Data
Reader small image

You're reading from  Microsoft Identity Manager 2016 Handbook

Product typeBook
Published inJul 2016
PublisherPackt
ISBN-139781785283925
Edition1st Edition
Tools
Microsoft Identity Manager
Concepts
Identity Management
Right arrow
Authors (2):
David Steadman
David Steadman
author image
David Steadman

David Steadman has been an IT industry influencer and dedicated husband for more than 17 years. He has held prestigious positions at some of the world's most innovative technology companies, including his service as a senior escalation engineer within the identity platform at, possibly, the most famous tech company on the planet, Microsoft. He is an entrepreneur, active learner, and a man constantly looking to develop and expand new skills in order to leverage the technology of the future. When not at his job, David enjoys family time and coaching soccer.
Read more about David Steadman

Jeff Ingalls
Jeff Ingalls
author image
Jeff Ingalls

Jeff Ingalls is a husband, father, and cancer-surviving dyslexic who works out of his Ohio home office in identity and access management. Jeff has been working with Microsoft technologies for over 20 years and with the Microsoft identity software since its conception in 2003. He has provided solutions to various private and public sectors including automotive, DoD, education, health and services, small businesses, and state and local government. He enjoys learning, teaching, and learning some more. Jeff has a graduate degree in information technology and an undergraduate degree in mathematics. In his free time, he enjoys spending time with his family, cooking, and reading non-fiction. You can reach him at jeff@ingallsdesigns.com.
Read more about Jeff Ingalls

View More author details
Right arrow

Chapter 3. MIM Sync Configuration

If you have followed the previous chapters closely, you will now have a newly installed MIM environment. In this chapter, we will discuss some of the basic configurations we need to look at, no matter how our environment looks, or how we plan to use MIM.

We will focus on the initial configuration of the MIM Synchronization Service. Specifically, we will cover the following topics:

  • MIM Synchronization interface

  • Creating Management Agents

  • Schema management

  • Initial load versus scheduled runs

  • Moving the configuration from development to production

MIM Synchronization interface

Let's start by examining the MIM Synchronization graphical interface, and describing some of the tools and options available. Launching the Synchronization Service program will show an interface divided into five primary tools: Operations, Management Agents, Metaverse Designer, Metaverse Search, and Joiner. The basic features of these tools are as follows:

  • The Operations tool provides the connection status, details of new objects, object deletions, changes, errors, and internal MIM actions such as projections, provisions, and joins.

  • The Management Agents tool allows you to create, configure, control, and view management agents or the way we connect the synchronization engine to the various systems and pull and push data between those systems.

  • The Metaverse Designer controls the Metaverse schema, the objects, the attributes associated with these objects, object deletion rule, as well as controlling which system is authoritative for each attribute. Recall that the...

Creating Management Agents

Before we start to use our MIM implementation to manage identities, we need to decide where the information about the identities will come from, and where that information will go. It is best that we start off with the essential connections, and add more as we verify that the basics are working.

A very typical scenario is the one we have—The Financial Company has an HR (human resource) system that will, for the most part, work as the source of identity information. Then it has Active Directory, which is the primary system to receive the identity information.

The basic flow will be: HR -> MIM -> AD.

But that is only the basic flow. As you will see later in this book, there will be other sources of information and additional targets.

Active Directory

Most MIM implementations have at least one Management Agent connected to Active Directory.

There are a few things to consider before creating this Management Agent. First, you should have already sat down with business...

Creating a rules extension

A rules extension supplements the MIM Management Agent, and provides the flexibility for you to build customized rules. We will walk you through a simple (and common) example of building an attribute value from the values of other attributes. TFC wants displayName to be firstName, first initial of middleName, and lastName. Follow the steps listed next:

  1. Let's begin by right-clicking on the HR Management Agent, hovering over Create Extension Projects…, and selecting Rules Extension:

  2. The Create Extension Project window appears. We will write our rules extension in Visual C# using Visual Studio 2015, and store our source code in C:\SourceCode. If you are also using Visual Studio 2015, choose the highest Visual Studio version shown in your window. Click on OK to launch Visual Studio:

