Lab A: Implementing a Central
Account Scenario Using TAMA
Objectives
After completing this lab, you will be able to:
!
Create and configure TAMA resources.
!
Assign TAMA resources to TAMA account profiles

Prerequisites
!
Before working on this lab, you must have experience creating and
operating management agents.

Lab Setup
To complete this lab, you need the following:
!
MMS Server installed and running.
!
MMS Compass configured to connect to your server.
!
Run the C:\Moc\2062A\Labfiles\Lab8a.cmd batch file. This will prepare
your computer for this lab.

Estimated time to complete this lab: 45 minutes
2 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 1
Creating a Management Agent for the Human Resources
Directory
In this exercise, you will create a management agent for the Human Resources directory.
Scenario
Your company, NorthWind Traders, has decided to use MMS to centrally manage the creation and
deletion of user accounts. An existing Human Resources directory will be used to create and delete
all user accounts. User accounts that are created and deleted in the Human Resources directory need
to be automatically created and deleted in Active Directory and Microsoft Exchange Server 5.5 as
well. To accomplish this, you will use the TAMA component of MMS.

Tasks Detailed Steps
1.
Create a new management
agent to connect the Human
Resources directory to
MMS using the following
parameters:
• Name of the
Management Agent: HR
MA
• Type of the
Management Agent:
Tutorial HR (LDIF)
Management Agent
• Metaverse location:
ou=metaverse,dc=domai
n,dc=nwtraders,dc=msft
(where domain is your
assigned domain name)

• Management Agent
Mode: Reflector
• Discovery Parameters:
Humongous Insurance.
a.
Log on as Administrator with a password of password.
b.
On the desktop, double-click MMS Compass.
c.
In the Login dialog box, in the Password box type server (where
server is your computer name), and then click OK.
d.
In the Servers dialog box, click your server name, and then click OK.
e.
On the Action pane, click Bookmarks, click Management Agents,
and then click Create New Management Agent.
f.
In the Create Management Agent dialog box, in the Name of the
Management Agent box, type HR MA
g.
In the Type of the Management Agent box, click Tutorial HR
(LDIF) Management Agent, and then click Create.
h.
In the Configure the Management Agent dialog box, on the
Connected Directory Specifics tab, on the Mode and Namespace
Management tab, in the Metaverse Location box, type
ou=metaverse, before the beginning of the current metaverse location
(including the comma).
i.
Ensure that the Management Agent Mode is set to Reflector.

j.
On the Discovery Parameters tab, ensure that the Dataset to use is set
to Humongous Insurance.
k.
Click OK to create the new management agent.
l.
Leave MMS Compass open.


Lab A: Implementing a Central Account Scenario Using TAMA 3


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 2
Connecting Active Directory
In this exercise, you will create and configure a management agent for Active Directory.
Scenario
Before you can use TAMA to add objects to Active Directory, you need to create and configure a
management agent for Active Directory. The Active Directory management agent needs to create
enabled user accounts. The logon name for each account needs to a combination of the user’s first
initial and surname, the user needs to change their password at the initial logon and the default
password needs to be set to the user’s surname.

Tasks Detailed Steps
1.
Create a new management
agent to connect Active
Directory to MMS by using
the following parameters:

• Name of the
Management Agent: AD
MA
• Type of the
Management Agent:
Microsoft Active
Directory Management
Agent
• Management Agent
Mode: Association
• Forest to discover:
domain.nwtraders.msft
• Username:
domain\administrator
• Password: password.
a.
In MMS Compass, in the directory pane, click computer_name (where
computer_name is your assigned computer name).
b.
In the control pane, click Create New Management Agent.
c.
In the Create Management Agent dialog box, in the Name of the
Management Agent box, type AD MA
d.
In the Type of the Management Agent box, click Microsoft Active
Directory Management Agent, and then click Create.
e.
In the Configure the Management Agent dialog box, under
Management Agent Mode, click Association.
f.

