You are now ready to run the management agent and stage the employee data.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Make sure the Employees management agent is highlighted then click Run in the Action menu.

  3. The Run Management Agent dialog box displays a list of the available run profiles. At this point, you have only created one, called Staging. It should be highlighted and the only item on the list. Click OK to run the management agent with the Staging run profile.

Examine the Staged Data

When a management agent is run, MIIS 2003 displays a summary of the results in the bottom half of Identity Manager.

cf4f6d14-2bd3-4397-bac5-87afe24dd770

Figure 10: Identity Manager

The Synchronization Statistics section and Synchronization Errors section are used to monitor the success or failure of the operations performed by the latest run of a management agent. Use this information to monitor the success of the staging operation you just performed.

  1. After running the Employees management agent, the Synchronization Statistics should show five Adds. Also, note how this information is highlighted in the user interface. These are actually links that you can click to open detail pages that list exactly what data was added. Click Adds to open the Object Details page.

  2. The Object Details page displays a list of the objects that were staged. Notice that it displays employee ID number. This is the attribute that was configured earlier to be the anchor. Click employee ID number US432884 to highlight it then click Properties…

  3. The Connector Space Object Properties screen shows a summary of the activity associated with each attribute for the given object. In this case, you can see a list of all the attributes associated with Esther Valle, whose employee ID number is US432884. Each attribute is listed along with the value that was stored before the management agent was run (the Old Value column) and the new value that is stored now that the management agent run profile has completed (New Value column). The Changes column lists the type of action that occurred. Examining the connector space object properties, you can see that all attributes did not have any previous value because all entries in the Old Value column are blank. You can see that values were added when the management agent was run because the Changes column shows an entry of add for each attribute. You can see the new value that was added by examining the New Value column. Click Close to close this screen.

  4. Highlight employee ID US567739 and click Properties… to open up the details for this employee. Notice the new value for the Status attribute. Even though you set a filter to prevent the import of employee data with a Status of Inactive, the data still gets staged. The connector filter prevents any further activity on this data. In later procedures, you will verify that this data does not get added to the metaverse. Click Close to close the properties page.

  5. Click Close to close the Object Details page.

Troubleshooting Staging the Employee Data

If you are having problems staging the data for the Employees data source, consider the following:

  • Make sure the data in the file you used as a template input file is formatted correctly. Remember to include commas to delimit the blank fields in each record so the management agent knows how to parse each record and make sure that the field names in the first record are spelled correctly.

  • Is your data in a text file named employees.txt and stored in the proper folder? If you setup MIIS 2003 by using default settings, the complete path to the MaData folder should be C:\Program Files\Microsoft Identity Integration Server\MaData\Employees. Make sure the employees.txt file is in this folder. The file in the C:\Data folder is only used as a template input file. The run profile is configured to read the file in the MaData folder.

  • When you created the Staging run profile, did you set the Type to Full Import (Staging only)?

Stage the Phone Data

At this point, you have completed staging the employee data. It is in the connector space and ready to be added to the metaverse. Before proceeding with the synchronization, you need to stage the telephone data.

Configure the Staging Run Profile for the Phone Management Agent

Remember, before a management agent can be run, you must configure a run profile. Configure a run profile to stage the Phone data.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Phone management agent to highlight it.

  3. In the Actions menu, choose Configure Run Profiles. The Configure Run Profiles for “Phone” screen opens.

  4. Click New Profile… to open the Configure Run Profile screen.

  5. Enter Staging as the name of the run profile in the Name text box and click Next.

  6. On the Configure Step screen, specify the type of operation that will occur when this run profile is used. In the Type drop-down list, choose Full Import (Stage Only). This option causes all the data in the data source to be staged in the connector space. The other options on this screen are not needed for this walkthrough. Click Next.

  7. On the Management Agent Configuration screen, you need to point to the data file that will be used when this profile is processed. Click the Select… button. You need to copy the phone.txt file you created earlier in the C:\Data folder to C:\Program Files\Microsoft Identity Integration Server\MaData\Phone. Open Windows Explorer and copy the C:\Data\phone.txt file to this location.

  8. After the file has been copied to the new location, close Windows Explorer and return to the Select File screen and click Refresh to see the file you just copied to this location. Make sure that phone.txt is highlighted and click OK.

  9. Leave the Partition set to default and click Finish.

  10. Click OK to return to the main Identity Manager screen.

Stage the Telephone Data

After you configure the staging run profile, run the management agent and stage the telephone data.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Make sure the Phone management agent is highlighted then click Run in the Action menu.

  3. The Run Management Agent dialog box displays a list of the available run profiles. At this point, you have only created one, called Staging. It should be highlighted and the only item on the list. Click OK to run the management agent with the Staging run profile.

Examine the Staged Data

  1. After running the phone management agent, the Synchronization Statistics should show five Adds. Click Adds to open the Object Details page.

  2. The Object Details page displays a list of the objects that were staged. Notice that it displays employee ID numbers again. This is the attribute that was configured earlier to be the anchor for the telephone data.

  3. Click Close to close the Object Details page.

  4. At the top of Identity Manager, click Operations. This opens the Management Agent Operations screen.

  5. The Management Agent Operations screen contains a history of each time any management agent was run. To go back and examine the statistics collected during a previous run, open this screen and select the entry in the list that you want to examine. Notice that as you select items in the list, the synchronization statistics displayed in the bottom half of Identity Manager are updated to display the corresponding statistics. Click the entry for Employees.

  6. In the Synchronization Statistics section, click Adds. Examine the object properties. Note that the records displayed are from the Employee data source. Close all Object Details.

  7. In the Management Agent Operations screen, click the entry for Phone to highlight it.

  8. In the Synchronization Statistics section, click Adds. Use the properties to verify that the records displayed are from the Phone data. Close all Object Details.

  9. At the top of Identity Manager, click Management Agents to return to the Management Agents screen.

Troubleshooting Staging the Phone Data

If you are having problems staging the data for the telephone data source, consider the following:

  • Make sure the data in the file you used as a template input file is formatted correctly. Remember to include commas to delimit the blank fields in each record so the management agent knows how to parse each record and make sure that the field names in the first record are spelled correctly.

  • Is your data in a text file named phone.txt and stored in the proper folder? Make sure the phone.txt file is in the C:\Program Files\Microsoft Identity Integration Server\MaData\Phone folder. Remember, the file in the C:\Data folder is only used as a template input file. The run profile is configured to read the file in the MaData folder.

  • When you created the Staging run profile, are you sure you set the Type to Full Import (Staging only)?

Perform Synchronization

At this point, the data has been staged in the connector space and is ready to be synchronized with the metaverse. During synchronization, you will see how filtering, join, projection, and import and export attribute flow occur. The connector filter will exclude connector space objects with a status attribute equal to Inactive from synchronization. The projection rules will cause metaverse objects to be created and linked to connector space objects that passed the connector filter. Join rules will link connector space objects with metaverse objects that already exist.

Before the synchronization occurs, examine the current data stored in MIIS. After the synchronization has taken place you will examine the data again so you can see how it was affected by the synchronization process.

Examine the Data Stored in MIIS

During inbound synchronization, data will be affected in three locations within MIIS 2003. Objects will be created in the metaverse to store the data being synchronized, data stored in the connector space for the Employees management agent will be linked to objects in the metaverse, and data in the connector space for the Phone management agent will be linked to objects in the metaverse.

Because synchronization has not occurred yet, no objects have been created in the metaverse and no links between connector space objects and metaverse objects have been created yet.

Check for Data in the Metaverse

Earlier in this walkthrough, you performed steps that caused data to be staged in the connector space. Staging data only affects the connector space. No data gets added to the metaverse during staging. Verify that no data has been added to the metaverse.

  1. Select Metaverse Search to view the Metaverse Search screen.

  2. Leave the Scope by Object Type and Collation set to their default values of All and <default> respectively.

  3. Click Search. Because no data has been stored in the metaverse yet nothing appears in the Search Results and you see the message Retrieved 0 of 0 matching records.

Examine Data in the Connector Space

The data for each management agent was staged in the connector space associated with each management agent.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Employees management agent to highlight it.

  3. In the Actions menu, choose Search Connector Space. The Search Connector Space window opens.

  4. Leave Scope set to Sub-Tree and click Search. Notice in the Connector column, all objects are set to a value of False. This means they are not linked to objects in the metaverse.

  5. Click Close to exit the Search Connector Space window. Select the Phone management agent and search the connector space once more. Verify that no links have been established for those objects also. When finished, close the search window.

Synchronize the Employee Data

You must create run profiles for both management agents so they can initiate synchronization.

Configure the Synchronization Run Profiles for the Management Agents

The process of creating the run profiles for the synchronization operations is similar to the process used for creating the staging run profiles. The only difference is selecting a different type.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Employees management agent to highlight it.

  3. In the Actions menu, choose Configure Run Profiles. The Configure Run Profiles for “Employees” screen opens.

  4. Click New Profile… to open the Configure Run Profile screen.

  5. Enter Sync as the name of the run profile in the Name text box and click Next.

  6. On the Configure Step screen, specify the type of operation that will occur when this profile is used. In the Type drop-down list, choose Full Synchronization. This option causes MIIS 2003 to synchronize the connector space and the metaverse based on the rules you configured while creating the management agents. The other options on this screen are not needed for this walkthrough. Click Next.

  7. Leave the Partition set to default and click Finish.

  8. Click OK to return to the main Identity Manager screen.

  9. Now, create the run profile to import the phone information. Click the Phone management agent to highlight it.

  10. In the Actions menu choose Configure Run Profiles.

  11. Click New Profile….

  12. Enter Sync as the name of the run profile in the Name text box and click Next.

  13. On the Configure Step screen, specify the type of operation that will occur when this run profile is processed. In the Type drop-down list, choose Full Synchronization. Click Next.

  14. Leave the Partition set to default and click Finish.

  15. Click OK to return to the main Identity Manager screen.

Synchronize the Employee Data

You are now ready to synchronize the employee data in the connector space with the metaverse.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Employees management agent to highlight it.

  3. In the Actions menu choose Run. The Run Management Agent screen opens.

  4. Highlight the Sync run profile and click OK.

  5. Examine the Synchronization Statistics at the bottom of the Identity Manager screen. Notice that it shows inbound synchronization statistics. Note that there are 4 projections. Projections represent new objects created in the metaverse based on projection rules. Click Projections. It displays a list of objects that were created in the metaverse. Click Close.

  6. 6At the top of Identity Manager, click Metaverse Search.

  7. Leave the Scope by Object Type and Collation set to their default values of All and <default> respectively. Click Search. Now the search results show you the four objects that were projected into the metaverse during synchronization.

  8. To see the attribute values that flowed into the metaverse during synchronization, you might need to change the column display options for the Search Results. If the names of the attributes that you configured to flow during synchronization do not already appear as column headings in the search results, click Column Settings. Configure the columns to display the names of the attributes you are adding to the metaverse. For each attribute name you want to display in the search results, you need to make sure it appears in the Selected Columns list. To add columns, select displayName in the Available Columns list and click Add>>. Select employeeID and then click Add>>. Select employeeStatus and click Add>>. Select location and click Add>>. Select telephoneNumber and click Add>>.

  9. Click OK to return to the Metaverse Search screen.

  10. If necessary, adjust the column widths (this can be done by using the mouse to drag and drop the lines separating the column headings) so you can see all columns. The search will return the four objects you just imported. Because you performed a search without creating a search clause, it returned all objects.

  11. Select Management Agents at the top of the screen to return to the Management Agents screen.

  12. Click the Employees management agent to highlight it.

  13. In the Actions menu, choose Search Connector Space. The Search Connector Space window opens.

  14. Leave Scope set to Sub-Tree and click Search. Notice how the values in the Connector column have changed to True for most objects. This means they are now linked to objects in the metaverse. Note that one object, US567739, is still set to false. Select this item and click Properties…. Note the value of the status attribute. This is the object that is filtered by the connector filter rule you created earlier. It has not been projected into the metaverse and no link has been created, thus the value is still False. Click Close to close the Properties window.

  15. Click Close to exit the Search Connector Space window.

  16. In the Synchronization Statistics, click Filtered Disconnectors.

  17. In Object Details, highlight the employee ID and click Properties.

  18. Click the Lineage tab.

  19. Note the Object State and the fact that the Metaverse Object Properties button is not available. This is another view of the data that got filtered (the status is Inactive). Because it did not get projected into the metaverse, you cannot look at its metaverse properties. The object state is listed as Filtered Disconnector. A disconnector is an object that exists in the connector space but is not linked to an object in the metaverse. Filtered means the object was not linked to an object in the metaverse because a filter prevented the link from being created by using either projection or join rules. Remember, when you created the Employees management agent, you created a filter that would filter out employees whose status was Inactive.

  20. Close the two windows and return to the main Identity Manager screen.

  21. Click Metaverse Search to return to the Metaverse Search screen and look at the list of objects in the metaverse. The filtered object is not in the list (the displayName would have been Ken Kwok).

  22. Note the telephoneNumber column is empty. Remember that you are going to import the telephone data from the Phone management agent. Because you have not synchronized the Phone management agent this data has not been imported yet, so this column is empty.

Troubleshooting the Synchronization of the Employee Data

If the employee data fails to import successfully, then consider these troubleshooting questions:

  • Did you successfully stage the employee data earlier in this section? If not, you must go back and successfully complete those procedures before the import can succeed.

  • When you ran the management agent, did you run the Employees management agent or the Phone management agent? You are synchronizing the data used by the Employees management agent. Running the Phone management agent will not affect the employee data in the current configuration.

  • When you ran the management agent, did you use the Staging run profile or the Sync run profile? The Staging run profile will not add data to the metaverse.

Before you can synchronize the telephone data, you need to configure the attribute flow rules for it. There are important differences between inbound and outbound synchronization that you must take into consideration when planning your attribute flow rules.

Inbound synchronization is triggered when you run a management agent with a run profile that contains one of the synchronization options. Inbound synchronization processes objects associated with the connector space of the management agent being run. Outbound synchronization is triggered when a change occurs to a metaverse object that has associated export attribute flow rules defined. Outbound synchronization occurs regardless of which management agent is run. This is an important difference between inbound and outbound synchronization.

Inbound synchronization is initiated by a specific management agent and uses import attribute flow rules to flow data from that management agent’s connector space into the metaverse. Outbound synchronization is initiated when a metaverse object changes, regardless of which management agent causes the change to occur, and it causes all export attribute flow rules associated with that metaverse object to be processed. Those export attribute flow rules may affect connector spaces associated with many different management agents.

This behavior is significant because in a production environment involving many different connected data sources, a seemingly simple change to the metaverse made by one management agent can result in many different export attribute flow rules being processed. The processing of export attribute flow rules can cause changes to the connector spaces of many different management agents, which can ultimately result in changes being sent to the corresponding data sources. The potential of a single change affecting so many data sources throughout the MIIS 2003 infrastructure is why you need to carefully plan all data flow rules before actually deploying your identity management solution.

To help break the process down into individual steps that can be explained in this walkthrough, inbound and outbound synchronization are explained as two different phases of data flow. Although they are two phases, they both occur during synchronization. You do not create a run profile for inbound synchronization and another run profile for outbound synchronization. You create a run profile for a management agent that causes the synchronization to occur.

When you run a management agent using that run profile, all phases of synchronization occur. First inbound synchronization examines any import attribute flow rules associated with any metaverse objects linked to connector space objects that belong to the management agent being run. Based on those rules, data flows from the connector space to the metaverse, updating the linked metaverse objects. These updates to the metaverse objects trigger outbound synchronization. Outbound synchronization applies all export attribute rules associated with the updated metaverse objects. The export attribute rules then allow data to flow from the metaverse to the various connector spaces. The connector spaces that receive this data are determined by the linked attributes in the export attribute flow rules, not by the management agent being run.

At this point in the walkthrough, you have imported the employee data into the metaverse and now the phone information needs to be added to the employee data. The next steps are to add export attribute flow rules and synchronize the phone data so it can be added to the metaverse data and staged in the connector space of the Employees management agent, ready for export.

The flow of the data from the phone management agent’s connector space to the metaverse is the result of the attribute flow rules that you configured during the creation of the Phone management agent. Now you must add export attribute flow rules so data can flow from the metaverse out to the connector space for the Employees management agent during the outbound portion of the synchronization. Because export attribute flow rules are processed as the result of changes to metaverse objects, you want to make sure that you create the new export attribute flow rules before you perform the synchronization of the Phone management agent. This is because the synchronization of the phone data will result in the telephone data being added to the metaverse objects created by the Employees management agent. Adding the phone data is considered a change to the metaverse object and will trigger processing of the export attribute flow rules.

If you perform the synchronization of the telephone data before you create the export attribute flow rules, an additional synchronization will need to take place in order for the export attribute flow rules to be processed. Although performing an additional synchronization is not significant in a small environment like that used for this walkthrough, in a true production environment involving thousands or even millions of objects and many different data sources, synchronization can take many minutes, hours, or even days to complete. Making sure the attribute flow rules are in place and ready so the synchronization of the phone data can be processed in one synchronization pass is much more efficient and would save considerable time if the synchronization was being performed in a production environment.

Configure Export Attribute Flow for the Employees Data Source

Outbound synchronization requires you to define export attribute flow for the Employees management agent in order to allow the phone data in the metaverse to flow out to the Employee connector space. This must occur before the data can be added to the employee database by the Employees management agent.

Figure 11: Export Attribute Flow for the Telephone Data

Configure Export Attribute Flow

During the initial setup of the management agents, you configured import attribute flow that allowed data in the connector space to flow into the metaverse. Now you must adjust the configuration to allow the telephoneNumber attribute to flow out of the metaverse to the connector space so the Employees management agent can export it to the Employees database (in this case, the employees.txt file).

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Employees management agent to highlight it.

  3. In the Actions menu, choose Properties. The Properties screen opens.

  4. Under Management Agent Designer, click Configure Attribute Flow.

  5. You already configured import attribute flow for this management agent. The previous configuration can be viewed by expanding the Object Type:person in the Data Source Attribute column. Notice how all the arrows show attribute flow from the Data Source attributes to the metaverse attributes. These are all examples of import attribute flow used to bring data into the metaverse during inbound synchronization. For outbound synchronization, you need to configure export attribute flow. You want data to flow from the metaverse and have it flow to the connector space. In the Data source attribute: list at the bottom of the screen, highlight Telephone.

  6. In the Metaverse attribute: list, highlight telephoneNumber.

  7. Under Flow Direction, select Export.

  8. Click New. Note that the arrow for the new attribute flow definition in the table points in the other direction, from the metaverse attribute to the connector space attribute. This indicates data for this attribute will flow out of the metaverse.