  3. The Visual Studio interface gets loaded. Double-click on the HRExtension.cs file so that it is opened:

  4. Scroll down until you see IMASynchronization.MapAttributesForImport. You should see case...

The Metaverse rules extension

There's one more rules extension that we need to create—the Metaverse rules extension. A Management Agent rules extension, such as the HR one we just created, is a DLL that allows us to manipulate data between the connector space and the Metaverse. The Metaverse DLL allows us to manipulate data between connector spaces. In our scenario, we want to push HR data to the Metaverse (this was done by setting the HR Management Agent to project), and then from the Metaverse out to AD. Another case to look at the need for a Metaverse rules extension is when you need to specify a one-time or an initial value for one or more attributes. For example, if you were to create an AD object using any other tool, you would need to specify a password. We set our password and any other attributes that only need to be performed once in our Metaverse rules extension. Follow the steps as described next:

  1. In the Management Agents tool, click on Tool, and then on Options…. Check Enable...

Schema management

Very early on in our MIM deployment, we ran into discussions regarding the need for schema changes in MIM. The default schema is not sufficient, and needs to be modified in almost every case. I will only give a short overview about schema management in this chapter, and will try to explain more in the coming chapters.

MIM Sync versus MIM Service schema

One of the problems with the MIM Synchronization/MIM Service system is that it holds two schemas. We have one schema for the MIM Synchronization Service database and one for the MIM Service database.

Depending on our needs, we change one or both of these schemas. Whether the attributes or objects are required within MIM Service depends on whether or not they are managed using MIM Portal, or used in some policy. If not, we do not need them in the MIM Service schema.

On the other hand, if an attribute or object type is used in a policy within MIM Service, but is never supposed to be synchronized to other data sources, we do not...

Initial load versus scheduled runs

When we first start to import information into Synchronization Engine, it is likely that information already exists in many or all of the connected systems. We might need to create special synchronization rules just for the initial load, which are not used again unless we need to rebuild the data.

At The Financial Company, the basic idea is that users should be imported from the HR system and created in AD. But when we start, there might be existing users in AD, and we would need to connect them using a join rather than provisioning (creating) them in AD. During the initial load, we would therefore turn off provisioning in MIM, import users from both systems, project them into the MV, and join the users existing in both the systems.

Initial load is usually done manually; that is, we manually start the required run profiles for each MA.

If the environment is large, the initial load might take many hours due to the fact that when we export our objects into the...

Summary

In this chapter, The Financial Company configured their first Management Agents and prepared the MIM environment for further configuration. Note that one common source of error in a MIM environment is the lack of well-documented processes to make sure the development/test and production environments look the same. Learning and documenting how to move your configuration from development/test to production is vital as the configuration gets more complex. If you take your time to make sure your basic configuration setup is satisfactory, it will save you many hours of troubleshooting later on. If you feel confident that your basic configuration is correct, moving on and making more complex configuration settings will be easier.

In the next chapter, we will look at how to configure MIM Service.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 9 of 22
Next Chapter
You have been reading a chapter from
Microsoft Identity Manager 2016 Handbook
Published in: Jul 2016Publisher: PacktISBN-13: 9781785283925
© 2016 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
David Steadman

David Steadman has been an IT industry influencer and dedicated husband for more than 17 years. He has held prestigious positions at some of the world's most innovative technology companies, including his service as a senior escalation engineer within the identity platform at, possibly, the most famous tech company on the planet, Microsoft. He is an entrepreneur, active learner, and a man constantly looking to develop and expand new skills in order to leverage the technology of the future. When not at his job, David enjoys family time and coaching soccer.
Read more about David Steadman

author image
Jeff Ingalls

Jeff Ingalls is a husband, father, and cancer-surviving dyslexic who works out of his Ohio home office in identity and access management. Jeff has been working with Microsoft technologies for over 20 years and with the Microsoft identity software since its conception in 2003. He has provided solutions to various private and public sectors including automotive, DoD, education, health and services, small businesses, and state and local government. He enjoys learning, teaching, and learning some more. Jeff has a graduate degree in information technology and an undergraduate degree in mathematics. In his free time, he enjoys spending time with his family, cooking, and reading non-fiction. You can reach him at jeff@ingallsdesigns.com.
Read more about Jeff Ingalls

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages