Hands-On-Labs for. Microsoft Identity Integration Server Microsoft Identity Integration Server 2003 Hand-On-Labs

Similar documents
Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

What s New in BID2WIN Service Pack 4

Implementing and Supporting Windows Intune

Port Configuration. Configure Port of EventTracker Website

Integrate Microsoft ATP. EventTracker v8.x and above

Integrate Salesforce. EventTracker v8.x and above

Integrate Palo Alto Traps. EventTracker v8.x and above

Integrate Veeam Backup and Replication. EventTracker v9.x and above

How To Embed EventTracker Widget to an External Site

"Charting the Course to Your Success!" MOC B Implementing Forefront Identity Manager 2010 Course Summary

Integrate Barracuda Spam Firewall

WorkPlace Agent Service

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Centrify for Dropbox Deployment Guide

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

CHECK PROCESSING. A Select Product of Cougar Mountain Software

Integrate Dell FORCE10 Switch

Lab Answer Key for Module 1: Creating Databases and Database Files

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

Getting Started with Tally.Developer 9 Alpha

Implementing Forefront Identity Manager 2010

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate Microsoft Office 365. EventTracker v8.x and above

SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

Integrate Saint Security Suite. EventTracker v8.x and above

Integrate IIS SMTP server. EventTracker v8.x and above

Integrate NGINX. EventTracker v8.x and above

RMH POS USER INTERFACE & NAVIGATION

Integrate Aventail SSL VPN

Integrating Imperva SecureSphere

Integrate Sophos UTM EventTracker v7.x

HOTPin Software Instructions. Mac Client

Integrating Barracuda SSL VPN

Remote Indexing Feature Guide

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Installation and User Guide Worksoft Certify Content Merge

Integrate Windows PowerShell

Integrate EMC Isilon. EventTracker v8.x and above

Microsoft Dynamics GP. Extender User s Guide

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

Mobile On the Go (OTG) Server

Integrate Cb Defense. EventTracker v8.x and above

Microsoft Dynamics GP. Extender User s Guide Release 9.0

Integrating Terminal Services Gateway EventTracker Enterprise

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrating Microsoft Forefront Unified Access Gateway (UAG)

External Data Connector for SharePoint

KwikTag v4.6.4 Release Notes

Aimetis Symphony Mobile Bridge. 2.7 Installation Guide

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

Windows Mobile 2003 Second Edition Software for Pocket PCs. Reviewers Guide August For more information, contact:

User Guide SecureLogin 7.0 SP3 April, 2012

Event Correlator. EventTracker v8.x

Version: Shoper 9 LiveUpdate/1.21/March 2011

Integrate Citrix Access Gateway

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

NetIQ Aegis: Automated Workflow Magic Lab

DC Detective. User Guide

Teradici PCoIP Software Client for Windows

Integrating Cisco Distributed Director EventTracker v7.x

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Integrate Microsoft Antimalware. EventTracker v8.x and above

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Novell ZENworks Asset Management 7.5

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Secure IIS Web Server with SSL

x10data Smart Client 6.5 for Windows Mobile Installation Guide

How to Use DTM for Windows Vista System Logo Testing: A Step-by-Step Guide

Integrate Malwarebytes EventTracker Enterprise

Microsoft Dynamics GP. Inventory Kardex

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Administrator's Guide

Microsoft Dynamics GP Release Integration Guide For Microsoft Retail Management System Headquarters

INSTALLATION & OPERATIONS GUIDE Wavextend Calculation Framework & List Manager for CRM 4.0

DBArtisan 8.6 New Features Guide. Published: January 13, 2009

Pipeliner CRM Arithmetica Guide Importing Accounts & Contacts Pipelinersales Inc.