  9. Click OK to save the new configuration.

Synchronize the Phone Data

In order for the new configuration to take effect, you must synchronize data between the connector space of Phone management agent and the metaverse. This will result in updates to the metaverse objects which will initiate export attribute flow. Perform a synchronization to trigger export attribute flow using the new configuration.

This is the final step needed to get all of the data into the metaverse. You already created the run profile, so you only need to run the management agent.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Phone management agent to highlight it.

  3. In the Actions menu, choose Run. The Run Management Agent screen opens.

  4. Highlight the Sync profile and click OK.

  5. Examine the Synchronization Statistics at the bottom of the Identity Manager screen. Note that there are zero projections, three joins, and two disconnectors. If you recall, when you created the Phone management agent, you defined a single join rule but did not define any projection rules. That join rule stated that you wanted to link connector space objects for the Phone management agent to objects in the metaverse that had matching employeeID attribute values. The three joins indicate that three connector space objects had an EmployeeID attribute that matched the employeeID attribute of a metaverse object. The two disconnectors indicate that two objects in the connector space had an EmployeeID attribute that did not match an employeeID attribute of an object in the metaverse. If you examine the data in the text files you created, you find two records in the phone.txt file that do not have corresponding entries in the employees.txt file. One record belongs to a server (the EmployeeID begins with the letters SVR) and the other record belongs to an employee whose status is Inactive. Because these objects were not projected, they were never created in the metaverse. Consequently, the two objects from the phone.txt file cannot be joined to metaverse objects and remain in the connector space as two disconnectors.

  6. At the top of Identity Manager, click Metaverse Search.

  7. Click the Search button. The search will return the four objects you just imported. Note that they all now have phone numbers, except employee ID number US385548.

    Use Notepad.exe and open the phone.txt file in the MaData\Phone folder. Note that there is no phone number for this person. Also notice there is a phone number in the text file for employee number SVR00319. MIIS 2003 did not find an object in the metaverse with a matching employeeID for this record so this attribute value had no place to be stored in the metaverse.

  8. Close Notepad and return to the Management Agents screen in Identity Manager.

  9. Make sure the Phone management agent is still highlighted. In the Actions menu, choose Search Connector Space. The Search Connector Space window opens.

  10. Leave Scope set to Sub-Tree and click Search. Notice how the values in the Connector column have changed to True for most objects. Also note the two records that are still set to False. These are the two objects that were not projected or joined.

  11. Click Close to exit the Search Connector Space window.

    Because export attribute flow rules are configured, updates to the metaverse objects cause outbound synchronization to occur. Based on the configuration changes you made, data should have flowed from the metaverse to the connector space of the Employees management agent.

  12. Examine the Synchronization Statistics at the bottom of the Identity Manager screen. Note that there is now a section labeled Outbound Synchronization. Click the Export Attribute Flow link to display a list of the objects that have been updated in the connector space as a result of export attribute flow. Highlight one of the employee ID numbers and click Properties…. Notice the line for the Telephone attribute. It now shows a change type of add, the Old Value is blank and the New Value is the telephone number being exported. Click Close.

  13. Close the Object Details window.

Troubleshooting the Synchronization of the Phone Data

If the telephone data fails to import successfully, then consider these troubleshooting questions:

  • Did you successfully complete the staging procedures for the phone data earlier in this section? If not you must go back and successfully complete those procedures before the import can occur.

  • When you ran the management agent, did you run the Phone management agent or the Employees management agent? You are synchronizing the data used by the Phone management agent. Running the Employee management agent will not affect the telephone data using the current configuration.

  • When you created the two text files being used as the connected data sources, did you verify that you typed the employee ID numbers correctly? Because the employee ID numbers are used in the join rules, they must be entered correctly or the join rules will fail to function as configured in this walkthrough.

  • When you ran the management agent, did you use the Staging run profile or the Sync run profile? The Staging run profile will not add data to the metaverse. The Sync run profile will only process the new data if it is staged first. Stage the data before you synchronize it.

Optional: Add New Phone Data

As an optional procedure, try adding a record in the phone.txt file for employee ID US385548 and then synchronize the phone data again. Use metaverse search to see if you are successful.

Troubleshooting the Optional Procedure for Adding New Phone Data

If the phone number data for the optional procedure fails to synchronize successfully, then consider these troubleshooting questions:

  • Did you add the new data to the phone.txt file saved in the C:\Data folder or the MaData folder? Remember that the run profile is configured to read the file in the MaData folder, the file in C:\Data is only used as a template input file.

  • Did you format the new record correctly? Are the commas in the right place?

  • Did you type the employee ID correctly in the new record?

  • When you ran the management agent, did you run the Employees management agent or the Phone management agent? You changed the data used by the Phone management agent. Running the Employees management agent will not affect a metaverse object value.

  • When you ran the management agent, did you use the Staging run profile or the Sync run profile? The Staging run profile will not add data to the metaverse.

Export the Synchronized Data

The final step is to perform the export operation. As with the previous operations, you must first create run profile for the export operation.

