Microsoft KB Archive/317912

From BetaArchive Wiki

Article ID: 317912

Article Last Modified on 6/17/2005



APPLIES TO

  • Microsoft Metadirectory Services 2.2 Service Pack 1
  • Microsoft Metadirectory Services 2.2 Service Pack 1



This article was previously published under Q317912

SUMMARY

This article describes how to bypass creating a large number of resources when you configure the Together Administration management agent (TAMA). TAMA is a special management agent that provisions users allowing for a hire/fire scenario. In this article an alternative solution is described for scenarios that require the creation of a large number of resources. In most scenarios, there are a limited number of resources that must be created. However, if you have a scenario where the connected directory already contains a large number of containers (10 or more) and the requirement will be to have a large number of resources to accommodate the scenario, this alternative solution may help. This article describes how to bypass resources by coding the New Connectors templates in the destination organizational unit.

IMPORTANT: It is important to understand how TAMA works. For additional information about TAMA, click the article number below to view the article in the Microsoft Knowledge Base:

303031 Description of the Together Administration Management Agent (TAMA)


MORE INFORMATION

You may encounter a problem when you have to create a large number of resources. If there are a large number of resources, it might be more efficient to create one resource that will manage all metaverse objects, and then use the New Connectors templates to make decisions about where objects should be placed in the connector space. This reduces the amount of work that would be required to create a large number of resources. It is equivalent to creating a rules script, except that you will be making decisions and then building object CS DNs based on conditional tests in the New Connectors template in the ADMA. This article describes this solution in the following steps:

  • Creating Code to Test for a Specific Condition
  • Modifying the New Connectors Templates
  • Creating One Resource to Provision All Users

Creating Code to Test for a Specific Condition

You can use the following code as an example of how you might be able to design the provisioning strategy in the New Connectors template (which is described in the "Modifying the New Connectors Templates" section of this article). When you are working to design the following code, you must be fully aware of the containers that you want to populate in Active Directory, as well as the trigger attribute you will use in the metaverse.

In this example, the metaverse company attribute is used as the determining factor in where to place users in the Active Directory organizational unit structure. In addition, a residual container has been created for objects that do not meet any of the following tests to avoid error messages in the event that the $mv.company attribute is not populated in the metaverse for a provisioned object.

#creating a residual container for all objects that do not meeting any of 
#the following conditions.
$v_path = OU=residual,NC=microsoft.com
$v_newdn = ($v_rdn,)($v_path)(,ma=$v_chunk2)

if $mv.company = MSFT
then
$v_path = OU=Users,OU=MSFT,NC=microsoft.com
$v_newdn = ($v_rdn,)($v_path)(,ma=$v_chunk2)
endif

if $mv.company = MSN
then
$v_path = OU=Users,OU=MSN,NC=microsoft.com
$v_newdn = ($v_rdn,)($v_path)(,ma=$v_chunk2)
endif

if $mv.company = Games
then
$v_path = OU=Users,OU=Games,NC=microsoft.com
$v_newdn = ($v_rdn,)($v_path)(,ma=$v_chunk2)
endif

if $mv.company = Consulting
then
$v_path = OU=Users,OU=Consulting,NC=microsoft.com 
$v_newdn = ($v_rdn,)($v_path)(,ma=$v_chunk2)
endif

if $mv.company = Support
then
$v_path = OU=Users,OU=Support,NC=microsoft.com
$v_newdn = ($v_rdn,)($v_path)(,ma=$v_chunk2)
endif

#Assign the value of the variable $v_newdn to the $cs.dn value
$cs.dn = $v_newdn
                

Modifying the New Connectors Templates

To modify the New Connectors template:

  1. Select the MA in which you want to set this attribute.
  2. On the Action pane, click Design MA.
  3. Click the Control Connected Directory tab.
  4. Click the Output Construction Templates tab.
  5. Click the New Connectors tab.
  6. Locate the following piece of code:

     # Normalize the connector DN's parents.  
       # DC/dc are normalized to "OU" for components under the MA
       # these parents are assumed to have been normalized 
       # during their creation
       $v_chunk1 = $get_substring($cs.dn, "", ",ma=")
       $v_chunk1 = $REPLACE($v_chunk1, ",DC=", ",OU=")
       $v_chunk1 = $REPLACE($v_chunk1, ",dc=", ",OU=")
       $v_chunk2 = $GET_SUBSTRING($cs.dn,",ma=", "")
     
                        
  7. Comment out the following two lines of code:

    #$v_newdn = ($v_chunk1,)(ma=$v_chunk2)
    #$cs.dn = $v_newdn
                        
  8. Insert your custom code that you created in the "Creating Code to Test for a Specific Condition" section of this article after the preceding commented code.

Creating One Resource to Provision All Users

In this scenario, you modify the existing Simple Active Directory Management Agent Object Creation resource.

NOTE: For additional information about creating a new resource, click the article number below to view the article in the Microsoft Knowledge Base:

303031 Description of the Together Administration Management Agent (TAMA)


  1. In Compass, click The Known Universe.
  2. View the top node where you want to provision the users, and then select the object. Note that usually this is an organizational unit somewhere in your metaverse tree.
  3. In the Action pane, click Administration.
  4. Click the Account Profile tab under Entry Administration.
  5. Double-click the Sample Flat Active Directory Object Creation Resource object to view its properties.
  6. Click Select MA, view the ADMA, and then copy the object.
  7. Paste the object into the Management Agent box.
  8. Leave the Location Under Management Agent (Optional) box empty.
  9. Click OK to close the properties window.
  10. Drag that management agent from the Resource List box to the Account Profile box.
  11. Click OK to close Entry Administration.

At this point, you should be able to run the Provisioning agent that you created. This process scans all of the metaverse entries looking for resources. When it finds the Sample Flat Active Directory Object Creation resource, it will use the management agent's New Connectors template to build the object under the Destination Management Agent. Based on the code that you created in the "Creating Code to Test for a Specific Condition" section of this article, all users should be placed in the correct location under the management agent.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.


Additional query words: mms metadirectory zoomit

Keywords: kbhowto kbenv kbnetwork KB317912