Microsoft KB Archive/285298

= How to Use the MsMMS-ManagedByMa Attribute to Create Users in Active Directory =

Article ID: 285298

Article Last Modified on 1/25/2006

-

APPLIES TO


 * Microsoft Metadirectory Services 2.2 Service Pack 1

-



This article was previously published under Q285298



SUMMARY
This article discusses the msMMS-ManagedByMA attribute, a new attribute introduced in Microsoft Metadirectory Services, version 2.2.

This attribute has been designed exclusively for the Active Directory Management Agent (MA). It enables the administrator to tag a metaverse object with a value of a Distinguished Name (DN) of one or more MAs. If you set this attribute on the metaverse object, you can configure the Active Directory MA to create a User object instead of the default behavior of a contact.

This attribute is multivalued. It enables you to create users or to disable users in multiple locations. Generally, this attribute is used with service provisioning scenarios, for example, in Microsoft Exchange 2000 situations where you are required to create a mailbox in one forest, but the primary user account resides in another forest.



MORE INFORMATION
The attribute assignment resembles the following example: $mv.msMMS-ManagedByMA = ma=ADMA,DsaName=MMS1,OU=application,DC=microsoft,DC=com You can add additional values to this attribute, such as: $mv.msMMS-ManagedByMA += ma=Corp,DsaName=MMS1,OU=application,DC=microsoft,DC=com You may need more advanced scripting to control which metaverse objects are tagged with this attribute. In the following example, the advanced flow script assigns to software development engineers the Distinguished Name of the MA that manages the Dev Active Directory forest, all other employees are created as users in the Corp Active Directory forest, which is managed by the Corp Active Directory MA: if $mv.organizationalRole = SDE

then


 * 1) SDE = Software development engineer; these individuals are to be created
 * 2) as Users in the Dev forest managed by the Dev Active Directory management agent

$mv.msMMS-managedByMA= ma=DEV,DsaName=MMS1,ou=Applications,dc=microsoft,dc=com

else


 * 1) All other employees are to be created in the Corp forest
 * 2) managed by the Corp Active Directory management agent

$mv.msMMS-managedByMA= ma=CORP,DsaName=MMS1,ou=Applications,dc=microsoft,dc=com

endif The msMMS-managedByMA attribute can be set by means of a program on metaverse objects in one of the following two ways:
 * This value can be set by means of the Advanced Attribute Flow template on the primer MA.
 * By means of the Drag-and-Drop template on the MA assigned to the target MA.

Method 1
You can set this value using the Advanced Attribute Flow template on the primer MA, by performing the following steps:

 Select the MA (primer MA) that can create the user in the metaverse. In the Action Panel, click Attribute Flow. Click the Advanced Flow Script tab.  Make the assignment using the $mv.msMMS-ManagedByMA attribute to assign this value to the users metaverse object. For example,

$mv.msMMS-ManagedByMA = ma=ADMA,DsaName=MMSServer,OU=application,DC=microsoft,DC=com </ol>

NOTE: This value is assigned to the metaverse object when the primer MA runs.

Method 2
You can set this value using the Drag-and-Drop template on the target MA, by performing the following steps: <ol> Select the MA (target MA) where the connector space objects are to be created.</li> In the Action Panel, click Design MA.</li> Click the Control Connected Directory tab.</li> Click the Output Construction tab.</li> Click New Connectors tab.</li>  Add the following lines of code to this template: <pre class="fixed_text">$mvp.msMMS-ManagedByMA = $MA $mvp.zcMisc1 = UpdateNow </li>  In addition you need to add the following lines of code to the Advanced Attribute Flow template: <pre class="fixed_text">if $mvp.zcMisc1 = UpdateNow then $mv.msMMS-ManagedByMA = $mvp.msMMS-ManagedByMA endif </li></ol>

The attribute is defined as:
 * DN: ZAN=msMMS-managedByMA,ZAN=ADMA,ZAN=MMS,ZAN=ms,F=Attributes
 * -cn;M: msMMS-managedByMA
 * -zcOid;M: 1.2.840.113556.1.6.7.1.700.16.1.47
 * zcSyntax;M: T61String
 * zcMultiValued;M: M

Additional query words: Zoomit MA mms metadirectory ADMA

Keywords: kbinfo kbenv KB285298

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.