Configure an Export Run Profile for the Employees Management Agent

When this run profile is used, the management agent exports data and writes it to the data source. In this walkthrough, you are using a text file for the data source.

Note

To make it easier to see the results of the export and to avoid accidentally overwriting your input file, create a blank text file named EmployeeExport.txt in the same directory as the employees.txt file used by the management agent. Once you have completed creating this file, proceed with the following instructions.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Employees management agent to highlight it.

  3. In the Actions menu, choose Configure Run Profiles. The Configure Run Profiles for “Employees” screen opens.

  4. Click New Profile… to open the Configure Run Profile screen.

  5. Enter Export as the run profile name and click Next.

  6. On the Configure Step screen specify the type of operation that will occur when this run profile is used. In the Type drop-down list, choose Export. Click Next.

  7. On the Management Agent Configuration screen, leave the Partition set to default. You must choose an output file for the exported data. Click the Select… button. Highlight your EmployeeExport.txt file and click OK. If prompted about overwriting the file, click OK.

  8. Click Finish.

  9. Click OK to return to the main Identity Manager screen.

Run the Export

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Employees management agent to highlight it.

  3. In the Actions menu, choose Run. The Run Management Agent screen opens.

  4. Highlight the Export run profile and click OK.

  5. Examine the Export Statistics at the bottom of Identity Manager. Click the Updates link and you will see a list of the objects that were updated. Click Close.

  6. Use Notepad and open the two text files that were used by the management agent, Employees.txt and EmployeeExport.txt. Note that the phone numbers have been added to the EmployeeExport.txt file.

Troubleshooting the Export

If the telephone data fails to export successfully, then consider these troubleshooting questions:

  • Did you successfully complete the previous run profiles of the Employees and the Phone management agents? The import attribute flows must succeed so that the data that needs to be exported is in the metaverse. When attribute flow is modified, the synchronization run profile must be run again in order to update the data.

  • When you ran the management agent, did you run the Employees management agent or the Phone management agent? You are exporting the data to the Employees database. Running the Phone management agent will not affect the employee data.

  • When you ran the management agent, did you use the proper run profile? Make sure you run the Sync run profile followed by the Export run profile.

  • When you were configuring attribute flow during the creation of the Employees management agent, did you configure it to flow all attributes into the metaverse (including the telephone number), and not just the attributes listed in the instructions? If you configured the telephone numbers to be projected into the metaverse along with the rest of the employee data, you will be unable to export the phone data from the phone database without additional configuration. This is due to precedence, which is a topic that is not covered in this walkthrough. Because precedence is not covered in this walkthrough, delete and recreate the Employees management agent and make sure you follow the instructions provided in this walkthrough specifically.

  • Did a text file that you were using as a connected data source get deleted or did the data in the file get erased? This can happen if you specified your data file as the output file when you created the export run profile and the export results in no output. This might happen if an error occurs during export or if there is no data to export (as in the precedence issue described in the previous troubleshooting tip). If this occurs, follow the instructions provided earlier in this walkthrough to create the data files and make sure you place them in the proper folder. Also, consider reconfiguring the export run profiles to use a different output file name while you are troubleshooting any other export problems.

Optional: Update the Telephone Database

These optional procedures export the employee office numbers to the telephone database so the office numbers can be listed in the telephone directory. These optional procedures are provided to give you an opportunity to see if you understand the processes described in this walkthrough. Go back and reference the procedures you have already completed and see if you can complete these optional procedures based on the general information provided below. If you run into problems while attempting the optional procedures, use the troubleshooting information provided earlier.

Export Employee Data to the Phone System

You must perform the following tasks to export the employee data to the telephone database. See if you can successfully configure MIIS 2003 and export office numbers from the employee database to the telephone database by using this list of tasks:

  • Configure export attribute flow. Configure the attribute flow for the Phone management agent to export the Location attribute of the metaverse objects to the Office attribute of the connector space objects.

  • Configure a run profile. Create an export run profile for the Phone management agent. When you create the export run profile, configure it to export the data to the file NewPhone.txt in the same folder as the Phone.txt file used by the Phone management agent.

  • Perform the outbound synchronization and the export. Synchronize the data and run the Phone management agent with the Sync and Export run profiles and then verify that the office numbers have been added to the telephone data in the NewPhone.txt file.

Detailed Procedures

Detailed procedures are provided here if you need additional help.

Configure the Phone Management Agent

Exporting data requires a change to the configuration of the management agent associated with the connected data source. In this case, the Phone management agent needs to be configured to allow export attribute flow in order to flow the office numbers from the metaverse to the connector space.

Configure Export Attribute Flow

You must adjust the configuration to allow the Location attribute to flow out of the metaverse to the connector space so the Phone management agent can export it to the telephone database.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Phone management agent to highlight it.