On the Active Directory Discovery Settings tab, in the Forest to
discover box, type domain.nwtraders.msft (where domain is your
assigned domain name).
g.
In the Username box, type domain\administrator in the Password
box, type password.
h.
Leave the Configure the Management Agent dialog box open.
4 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
2.
Configure the Active
Directory Object Creation
Settings by using the
following parameters:
• User Logon Name
Construction: First
initial and surname
(Jsmith)
• User Account Creation
Settings: Enabled user
• Password Generation
Script: $sn
• User must change
password at next logon:
Enabled.

a.
On the Active Directory Object Creation Settings tab click Account
Settings.
b.
In the Account Settings dialog box, under User Logon Name
Construction, click First initial and surname (JSmith).
c.
Under User Account Creation Settings, click Enabled user, and then
click Edit the account password generation script.
d.
In the Edit the account password generation script dialog box,
replace the current script with $sn and then click OK.
e.
In the Account Settings dialog box, ensure that User must change
password at next logon is disabled.
f.
Click OK to close the Account Settings dialog box, and then click OK
to close the Configure the Management Agent dialog box.
g.
In the Change password dialog box, type password and then click
OK.
h.
Leave MMS Compass open.

Lab A: Implementing a Central Account Scenario Using TAMA 5


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 3

Create an Advanced Flow Script for the HR MA
In this exercise, you will create an Advanced Flow Script for the HR MA. This Advanced Flow
Script will add the msMMS-ManagedByMA attribute to metaverse namespace entries that are
created by the HR MA.
Scenario
One of the business requirements your organization needs to meet with MMS is to have user
accounts created in Active Directory for each employee that is in the Human Resources database.
The Active Directory management agent, by default, only creates contacts. To have the Active
Directory management agent create users, you need to assign the msMMS-ManagedByMA
attribute to all entries in the metaverse namespace that are created by the HR MA. Additionally, you
need to assign the distinguished name of the Active Directory management agent as a value for the
msMMS-ManagedByMA attribute. You will do this by creating an Advanced Flow Script for the
HR MA.

Tasks Detailed steps
1.
Create an Advanced Flow
Script for the HR MA to
assign the following
attribute and value to
metaverse namespace
entries created by the HR
MA:
• Attribute: msMMS-
!ManagedByMA.
• Value: ma=AD
!MA,DsaName=server
!,ou=Servers,dc=domai
!n,dc=nwtraders,dc=m
!sft

a.
In MMS Compass, click HR MA, and then in the control pane, click
Attribute Flow.
b.
On the Advanced Flow Script tab type $mv.msMMS-
!
!!
!ManagedByMA = ma=AD
!
!!
!MA,DsaName=server,ou=Servers,dc=domain,dc=nwtraders,dc=
!
!!
!msft and then click OK.
How can you determine the distinguished name of a management agent?

Select the management agent, and then on the View menu, click All attributes.




1. (continued)
c.
Leave MMS Compass open.


6 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY


Exercise 4
Connecting Microsoft Exchange Server 5.5
In this exercise, you will create a management agent for Microsoft Exchange Server 5.5.
Scenario
Before you can use TAMA to populate Microsoft Exchange Server 5.5, you need to create a
management agent for Microsoft Exchange Server 5.5.

Tasks Detailed Steps
1.
Create a new management
agent to connect Active
Directory to MMS by using
the following parameters:
• Name of the
Management Agent:
Exchange MA
• Type of the
Management Agent:
Microsoft Exchange
(LDAP-based)
Management Agent
• Metaverse location:
ou=metaverse,dc=domai
n,dc=nwtraders,dc=msft
• Management Agent
Mode: Association
• LDAP server
address/name: server
(where server is your

assigned computer
name)
• LDAP TCP/IP port: 391
• Context prefix:
ou=server,o=domain.
• Login as:
cn=administrator,cn=do
main.
• Login password:
password
a.
In MMS Compass, in the directory pane, select your server.
b.
In the control pane, click Create New Management Agent.
c.
In the Create Management Agent dialog box, in the Name of the
Management Agent box, type Exchange MA
d.
In the Type of the Management Agent box, click Microsoft
Exchange (LDAP-based) Management Agent, and then click
Create.
e.
In the Configure the Management Agent dialog box, on the
Connected Directory Specifics tab, on the Mode and Namespace
Management tab, in the Metaverse Location box, type
ou=metaverse, before the current metaverse location.
f.
In the Configure the Management Agent dialog box, under
Management Agent Mode, click Association.
g.

Click the Discovery tab.
h.
In the LDAP server address/name box, type computer_name.
i.
In the LDAP TCP/IP port box, type 391
j.
In the Context prefix box, type ou=serversite,o=domain
k.
In the Login as box, type cn=administrator,cn=domain
l.
In the Login password box, type password
m.
Click Test your configuration.
A message box appears indicating that your connection was
successful. If the message box indicates that your connection was
unsuccessful, confirm that all of the above parameters were entered
correctly and then test your connection again.
n.
Click OK to close the Microsoft Metadirectory Services Flash
Message message box, and then click OK to close the Configure the
Management Agent dialog box.
o.
Leave MMS Compass open.
Lab A: Implementing a Central Account Scenario Using TAMA 7


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 5
Operating the Management Agents

In this exercise, you will operate the management agents that were created in the previous
exercises.
Scenario
Now that you have created and configured the required management agents, the next step is to
operate them in order to connect your directories to MMS.

Tasks Detailed steps
1.
Operate the HR MA and
populate the Metadirectory
with the organizational
structure and users from the
HR database. Review the
Operator’s Log during the
process.
a.
In MMS Compass, click HR MA, and then in the control pane, click
Operate MA.
b.
In the Operate the Management Agent dialog box, click the
Operational Settings tab.
c.
On the When Running the Management Agent tab, under Tasks to
Run¸ ensure that both Discover Connected Directory and Update the
Metadirectory are selected.
d.
Under Types of Objects to Process, ensure that both Process
Organizing Structure and Process Users are selected.
e.
Click Run the Management Agent.

f.
Review the Operator’s Log for errors, and then click OK.
Did the HR MA create entries in the connector namespace and the metaverse namespace? Why or why not?

Yes. Since the HR MA is running in Reflector mode, entries were created in both the connector
namespace and the metaverse namespace.




Were the metaverse namespace entries assigned the msMMS-ManagedByMA attribute? Why or why not?

Yes. The Advanced Flow Script for the HR MA assigned the msMMS-ManagedByMA attribute to the
metaverse namespace entries it created.




1. (continued)
g.
Leave MMS Compass open.
8 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
2.
Operate the AD MA to
discover Active Directory.

Review the Operator’s Log
during the process.
a.
In the Directory pane, navigate to the management agents, click AD
MA, and then in the Control pane, click Operate MA.
b.
Click Run the Management Agent.
c.
Review the Operator’s Log for errors, and then click OK.
Did the AD MA create any entries in the metaverse namespace? Why or why not?

No, the AD MA did not create entries in the metaverse namespace because it is operating in
Association mode.




2. (continued)
d.
Leave MMS Compass open.
3.
Operate the Exchange MA
to discover Microsoft
Exchange 5.5. Review the
Operator’s Log during the
process.
a.
In the Directory pane, click Exchange MA, and then in the Control
pane, click Operate MA.
b.

Click Run the Management Agent.
c.
Review the Operator’s Log to ensure that the management agent
completed successfully, and then click OK.
Did the Exchange MA create any entries in the metaverse namespace? Why or why not?

No, the Exchange MA did not create entries in the metaverse namespace because it is operating in
Association mode.




3. (continued)
d.
Leave MMS Compass open.

Lab A: Implementing a Central Account Scenario Using TAMA 9


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 6
Creating and Configuring TAMA Resources
In this exercise, you will create and configure TAMA resources.
Scenario
Now that you have connected the Human Resources database, Active Directory, and Exchange
Server 5.5 to MMS, you need to create TAMA resources. You will specify which management
agent is associated with which resource and also, where in the connector namespace of a particular
management agent TAMA will create connectors. For the Exchange MA, all connectors need to be
created directly below the Recipients container so you will create a single, flat resource. For the

Active Directory MA, you will want to add the Claims, Investigations, Marketing, and Sales
organizational units, and all of the entries contained in those organizational units, to Active
Directory. The entries in the MoneyDept organizational unit need to be added to an organizational
unit in Active Directory called Accounting. You will create a complex resource to accomplish the
first requirement and a flat resource to accomplish the second requirement.

Tasks Detailed steps
1.
Create a TAMA Resource
for Exchange by using the
following parameters:
• Relative Name:
Exchange Resource
• Object Class:
zcTaAccountResource
• Distinguished Attribute:
res
a.
In MMS Compass, in the control pane, click Bookmarks, and then
click Servers.
b.
In the directory pane, double-click the Together Administration
folder.
c.
In the directory pane, right-click and then click Insert.
d.
In the Insert Object Under dialog box, click the Custom tab.
e.
In the Relative Name box, type Exchange Resource
f.

In the Object Class list, select zcTaAccountResource.
g.
In the Distinguished Attribute box, type res
Why use res as the Distinguished Attribute for TAMA Resources instead of cn?

Using res allows you to easily tell the difference between TAMA Resources and other types of objects.




1. (continued)
h.
Click Insert to create the TAMA Resource.
A dialog box appears when you click Insert. Notice that the dialog
box does not have any text in the title bar.
10 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
2.
Configure the Exchange
Resource by using the
following parameters:
• Resource Description:
TAMA Resource for
Exchange
• Management Agent:
Exchange MA

• Location Under MA
(Optional): Recipients
• Leaf Objects: person.
a.
On the Resource Information tab, in the Resource Description box,
type TAMA Resource for Exchange
b.
Under Type of resource, ensure that Flat is selected.
c.
Click OK to close the dialog box, and then click Cancel to close the
Insert Object Under dialog box.
d.
In the directory pane, double-click Exchange Resource.
e.
Click Select the MA.
f.
In the Select the MA dialog box, click Exchange MA, drag and drop it
into the Management Agent box, and then click OK to close the
Select the MA dialog box.
g.
Click Select a location.
h.
In the Select a location dialog box, expand Exchange MA, expand
organization (where organization is your assigned Exchange
organization), expand site (where site is your assigned Exchange site),
click Recipients, drag and drop it into the Location Under MA
(Optional) box, and then click OK to close the Select a location
dialog box.
i.
Click the Object Classes tab.

j.
In the Leaf Objects box type person and then click OK to close the
dialog box.
3.
Create a TAMA Resource
for Active Directory by
using the following
parameters:
• Relative Name: Flat
Active Directory
Resource
• Object Class:
zcTaAccountResource
• Distinguished Attribute:
res
a.
Repeat the steps in Task 1 to create a TAMA Resource for Active
Directory by using the following parameters:
• Relative Name: Flat Active Directory Resource.
• Object Class: zcTaAccountResource
• Distinguished Attribute: res
Lab A: Implementing a Central Account Scenario Using TAMA 11


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
4.
Configure the Flat Active
Directory Resource by using

the following parameters:
• Resource Description:
Flat TAMA Resource
for Active Directory
• Management Agent: AD
MA
• Location Under MA
(Optional): Accounting
• Leaf Objects: person.
b.
On the Resource Information tab, in the Resource Description box,
type Flat TAMA Resource for Active Directory
a.
Under Type of resource, ensure that Flat is selected.
b.
Click OK to close the dialog box, and then click Cancel to close the
Insert Object Under dialog box.
c.
In the directory pane, double-click Flat Active Directory Resource.
d.
Click Select the MA.
e.
In the Select the MA dialog box, click AD MA, drag and drop it into
the Management Agent box, and then click OK to close the Select the
MA dialog box.
f.
Click Select a location.
g.
In the Select a location dialog box, expand AD MA, expand
domain.nwtraders.msft, click accounting, drag and drop it into the