A SharePoint Developer Introduction. Hands-On Lab. Lab Manual HOL5 Using Client OM and REST from.net App C#

Shoper 9 Tally.ERP 9 Data Bridge

Installation Guide For IM Sequencer 6.0

New Features Guide EventTracker v6.2

Teradici PCoIP Software Client for Mac

AvaTax for Microsoft Dynamics AX Retail 2012

RMH GENERAL CONFIGURATION

x10data Application Platform v7.1 Installation Guide

x10data Smart Client 7.0 for Windows Mobile Installation Guide

OIG 11G R2 Field Enablement Training

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

What s New in BUILD2WIN Version 3.2

Manual. DriveLock Setup. Quick Start Guide

Integrate Viper business antivirus EventTracker Enterprise

Microsoft Exchange Server SMTPDiag

Configuring TLS 1.2 in EventTracker v9.0

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

Integrate MySQL Server EventTracker Enterprise

EventTracker: Backup and Restore Guide Version 9.x

EventTracker Manual Agent Deployment User Manual

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

Transcription:

Hands-On-Labs for Microsoft Identity Integration Server 2003 Microsoft Corporation Published: July 2003 Revision: May 2004 For the latest information, see http://www.microsoft.com/miis Page 1 of 32

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2003 Microsoft Corporation. All rights reserved. are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Legal Note: The images used in these labs are NOT for distribution. If you copy the image you have to install a legal copy of iplanet. Page 2 of 32

Contents Contents 3 Goals of the Labs 4 LAB 1 5 Scenario: 5 What will we cover? 5 Audience: 6 Estimated Time: 6 Ready to start: 6 Summary 19 LAB 2 20 Scenario: 20 What will we cover? 20 Audience: 20 Estimated Time: 20 Ready to start: 21 LAB 3 30 Scenario: 30 What will we cover? 30 Audience: 30 Estimated Time: 30 Ready to start: 30 Page 3 of 32

Goals of the Labs 1. Provide a hands-on experience on Microsoft Identity Integration Server 2003. 2. Demonstrate the potential usage scenarios of the product. 3. Show how easy it is to setup MIIS to synchronize different directories and data sources. 4. Learn how to automate identity management tasks. 5. Use MIIS to maintain a consistent state of the directories over the lifetime of accounts. There are three labs which cover the following scenarios: LAB1: Create and approve user accounts for a new employee in Active Directory and iplanet Directory Server 5.1. LAB2: Learn how to add additional information into the identity integration process. Change identity data flow rules in the MIIS system. Add a new directory into the scenario. LAB3: Configure and use the MIIS Password Management functionality. Page 4 of 32

LAB 1 Scenario: Create and approve user accounts for a new employee in Active Directory and iplanet Directory Server 5.1. The Malelane Corporation has a web application that they use to add new employees and create accounts for them in the Active Directory and iplanet. You are a recruiter who works in the Human Resources (HR) department. The CEO, Super Boss, just hired Jane Smith for the Marketing team and Peter Pan for the Sales Team. What will we cover? This lab will demonstrate how MIIS enables the creation and flow of the user identity data across directories. During this lab you will: Create a new employee in a simulated HR application. See how MIIS is configured to flow objects and attributes from source to target data sources/directories. Run a Management Agent (MA) to interactively trigger rules in MIIS. Connect to iplanet and Active Directory to view the newly created users. The basic process flow is outlined in the illustration below: 1. Create a new employee via a.net Web-Application 2. After Approval, a new identity person object is created in MIIS and its attributes are set. 3. MIIS creates new user accounts in the connected directories. Page 5 of 32

Audience: Sales and Marketing to get an understanding of what MIIS can accomplish in regards to Identity Management. Technical audience to get an introduction into the scenario and its components to complete LAB2 and LAB3. Estimated Time: 15 minutes. Ready to start: During this lab make sure to follow every step exactly as described. If you have any questions please consult to the lab proctors. The MIIS2003_HOL Virtual PC used in this scenario should be up and running on the PC already. After you finish the lab, please DO NOT TURN OFF or Shut Down the PC. When you are done Press Host+F4 then Turn off PC and undo changes. Keyboard shortcuts while working on the Virtual PC: Host Key : Alt (right) Enable Full Screen : Host + Enter Ctrl + Alt + Del : Host + Del Note: The Host key is set per default to the right Alt key. Please do not change the default on the Virtual PC. For additional keyboard functions, see Virtual PC Menu. Step 1: Use the following account to login to the system: User Name Password : MIIS : password Note: The demo may take a while to load. Please remember Active Directory, iplanet, SQL Server, MIIS 2003 and Microsoft Visual Studio is included in this Virtual PC image. Page 6 of 32

