Microsoft KB Archive/299392

= Understanding the MsMMS-TimeToLive Attribute =

Article ID: 299392

Article Last Modified on 1/18/2006

-

APPLIES TO


 * Microsoft Metadirectory Services 2.2 Service Pack 1

-



This article was previously published under Q299392



SUMMARY
The msMMS-TimeToLive attribute is used to determine when a disconnector will be deleted from the connected directory. This article describes how this process works.



MORE INFORMATION
You can set the msMMS-TimeToLive attribute on either the management agent (MA) or an individual connector object. By setting this value on an individual connector, this overrides the value that is specified at the MA level. You can use the following values to determine the life span of a disconnector in the Microsoft Metadirectory Services (MMS) directory:
 * msMMS-TimeToLive = 0

This value, which is the default value, deletes the disconnector the next time that you run the MA.
 * msMMS-TimeToLive = 1

This value indicates that the disconnector will be deleted after one second. You can set this value to any number of seconds based on how long you want to keep the object around.
 * msMMS-TimeToLive = -1

This value indicates that the disconnector will be never be deleted.

You can set the msMMS-TimeToLive attribute by flowing this value with attribute flow or by the Connector Space construction template when you initially create this object.

Method 1: Set the msMMS-TimeToLive Value Across an Entire Management Agent

 * 1) Log on with Compass to the MMS server.
 * 2) Click the MA.
 * 3) On the Action panel, click Configure MA.
 * 4) Click the Connected Directory Specifics tab.
 * 5) Click the Mode and Namespace Management tab.
 * 6) Type the value (in number of seconds) in the How long should disconnected CS entries persist box.
 * 7) Click OK to save the changes.

Use of the advanced attribute flow script
The following steps are an example of how you could code the advanced attribute flow script to set the msMMS-TimeToLive value to -1 for a Person object that was provisioned and that has a Connector Space domain name that contains the word &quot;Test&quot;. By setting this value by using the Advanced Flow Script, you can set the value on all newly created objects as well as existing objects.  Select the MA in which you want to set this attribute. Click Attribute Flow. Click the Advanced Flow Script tab.  Add code to that script if you need to assign different values to different objects. The following sample code is an example of how you could code the advanced attribute flow script to set the msMMS-TimeToLive value to -1 for a Person object that was provisioned and that has a Connector Space domain name that contains the word &quot;Test&quot;:Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. If $mv.zcoc = zcperson,Person,Top then #If TRUE then we are testing to see if TAMA created the object If $cs.msMMS-ManagedByProfile = TRUE then #If TRUE then we are testing for a value in the DN that #would match some criterion. In this case I had an ou called #Test. If $EMBEDDED(&quot;Test&quot;,$cs.dn) = T           then #If all of the above conditions were met then set the #TTL to -1. This means that the disconnector will never #be deleted. $cs.msMMS-TimeToLive = -1 endif endif endif  Click OK to save these changes.
 * 1) This condition is testing to see if the object is a person object.

Use of the drag-and-drop template
Note: This code could also be implemented in the drag-and-drop template (the New Connectors Template). If you set it this way:
 * It will only set the value when the Together Administration MA (TAMA) creates the CS object.
 * You do not need the $cs.msMMS-ManagedByProfile = TRUE test because you will be assured that TAMA created the object.

To set the msMMS-TimeToLive value on all new connector space objects created by TAMA:  Select the MA in which you want to set this attribute.</li> On the Action panel, click the Design MA button.</li> Click the Control Connected Directory tab.</li> Click the Output Construction Templates tab.</li> Click the New Connectors tab.</li>  Add code to that script if you need to assign different values to different objects. The following sample script is an example of how you could code the advanced attribute flow script to set the msMMS-TimeToLive value to -1 for a Person object that was provisioned and that has a Connector Space domain name that contains the word &quot;Test&quot;: If $mv.zcoc = zcperson,Person,Top then #If TRUE then we are testing for a value in the DN that would #match some criterion. In this case I had an ou called Test. If $EMBEDDED(&quot;Test&quot;,$cs.dn) = T       then #If all of the above conditions were met then set the #TTL to -1. This means that the disconnector will not be        #deleted. $cs.msMMS-TimeToLive = -1 endif endif endif </li> Click OK to save these changes.</li></ol>
 * 1) This condition is testing to see if the object is a person object.

Understanding the Life Cycle of a Connector Containing a TimeToLive Value
It is important to understand what should happen to a connector after you set this attribute value. The following three examples describe objects with different TimeToLive settings.

Nancy QuickDeath
Nancy QuickDeath is hired by CompanyA. She is added to the human resources (HR) database and is imported into MMS in Reflector mode through the HR Management Agent (HRMA). After the HRMA is finished running, the MMS scheduler starts the TAMA (Together Administration MA) script and the Nancy QuickDeath object is created in the connector space of the Active Directory MA (ADMA). The msMMS-TimeToLive setting is not set on this object. The ADMA runs and Nancy QuickDeath is created in Active Directory. Four months later, Nancy is terminated from CompanyA, and so she is deleted from the HR database. The HRMA runs and removes Nancy from the metaverse. This disconnects her CS object in the ADMA. The TAMA runs and the CS object remains as a disconnector. Finally, ADMA runs and Nancy's object is immediately deleted from Active Directory.

Fred SlowDeath
Fred SlowDeath is hired by CompanyA, in the Accounting department. The object Fred SlowDeath is created in the HR database. The account department has a policy that states that the user should remain a disconnector for 24 hours before the object is deleted. Fred is imported into the metaverse when the HRMA is run in Reflector mode. TAMA is then configured to drag and drop Fred into the ADMA's Connector Space. The advanced flow script sets the attribute $cs.msMMS-TimeToLive = 86400 on Fred's CS object (Note: There are 86400 seconds in 24 hours). Next, the ADMA runs and creates the object in Active Directory. Two months later, Fred leaves the company. Fred is deleted in the HR database. The HRMA runs and Fred is removed from the metaverse. At this point, the Fred object is disconnected in the ADMA. Next, the TAMA object runs and the CS object remains as a disconnector. The ADMA then runs and Fred remains as a disconnector. He is not deleted from Active Directory. Each time that the ADMA runs, Fred remains a disconnector until the 24 hour waiting period expires. After this period ends and the ADMA is executed, Fred's disconnector will be deleted and the deletion will be issued on Fred's User object in Active Directory.

Bart NeverDies
Bart NeverDies is hired in the Finance Department by CompanyA and he is created in the HR database. The Finance department has a policy that states that a user should remain a disconnector indefinitely and therefore objects should only be disabled, never deleted. Bart is imported into the metaverse when the HRMA runs in Reflector mode. TAMA is then configured to drag and drop Bart into the ADMA's Connector Space. The advanced flow script has set the attribute $cs.msMMS-TimeToLive = -1 on Bart's CS object. Next, the ADMA runs and creates the object in the Active Directory. One year later, Bart is terminated. Bart is deleted from the HR database, the HRMA runs and Bart is removed from the metaverse. At this point, the Bart object is disconnected in the ADMA. Next, the TAMA object runs and the CS object remains as a disconnector. The ADMA then runs, Bart remains as a disconnector; therefore, he is not deleted from Active Directory. Each time the ADMA runs, Bart will remain a disconnector.

Note: In this scenario, code would also be written to disable users in Active Directory when they become disconnectors. This would allow users to be enabled if they ever returned to the company.

Additional query words: mms metadirectory zoomit

Keywords: kbinfo kbenv KB299392

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.