Location Under MA (Optional) box, and then click OK to close the
Select a location dialog box.
h.
Click the Object Classes tab.
i.
In the Leaf Objects box, type person and then click OK to close the
dialog box.
5.
Create a second TAMA
Resource for Active
Directory by using the
following parameters:
• Relative Name:
Complex Active
Directory Resource
• Object Class:
zcTaAccountResource
• Distinguished Attribute:
res
a.
Repeat the steps in Task 1 to create a TAMA Resource for Active
Directory by using the following parameters:
• Relative Name: Complex Active Directory Resource.
• Object Class: zcTaAccountResource
• Distinguished Attribute: res
12 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY


Tasks Detailed Steps
6.
Configure the Complex
Active Directory Resource
by using the following
parameters:
• Resource Description:
Complex TAMA
Resource for Active
Directory
• Management Agent: AD
MA
• Location Under MA
(Optional): Accounting
• Leaf Objects: person.
• Parent Objects:
organizationalUnit
a.
On the Resource Information tab, in the Resource Description box,
type Complex TAMA Resource for Active Directory
b.
Under Type of resource, ensure that Complex is selected.
c.
Click OK to close the dialog box, and then click Cancel to close the
Insert Object Under dialog box.
d.
In the directory pane, double-click Complex Active Directory
Resource.
e.
Click Select the MA.

f.
In the Select the MA dialog box, click AD MA, drag and drop it into
the Management Agent box and then click OK to close the Select the
MA dialog box.
g.
Click Select a location.
h.
In the Select a location dialog box, expand AD MA, click
domain.nwtraders.msft, drag and drop it into the Location Under
MA (Optional) box, and then click OK to close the Select a location
dialog box.
i.
Click …, expand msft, expand nwtraders, expand domain, click
metaverse, drag and drop it into the Metaverse Boundary Node box,
and then click OK to close the … dialog box.
j.
In the Maximum Number of Levels list select All Parents.
k.
Click the Object Classes tab.
l.
In the Leaf Objects box, type person and in the Parent Objects box,
type organizationalUnit and then click OK to close the dialog box.
m.
Leave MMS Compass open.
Lab A: Implementing a Central Account Scenario Using TAMA 13


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 7

Assigning TAMA Resources to Account Profiles
In this exercise, you will assign TAMA resources to Account Profiles. You will use both direct
assignment and assignment by using TAMA rules.
Scenario
Now that you have created the required TAMA Resources, the next step is to assign those resources
to account profiles. Recall that the business requirements are such that:
!
All entries in the Human Resources database need Exchange mailboxes in the Recipients
container.
!
The Claims, Investigations, Marketing, and Sales organizational units, and all subordinate entries
need to be created as the appropriate type of object in Active Directory
!
The entries below the MoneyDept organizational unit need to be created as user objects in the
Accounting organizational unit in Active Directory.

To meet these requirements, you will need to assign the appropriate TAMA resources to the
appropriate account profiles.

Tasks Detailed steps
1.
Assign the Complex Active
Directory Resource and the
Exchange Resource to the
metaverse namespace entry.
a.
Display the Known Universe in the directory pane.
b.
Click metaverse, and then click Administration.
c.

In the Entry Administration dialog box, click the Account Profile
tab.
d.
In the Resource List, click Complex Active Directory Resource, and
then drag and drop it into the Account Profile box.
e.
In the Resource List, click Exchange Resource, and then drag and
drop it into the Account Profile box.
f.
Click OK to close the Entry Administration dialog box.
Why would you not assign the Flat Active Directory Resource while you are assigning the other two
resources?

The Flat Active Directory Resource should only be assigned to the MoneyDept organizational unit.
Assigning it to the metaverse namespace entry would cause it to be assigned to all subordinate entries.




14 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
Can you assign the Flat Active Directory Resource to the MoneyDept organizational unit by using the
Administration action and still meet your organizations business requirements? Why or why not?