Step 2: Launch Internet Explorer. Microsoft Identity Integration Server 2003 Employee Account Provisioning with one-step workflow demo should launch as the home page. If this is not the case, manually browse to http://miishol/miisapproval/employee.aspx Step 3: Note that you were a recruiter who works in the HR department. You are now ready to add the 2 new employees into the system via this web page. Enter the following information into the related fields: Firstname : Jane Lastname : Smith Department : Marketing Manager : Super Boss (1000) Page 7 of 32

Click on Save Account for new hire to continue. Repeat the steps above to create another employee: Firstname : Peter Lastname : Pan Department : Sales Manager : Super Boss (1000) Don t forget to save the account by clicking on Save Account for new hire. We now added the employee information for Jane and Peter who are in different departments but are reporting to the same manager. Step 4: Note that we just saved the new accounts. Now it s time to submit them to MIIS 2003. Click on Submit new accounts to MIIS. This will submit new accounts to MIIS 2003 and prepare them for the approval phase (which will be explained later). You can go ahead and close the Internet Explorer window. Step 5: Double click on the Identity Manager icon on your desktop. Page 8 of 32

This will launch the MIIS Identity Manager console. From there, you can configure and manage the MIIS 2003 components. Start by clicking on the Operations view. You should see two entries on top of the operations list. This is WorkflowSTX and ERP. These are the two Management Agents that were executed when we created the two new employee accounts and submitted them to MIIS. Let s first investigate what happened during the Import. Click on ERP. On the bottom portion of the screen (as indicated in the illustration below), you ll see the synchronization statistics Staging, Inbound Synchronization and Outbound Synchronization. Note that 2 adds and 2 projections were reported. This indicates that the two employee accounts successfully got imported from the ERP management agent and got created in the MIIS Metaverse which is the central identity store. Note also that 2 provisioning adds happened to the WorkflowSTX Management Agent during outbound synchronization. This indicates that based on the two additions into the MIIS Metaverse, two new entries were created in the WorkflowSTX system. Page 9 of 32

MIIS keeps track of all operations, ingoing and outgoing in its SQL Server 2000 database. Now click on WorkflowSTX in Operations view. On the left-hand side you ll see 2 run steps: Step 1 and Step 2. That means when WorflowSTX management got executed, it completed its execution in 2 different run steps. Click on Step 1. See that Step Type is Export. Note that during the import run of ERP management agent 2 objects were created in the WorkflowSTX system. Now, those objects are pushed out to the actual WorkflowSTX directory. Hence you see 2 adds in the export statistics. Page 10 of 32

Click on Step 2. See that 2 objects exported in the first step are successfully confirmed with an import run. Step 6: Click on Active Directory Users and Computers management console on your desktop. Browse to the MIIS2003HOL container. Open the Managers container. You ll see the user account for the CEO, Boss, Super. If you select the People container, you ll find no entries. Page 11 of 32

This shows that our 2 new employees created and submitted to MIIS 2003 in Step 4 still haven t been provisioned to the Active Directory store. They are waiting to be approved. Step 7: Now it s time for the manager to approve the accounts for the new employees. Launch Internet Explorer again. This time browse to http://miishol/miisapproval or simply select MIIS 2003 New Employee Approval item from the Favorites menu. The following page will be displayed: See the 2 new employee accounts we submitted to MIIS 2003 have their status waiting. Select the Edit icon on Peter Pan. Select approved from the combo box and enter the new alias PeterP for the new employee. (Illustrated below) Click on the for approval. Page 12 of 32

Repeat this for Jane Smith. This time use JaneS as the alias Finally, click on Submit changes to MIIS. You can now close the Internet Exporer window. Step 8: Go back to the Identity Manager and click on Management Agents. In this view all Management Agents used in the scenario are listed. Management Agents in MIIS maintain the connectivity to other data sources. Submitting approvals to MIIS in Step 7 triggered the execution of a number of management agents in MIIS 2003. Netscape management agent was one of them. Page 13 of 32

Click on Netscape. On the bottom of the screen you will see the statistics of the last Management Agent run. Click on Step1. Under Export statistics you ll see that two new accounts were added to the iplanet system. Step 9: Let s go to iplanet and verify that the corresponding user accounts have been created. Launch iplanet console on your desktop. Use the following credentials in the login dialog: User ID Password : cn=directory Manager : password Page 14 of 32