  3. In the Actions menu, choose Properties. The Properties screen opens.

  4. Under Management Agent Designer click Configure Attribute Flow.

  5. You already configured attribute flow for this management agent. The previous configuration can be viewed by expanding the Object Type:person in the Data Source Attribute column. You should see the attribute flow you configured earlier for the telephone attribute. Notice how the arrow shows import attribute flow from the connector space attributes to the metaverse attributes. You need to configure export attribute flow to send data from the metaverse to the connector space for the Phone management agent. In the Data source attribute: list at the bottom of the screen, highlight Office.

  6. In the Metaverse attribute: list, highlight Location.

  7. Under Flow Direction select Export.

  8. Click New. Note that the arrow in the table now points in the other direction. This indicates export attribute flow. Data for this attribute will flow out of the metaverse.

  9. Click OK to save the new configuration.

Synchronize the Phone Data

In order for the new configuration to take effect, you must synchronize the telephone data. The new attribute flow you configured in the previous procedure causes the office data in the metaverse to be sent to the connector space during synchronization.

To get the office data to flow to the telephone connector space, you have to change the attribute flow rules to include the export attribute flow. Because the attribute flow rules change, it is necessary to perform a full synchronization. During synchronization, the new rules will be applied and cause the metaverse objects to be updated. This update causes outbound synchronization to occur and the new export attribute flow rules will send the office data to the Phone management agent’s connector space. In a production environment, this would not be the optimal solution because it involves performing an additional synchronization just to get the office data to the phone connector space. As mentioned earlier in the walkthrough, synchronization can take hours or even days based on the number of objects being synchronized.

The ideal solution is to configure the export attribute flow for the office data before running the first synchronization on the employee database data. In order for that to happen, you would have had to know that the office data needed to be exported prior to the first synchronization of the employee data. This is a simple example that demonstrates why you should plan all of your attribute flow before performing any synchronization.

You are now ready to perform the synchronization. Based on the configuration changes you made, this will cause the office data to flow from the metaverse out to the connector space.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Phone management agent to highlight it.

  3. In the Actions menu, choose Run. The Run Management Agent screen opens.

  4. Highlight the Sync profile and click OK.

  5. Examine the Synchronization Statistics at the bottom of the Identity Manager screen. There is now a section labeled Outbound Synchronization for the Phone management agent. Click the Export Attribute Flow link for the Phone management agent to display a list of the objects that have been updated in the connector space. Highlight one of the employee ID numbers and click Properties…. Notice the line for the Office attribute. It now shows a change type of add, the Old Value is blank and the New Value is the office number being exported. Click Close.

  6. Close the Object Details window.

Confirming Exports

Examine the Synchronization Statistics at the bottom of the Identity Manager. Note that there is now a section labeled Outbound Synchronization for both the Employee management agent and the Phone management agent. When MIIS 2003 exports data, it uses the connector space to keep track of the values most recently exported. MIIS 2003 tracks the exported values for two reasons. First, it can verify that data was successfully exported. Second, it can confirm that the exported values remain unchanged in the connected data source.

After an export has been processed, MIIS 2003 uses the next import operation to compare the values imported with the most recent values exported so it can determine whether or not the exported data was successfully exported and still remains unchanged. This is how it ensures that the export of data was successful and it provides a mechanism that makes it possible for MIIS 2003 to determine if data has been changed outside of the MIIS 2003 environment.

During synchronization the newly imported data is compared to the most recently exported data. If the data is unchanged, MIIS 2003 will consider the export successful and no further action is taken on that data until a new change is detected. However, if the newly imported values do not equal the most recently exported values, then MIIS 2003 will restage the values for export because it assumes the previous export was not successful.

This is why you now see two Outbound Synchronization sections at the bottom of the Identity Manager, one for the Phone management agent and one for the Employees management agent. Because you have not performed an import of the telephone data exported by the Employees management agent, MIIS 2003 has not been able to verify that the export was successful. Because of this, the data will once more be staged for export and you will see the Outbound Synchronization section for the Employees management agent showing you the synchronization statistics. Perform an import operation (this can be a staging operation) to import the employee data so MIIS 2003 can confirm a successful export.

Note

During the export operation, you configured the Employees management agent to export the data to a separate text file to avoid overwriting your input file. You need to swap the two text files that contain the employee data so that the import operation will see the exported data. Use Windows Explorer and rename the C:\Program Files\Microsoft Identity Integration Server\MaData\Employees\Employees.txt file to EmployeesBack.txt. Rename the C:\Program Files\Microsoft Identity Integration Server\MaData\Employees\EmployeeExport.txt file to Employees.txt.

Run the management agent and stage the employee data.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Make sure the Employees management agent is highlighted then click Run in the Action menu.

  3. The Run Management Agent dialog box displays a list of the available run profiles. Select Staging and click OK to run the management agent with the Staging run profile.