No. If you assign the Flat Active Directory Resource to the MoneyDept organization unit by using the
Administration action, when you run the Provisioning Agent management agent, all three TAMA

resources will be applied to the MoneyDept organizational unit. The Provisioning Agent management
agent will apply and process the Complex Active Directory Resource first, which will result in a
MoneyDept organizational unit entry being created in the AD MA’s connector namespace. In addition,
the entries below the MoneyDept organizational unit in the metaverse namespace will be created as
connectors below the newly created MoneyDept organizational unit in the AD MA’s connector
namespace. When the Provisioning Agent management agent processes the Flat Active Directory
Resource, it will not create any connectors since all of the entries below the MoneyDept in the
metaverse namespace already have corresponding connectors in the AD MA’s connector namespace.




2. (continued)
g.
Leave MMS Compass open.
2.
Using the Provisioning
Agent management agent,
create a Resource
Assignment rule the will
assign the Flat Active
Directory Resource to all
metaverse namespace
entries whose ou attribute is
equal to MoneyDept. Do not
operate the Provisioning
Agent management agent
yet.
a.
In the control pane, click Bookmarks, and then click Management

Agents.
b.
In the directory pane select the Provisioning Agent management
agent, and then click Operate MA.
c.
Click the Configuration Settings tab, and then click the Rules tab.
d.
Delete all of the text below the line that reads:
# $v_TAMABaseDN = f=Together
!Administration,$parent(“$my_dsa()”)

e.
Delete the # character at the beginning of the line in step c.
f.
On a new line, add the following code:
If $mv.ou = MoneyDept
then
$mv.zcTaAccountResourceDNs += res=Flat Active
!Directory Resource,$v_TAMABaseDN
endif

Lab A: Implementing a Central Account Scenario Using TAMA 15


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
Will this rule satisfy the business requirements? Why or why not? If not, what needs to be added to the code
to satisfy the business requirements.


No, the rule will not satisfy the business requirements. The rule will assign the Flat Active Directory
Resource to the MoneyDept organizational unit and all subordinate entries; however, since the
zcTaAccountResourceDNs attribute is multivalued, and since directly assigned resources are processed
first, the Complex Active Directory Resource will also be assigned to the MoneyDept organizational
unit and all subordinate entries. To satisfy the business requirements, the Complex Active Directory
Resource needs to be removed from the zcTaAccount ResourceDNs attribute.




3.
Modify the Resource
Assignment Rule to remove
the Complex Active
Directory Resource from the
list of resources that are
assigned to metaverse
namespace entries whose ou
attribute is equal to
MoneyDept. Close the
dialog box.
a.
Add the following line of code on a new line before the endif
statement:
$mv.zcTaAccountResourceDNs -= res=Complex Active
!Directory Resource,$v_TAMABaseDN

b.
Click OK.
c.

Leave MMS Compass open.
16 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 8
Operating the Management Agents
In this exercise, you will operate the Provisioning Agent, the Active Directory MA, and the
Exchange MA to allow TAMA to create the required accounts in the appropriate directories.
Scenario
Now that you have created the required TAMA Resources and assigned them to the appropriate
Account Profiles, you are ready to use TAMA to populate Active Directory and Exchange with the
accounts in the metaverse namespace that were created by the HR MA.

Tasks Detailed steps
1.
Configure the Provisioning
Agent management agent to
operate only on the
metaverse namespace entry
and subordinate entries.
a.
In the directory pane, click Provisioning Agent, and then in the control
pane, click Operate MA.
b.
Click the Configuration Settings tab.
c.
On the Together Administration MA Settings tab, click …
d.

In the … dialog box, navigate to the metaverse entry, drag and drop it
into the The Root of the Metaverse Subtree Managed by TAMA –
Optional box, and then click OK to close the … dialog box.
2.
Operate the Provisioning
Agent management agent
and check the Operators
Log for errors.
a.
Click Run the Management Agent and check the Operator’s Log for
errors.
How many entries were processed for the Exchange MA? How many entries were excluded for the Exchange
MA? Which entries were excluded? How many entries were processed for the AD MA? How many entries
were excluded for the AD MA? Which entries were excluded?

1005 entries were processed for the Exchange MA. Six entries were ignored for the Exchange MA. The
entries that were ignored were; Claims, Investigations, Marketing, MoneyDept, and Sales. 1006 entries
were processed for the AD MA. One entry was excluded for the AD MA. The only entry excluded for
the AD MA was the MoneyDept entry.




2. (continued)
b.
Click OK to close the Operate the Together Administration MA
dialog box.
Lab A: Implementing a Central Account Scenario Using TAMA 17



BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
3.
Verify that the Provisioning
Agent management agent
created connectors in the
correct places in the
Exchange MA and AD MA
connector namespaces by
navigating the relevant
connector namespaces and
answering the following
questions.
a.
Verify that the Provisioning Agent management agent created
connectors in the correct places in the Exchange MA and AD MA
connector namespaces by navigating the relevant connector
namespaces and answering the following questions.
Where did the Provisioning Agent create connectors in the Exchange MA’s connector namespace? How did
the Provisioning Agent know where to create the connectors?

The connectors were created below the Recipients container. The zcMAUNSBase attribute of the
Exchange Resource contains a value that indicates where the connectors are to be created.




Did the Provisioning Agent create connectors for the Claims, Investigations, Marketing, and Sales
organizational units in the AD MA’s connector namespace? Why or why not? Did it create a connector for

the MoneyDept organizational unit? Why or why not?

Yes, connectors for the Claims, Investigations, Marketing, and Sales organizational units were created.
The Complex Active Directory Resource was configured to process both organizationalUnit objects
and person objects. There was no connector created for the MoneyDept organizational unit because
the Resource Assignment rule removed the Complex Active Directory Resource from the account
profile for the MoneyDept organizational unit.




18 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
Where did the Provisioning Agent create connectors in the AD MA’s connector namespace for the entries
below the MoneyDept organizational unit in the metaverse namespace? Why were they created in this
location?

The connectors were created below the Accounting organizational unit. The zcMAUNSBase attribute
of the Flat Active Directory Resource, which was assigned to the entries specified Accounting as the
location to create the connectors.




3. (continued)
b.

Leave MMS Compass open.
4.
Operate the Exchange MA
with the following settings:
• Discover Microsoft
Exchange: Enabled
• Update Metadirectory:
Enabled
• Update Microsoft
Exchange: Enabled
• Process Sites and
Organization: Disabled
• Process Mailboxes:
Enabled.
a.
Click Exchange MA, and then click Operate MA.
b.
Click the Operational Settings tab.
c.
On the When Running the Management Agent tab, ensure that
Discover Microsoft Exchange¸ Update metadirectory, Update
Microsoft Exchange, and Process Mailboxes are enabled. Ensure that
Process Sites and Organization is disabled.
d.
Click the Management Agent Logs tab.
e.
Click Run the Management Agent.
f.
Check the Operator’s Log for errors.
How many entries were processed? How many additions were exported? Why is there a difference?


There were 1001 entries processed and 1000 additions were exported. The difference is caused by the
Administrator mailbox that already existed in the connector namespace as a disconnector.




4. (continued)
g.
Click OK to close the Operate the Management Agent dialog box.
h.
Leave MMS Compass open.
5.
Confirm that the Exchange
mailboxes have been
created.
a.
From the Microsoft Exchange menu, open Microsoft Exchange
Administrator.
b.
Navigate to the Recipients container if necessary.
Lab A: Implementing a Central Account Scenario Using TAMA 19


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
Were the Exchange mailboxes created?

Yes, the Exchange mailboxes were created.





5. (continued)
c.
Close Microsoft Exchange Administrator.
6.
Operate the AD MA and
check the Operator’s Log
for errors.
a.
In MMS Compass, click AD MA, and then click Operate MA.
b.
Click Run the Management Agent.
c.
Check the Operator’s Log for errors.
How many entries were processed outbound? Why were more outbound entries processed for the AD MA
than for the Exchange MA?

1004 outbound entries were processed. The AD MA outbound entries included the four organizational
units from the metaverse namespace while the Exchange MA only processed person entries.




6. (continued)
d.
Click OK to close the Operate the Management Agent dialog box.
7.

Confirm that the Active
Directory objects were
created properly.
a.
From the Administrative Tools menu, open Active Directory Users
and Computers.

20 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
Were the Claims, Investigations, Marketing, and Sales organizational units created? Were the entries from
the MoneyDept organizational unit created below the Accounting organizational unit? Were the user
accounts created as enabled or disabled accounts? Were the user logon names created by using the first initial
and surname of the metadirectory entries? Are the users required to change their passwords at the next log
on?

Yes the required organizational units were created. Yes, the entries from the MoneyDept organization
unit were created below the Accounting organizational unit. The user accounts are enabled. Yes, the
user logon names are in the form of first initial and surname. Yes, the users are required to change
their passwords at the next log on.




7. (continued)
b.
Close Active Directory Users and Computers.

Lab A: Implementing a Central Account Scenario Using TAMA 21


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exercise 9
Adding New Accounts Using TAMA
In this exercise, you will add two new employees to the Human Resources database and use TAMA
to automatically create corresponding Exchange mailboxes and Active Directory accounts.
Scenario
NorthWind Traders is growing and two new employees have been hired, Phil Spencer in the
MoneyDept organizational unit and Sue Jackson in the Claims organizational unit. The new
employees need to be added to the Human Resources database and have an Exchange mailbox and
an account in Active Directory created. You will use TAMA to accomplish this automatically.

Tasks Detailed steps
1.
Add the new employees to
the Human Resources
database by inserting the
contents of the
C:\MOC\2062A\Labfiles\Ne
w Hires.txt file to the end of
the
C:\Zoomserv\Data\Malab\S
et1ldf.txt file.
a.
Open the C:\MOC\2062A\Labfiles\New hires.txt file.
b.
Open the C:\Zoomserv\Data\Malab\Set1ldf.txt file.

c.
Copy and paste the contents of the New Hires.txt file to the end of the
Set1ldf.txt file.
d.
Close both files, saving the changes to the Set1ldf.txt file when
prompted.
2.
Operate the HR MA to bring
the new accounts into the
metadirectory. Check the
Operator’s log for errors.
a.
In MMS Compass, operate the HR MA.
b.
Check the Operator’s log for errors.
c.
Click OK to close the Operate the Management Agent dialog box.
Were the two new records added to the metaverse namespace and to the HR MA’s connector namespace?

Yes, entries were created for both new records in both places.




3.
Operate the Provisioning
Agent to add the new entries
to the AD MA and
Exchange MA connector
namespaces. . Check the

Operator’s log for errors.
a.
In MMS Compass, operate the Provisioning Agent.
b.
Check the Operator’s log for errors.
c.
Click OK to close the Operate the Management Agent dialog box.
22 Lab A: Implementing a Central Account Scenario Using TAMA


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Tasks Detailed Steps
Were connectors added to the AD MA and Exchange MA connector namespaces for the two new hires?

Yes, entries were created for both new hires in both places.




4.
Operate the AD MA and the
Exchange MA to add the
new entries to Active
Directory and Exchange.
Check the Operator’s log for
errors.
a.
In MMS Compass, operate the AD MA.
b.

Check the Operator’s log for errors.
c.
Click OK to close the Operate the Management Agent dialog box.
d.
In MMS Compass, operate the Exchange MA.
e.
Check the Operator’s log for errors.
f.
Click OK to close the Operate the Management Agent dialog box.
Were accounts created in Active Directory for the two new employees? Were Exchange mailboxes created
for the two new employees?

Yes, both new employees now have Active Directory accounts and Exchange mailboxes.




5.
Close all open windows, and
then log off.
a.
Close all open windows, and then log off.