Navigate down the tree view to Directory Server (iplanerhol). Click on Open. Click on Directory tab. Open miishol, then click on People. Page 15 of 32

The People OU will have the following users: Superboss peterp janes. Note that 2 new user accounts peterp and janes were succesfully created in iplanet server. You can now close the iplanet console. Page 16 of 32

Step 10: Go back to the Active Directory Users and Computers management console. Click on People container and refresh the view. See that Jane and Peter s Active Directory accounts were successfully created. Step 11: Let s take a closer look into MIIS to see how some of the rules were configured to flow information between the directories. You will see how easy it is to define the synchronization of identity information within MIIS. 1. ERP management agent In MIIS Identity Manager go to Management Agents view. Select ERP management agent. Select Properties from the Action menu. Select the Configure Attribute Flow tab. Page 17 of 32

See that a flow rule is defined between the employee object type in ERP data source and the person object in the metaverse. Click on the + sign to expand the flow rule. This view shows in detail, which attributes in the data source object are flowed to which attributes of the metaverse object. Notice that all the flows are defined as import flows, this means data will flow only into MIIS. Close the Properties dialog. 2. Active Directory management agent In MIIS Identity Manager select the ActiveDirectory management agent. Select Properties from the Action menu. Select the Configure Attribute Flow tab. See that a flow rule is defined between the user object type in Active Directory and the person object in the metaverse. Click on the + sign to expand the flow rule. Notice that this time, some attribute flows are defined inbound and some others are defined outbound. Page 18 of 32

This means we can both import attributes for an object from Active Directory and export attributes to it. Close the Properties dialog. 3. Netscape management agent In MIIS Identity Manager select the Netscape management agent. Select Properties from the Action menu. Select the Configure Attribute Flow tab. See that a flow rule is defined between the inetorgperson object type in iplanet and the person object in the metaverse. Click on the + sign to expand the flow rule. See that all the attribute flows in Netscape management agent are export only. This means no objects contribute any attributes to the metaverse from the iplanet directory. Close the Properties dialog. Summary We have examined the synchronization of identity information between different data sources based on an HR driven account provisioning scenario. You ve seen how MIIS keeps track of the operations performed in different identity systems. You ve also seen how to perform a simple one-step workflow. Finally you ve seen how MIIS Identity Manager lets you easily define attribute flow between the connected systems. Note that this is only one scenario that showcases some of the basic functionalities of MIIS. Of course more sophisticated identity integration and management applications can be built with MIIS 2003. To learn more on how to configure MIIS, continue with lab 2. Page 19 of 32

LAB 2 Scenario: Learn how to add additional information into the identity integration process. Change identity data flow rules in the MIIS system. Add a new directory into the scenario. Continuing from where we took off from Lab1, The Melane Corporation has the need to keep employees phone numbers and address information in sync between the various systems. They want the information they have in the HR system to be used throughout. What will we cover? This workshop will demonstrate how MIIS helps you control your environment from a central location. During this lab you will: Select additional information for usage in MIIS. Change the MA to flow the new information between the connected systems. Run MIIS Management Agents and validate that the changes are reflected to all the directories. Use Visual Studio.Net to set up more advanced rules in MIIS. Audience: Technical. Estimated Time: 30 minutes. Prerequisite: Lab1. Page 20 of 32

Ready to start: Please make sure you follow every step. If you have any questions please consult the lab proctors. Make change to the user object 1 User Object Active Directory Run MA to Sync MV and iplanet 4 MVExtension 2 Make change to MVExtension MIIS 2003 5 iplanet Directory Data Visual Studio.Net Change MA 3 Step 1: Start Visual Studio.Net from the Start menu. Open up the project MVExtension by clicking on it. This is the actual provisioning script used in the scenario. S tep 2: Now we ll modify the provisioning script. Remove the comment from the statement to enable provisioning to AD/AM. Page 21 of 32