    Synchronize the phone data one more time so you can see the effect of the previous import operation.

  4. Click the Phone management agent to highlight it.

  5. In the Actions menu, choose Run. The Run Management Agent screen opens.

  6. Highlight the Sync profile and click OK.

  7. Examine the Synchronization Statistics at the bottom of the Identity Manager screen. Note that the Outbound Synchronization statistics for the Employees management agent no longer show up. Since MIIS 2003 confirmed the export of the data it is no longer attempting to stage the data for another attempted export.

Export Data

The final step is to perform the export operation. As with the previous operations, you must first create a run profile for the export operation.

Create an Export Run Profile

When this run profile is used, the management agent exports data and writes it to the data source. In this walkthrough, you are using a text file for the data source.

Note

To make it easier to see the results of the export and to avoid accidentally overwriting your input file, create a blank text file named NewPhone.txt in the same directory as the Phone.txt file used by the management agent. Once you have completed creating this file, proceed with the following instructions.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Phone management agent to highlight it.

  3. In the Actions menu, choose Configure Run Profiles. The Configure Run Profiles for “Phone” screen opens.

  4. Click New Profile… to open the Configure Run Profile screen.

  5. Enter Export as the name of the run profile in the Name text box and click Next.

  6. On the Configure Step screen, specify the type of operation that will occur when this run profile is used. In the Type drop-down list, choose Export. Click Next.

  7. On the Management Agent Configuration screen, leave the Partition set to default. You must choose an output file for the exported data. Click the Select… button. Highlight your NewPhone.txt file and click OK. If you are prompted about overwriting the file, click OK.

  8. Click Finish.

  9. Click OK to return to the main Identity Manager screen.

Run the Export

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Click the Phone management agent to highlight it.

  3. In the Actions menu, choose Run. The Run Management Agent screen opens.

  4. Highlight the Export profile and click OK.

  5. Examine the Export Statistics at the bottom of the Identity Manager screen. You should see that three updates occurred. Click the Updates link and you will see a list of the objects that were updated. Click Close.

  6. Use Notepad and open the two text files that were used by the management agent, phone.txt and NewPhone.txt. Note that the office numbers have been added to the NewPhone.txt file.

Confirm the Export

Confirm that the export was successful by performing one last import operation.

Note

During the export operation, you configured the Phone management agent to export the data to a separate text file to avoid overwriting your input file. You need to swap the two text files that contain the employee data so that the import operation will see the exported data. Use Windows Explorer and rename the C:\Program Files\Microsoft Identity Integration Server\MaData\Phone\Phone.txt file to PhoneBack.txt. Rename the C:\Program Files\Microsoft Identity Integration Server\MaData\Phone\NewPhone.txt file to Phone.txt.

Run the management agent and stage the employee data.

  1. Make sure that Management Agents is selected and the Management Agents screen is active.

  2. Make sure the Employees management agent is highlighted then click Run in the Action menu.

  3. The Run Management Agent dialog box displays a list of the available run profiles. Select Staging and click OK.

Synchronize the phone data one more time and verify that it is not attempting to stage data for export.

  1. Click the Phone management agent to highlight it.

  2. In the Actions menu, choose Run. The Run Management Agent screen opens.

  3. Highlight the Sync profile and click OK.

  4. Examine the Synchronization Statistics at the bottom of the Identity Manager screen. Note that there should not be any Outbound Synchronization statistics for the Employees or the Phone management agents.

Summary

You have just completed a rudimentary deployment of MIIS 2003. You started with two simple data sources (in this case, two text files representing data extracted from databases). Then you installed MIIS 2003 and configured it to allow data to flow between the two data sources.

The employees.txt file was a comma delimited text file that represented data extracted from an employee database. The phone.txt file was a comma delimited text file that represented data extracted from a telephone system. These two text files were the connected data sources used in this walkthrough.

After you created the data files, you created a management agent for each data source. First you created the management agent for the employee database. You configured it to project the employee data into the metaverse. You also configured it to filter out data for employees whose status was set to Inactive. Then you created the management agent for the telephone data. You configured this management agent to use join rules to add data to the objects that had been created by the management agent for the employee database.

Once you imported all the data into the metaverse, you modified the data flow settings for the management agent for the employee database to allow the telephone data to be exported out to the employee data source.

If you performed the optional procedures, you also modified the data flow for the management agent for the telephone data and exported office data that was originally in the employee database so that office numbers could be used in the telephone directory.

This walkthrough covered a narrow scenario designed to introduce new user to basic concepts about MIIS 2003. This walkthrough did not discuss the internal workings of MIIS 2003. It also did not discuss design and deployment strategies needed for successful production deployments of MIIS 2003. Complete documentation is available for MIIS 2003 at the MIIS Technical Resources Web site (https://go.microsoft.com/fwlink/?LinkId=36734).