Replace *** ProvisionAccountToAdam (mventry) With ProvisionAccountToAdam (mventry) Step 3: Rebuild the project by selecting Build-Rebuild MVExtension. You can now close the Visual Studio.NET application. Step 4: Let s add new attributes to an employee object in AD. Open Active Directory Uses and Computers. Open People container under hol.com-miis2003hol. Double click on Peter Pan to bring up the Properties dialog. Page 22 of 32

Click on the Address Tab. Add new Street address, City, Zip and Country information. Click Ok. Page 23 of 32

Step 5: Go back to the Identity Manager. Select Management Agents view. Select the Active Directory MA and click on Properties from the Actions menu. Click on Select Attributes. Select co, postalcode and streetaddress. Click OK. Open up the Properties dialog of ActiveDirectory management agent again. Click on Configure Attribute Flow. Expand the existing flow rule. Now we ll define flow rules for the attributes we just added in the previous step. Select co attribute under Data Source Attribute section. Then select co under Metaverse Attribute section. Make sure Flow direction is defined as Import. Page 24 of 32

Click New. We just defined an import flow rule from co attribute in data source to co attribute in metaverse. Create import flow rules for the following attributes as well: From postalcode in data source to postalcode in metaverse. From streetaddress in data source to postaladdress in metaverse. Page 25 of 32

Now close the Properties dialog and define the flow rules for the following MAs: For Netscape MA: Click on Select Attributes Select postalcode Click on Configure Attribute Flow From postalcode in data source to postalcode in metaverse. But this time the flow direction should be Export. Click OK to close the Properties dialog For ADAM MA: Click on Select Attributes Select co, postalcode, postaladdress Click on Configure Attribute Flow Select inetorgperson as the Data source object type From co in data source to co in metaverse. The flow direction should be Export. From postalcode in data source to postalcode in metaverse. The flow direction should be Export. From postaladdress in data source to postaladdress in metaverse. The flow direction should be Export. Step 6: Click on Management Agents in Identity Manager. Click on ActiveDirectory. Under Actions click on Run. Select FullImport run profile and hit Ok. The management agent will start running. Step 7: Once the MA run is complete, the run result is displayed on the bottom portion of the screen. Now go to Metaverse Search. Click Search. This will bring up all the objects in the metaverse. Click on Pan, Peter. Page 26 of 32

You will notice that the additional attributes with the fields we updated in the Active Directory are now in the meteverse. (see below) Step 8: Run ADAM MA with the run profile Export. Run Netscape MA with the run profile Export. Step 9: Launch LDP on your desktop. Select Connection-Connect. Page 27 of 32

Use the following connection information: Server : miishol Port : 50002 Select Connection-Bind. Bind to Domain by simply clicking OK. Select View-Tree Use BaseDN DC=MIIS2003HOL,DC=COM Expand the tree and double click on OU=People. Page 28 of 32

You ll see 3 users successfully created in AD/AM directory. These users were created after we modified the provisioning script and ran the MAs. Page 29 of 32

LAB 3 Scenario: Configure and use the MIIS Password Management functionality. Password Management is a feature of MIIS 2003. This demo has also shipped with the product and can be found under Password Management. This application allows a Help Desk personnel to change a user s password via a webpage. In this example, the password is set in MyMIIS Active Directory and ADAM Extranet. What will we cover? This workshop will demonstrate how MIIS helps you control your directory environment from a central location. During this LAB you will change a user s password from a web-page and flow the new password to different directories through MIIS. Audience: Sales & Marketing. Estimated Time: 10 minutes. Ready to start: Please make sure you follow every step. If you have any questions please consult to the lab proctors. Step 1: Launch Internet Explorer. Under Favorites, select Microsoft Identity Integration Server 2003 - Password Management. Page 30 of 32

Using the Web application, the help desk operator uses the user and domain name of a caller to search and retrieve a list of connector space objects that are joined to the user s metaverse object. Search the following user: User Name Domain : janes : HOL The account information for Jane will be displayed. Page 31 of 32

Change the password to SeeMonkey1 and confirm the change by hitting Submit. Now click on History link on Mymiis Active Directory Domain. You ll see when the last changes occurred on this user object. Thank you for experiencing the power of Microsoft Identity Integration Server 2003! After you finish the lab, please DO NOT TURN OFF or Shut Down the PC. When you are done Press Host+F4 then Turn off PC and undo changes. Page 32 of 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback