Contents
Overview 1
Introduction to Management Agent
Functionality 2
Overview of the Management Agent Update
Cycle 3
Creating Management Agents and Connecting
to an External Directory 4
Establishing and Populating an Organizing
Structure in the Metaverse Namespace 9
Monitoring the Management Agent Process 11
Lab A: Creating and Configuring a
Management Agent 12
Configuring Management Agent Modes 13
Scheduling Management Agent Operation 15
Lab B: Configuring Management Agent
Modes and Scheduling Management
Agent Operation 17
Best Practices 18
Review 19

Module 3: Configuring
Management Agents to
Manage Directory
Entries

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product
names or titles. The publications specialist replaces this example list with the list of trademarks
provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks
in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation
in the U.S.A. and/or other countries.

<The publications specialist inserts mention of specific, contractually obligated to, third-party
trademarks, provided by the copy editor>

Other product and company names mentioned herein may be the trademarks of their respective
owners.




Module 3: Configuring Management Agents to Manage Directory Entries 1

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Overview
!
Introduction to MA Functionality
!
Overview of the MA Update Cycle
!
Creating MAs and Connecting to an External Directory
!
Establishing and Populating an Organizing Structure in
the Metaverse Namespace
!
Monitoring the MA Process
!
Configuring MA Modes
!
Scheduling MA Operation
!
Best Practices


Management agents manage the relationship between a connected directory and
the metadirectory at both the directory entry level and the attribute level.
However, management agent configuration is different for managing directory
entries than it is for managing the attribute values of those entries.


Managing attribute values is covered in module 4, Managing Attribute
Values Using Joins and Attribute Flow Rules, in course 2062A, Implementing
Microsoft Metadirectory Services 2.2.

Understanding the purpose of management agents and how to configure them to
manage directory entries is key to implementing a Microsoft Metadirectory
Services (MMS) version 2.2 solution.
After completing this module, you will be able to:
!
Describe management agent functionality.
!
Explain the phases in the management agent update cycle.
!
Create a management agent and configure the connection to an external
directory.
!
Establish and populate an organizing structure in the metaverse namespace.
!
Monitor the management agent process by using the Operator’s log.
!
Manage entries by configuring management agent modes.
!
Schedule the operation of a management agent.
!
Describe best practices for using management agents.

Topic Objective
To provide an overview of
the module topics and
objectives.

Lead-in
In this module, you will learn
how to configure
management agents to
manage directory entries.
Note
2 Module 3: Configuring Management Agents to Manage Directory Entries

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Introduction to Management Agent Functionality
Metadirectory
Connector
Namespace
Connector
Namespace
Connector
Namespace
Connector
Namespace
Metaverse
Namespace
Metaverse
Metaverse
Namespace
Namespace
Management
Agent 1
Management
Agent 2

Connector
Connector
JamesS
Title
Employee #
Salary
JamesS
Title
Employee #
Salary
JamesSmith
E-mail Address
Title
JamesSmith
E-mail Address
Title
James Smith
Title
Employee #
E-mail Address
James Smith
Title
Employee #
E-mail Address
Connector
Connector
JamesS
Title
Employee #
JamesS

Title
Employee #
M
A

1
M
A

2
JamesSmith
E-mail Address
Title
JamesSmith
E-mail Address
Title
HR Database
HR Database
HR Database
Exchange
Exchange
Exchange


A management agent is responsible for importing information from a specific
connected directory into the metadirectory. In addition, a management agent
keeps the information in the connected directory and the metadirectory
synchronized. Each management agent can also export metadirectory
information to its connected directory, which enables the different connected
directories to remain synchronized.

When a management agent imports and integrates information into the
metadirectory, the process occurs in two stages:
1. The management agent imports information from its associated connected
directory into the connector namespace. MMS allocates a specific portion of
the connector namespace to each management agent.
2. The management agent copies information from its portion of the connector
namespace to the metaverse namespace. During this process, the
management agent either updates an existing entry in the metaverse
namespace, or if no related entry exists, it creates one.

Generally, an entry in the connector namespace presents only selected aspects
of an object. In the illustration, the entry imported from the HR Database
includes only the Title and Employee# attributes. An entry in the metaverse
namespace is often a more complete representation of an object, as it presents
information about the object from multiple connected directories. In the
illustration, the metaverse namespace entry for James Smith includes
information from both the HR directory and the Exchange directory.
Entries in the connector namespace that form the connection between entries in
the connected directory and entries in the metaverse namespace are known as
connectors.

Connector-namespace entries that are associated only with the connected
directory and not the metaverse namespace are known as disconnectors.

Topic Objective
To describe basic
management agent
functionality.
Lead-in
A management agent

serves as a connection
between a specific external
information repository, and
the metadirectory.
Stress that a single
management agent
manages the entire
connection between a
specific connected directory
and the metadirectory.
Note
Module 3: Configuring Management Agents to Manage Directory Entries 3

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Overview of the Management Agent Update Cycle
Discovery
Discovery
Discovery
Synchronization
Synchronization
Synchronization
Connected
Directory
Connected
Connected
Directory
Directory
Metadirectory
Update

Import
File(s)
Import
File(s)
Create
File(s)
Create
File(s)
Export
File
Export
File
Update
Metaverse
Namespace
Metaverse
Namespace
MA’s
Connector
Namespace
MA’s
Connector
Namespace


The management agent update cycle is composed of multiple phases, and you
can configure a management agent to perform any or all of these phases,
depending on your entry management requirements. For example, you can
configure a management agent to perform only phases to shorten the time
required for a management agent to complete an operation.

The management agent update cycle consists of the following phases:
1. Discovery phase. The management agent, based upon its configuration,
extracts information about objects in the connected directory into one or
more import files.
2. Update phase. The management agent reads the import file(s) and creates or
updates entries in the connector namespace and the metaverse namespace.
The management agent then determines what information, such as new
entries or changed attributes, needs to be sent back to the connected
directory, and places this information into create and export files.
3. Synchronization phase. The management agent updates the connected
directory with the information from the create and export files.

Topic Objective
To identify the phases in the
management agent update
cycle.
Lead-in
When you operate a
management agent, it
performs a full or partial
update cycle, depending on
its configuration and the
options chosen.
4 Module 3: Configuring Management Agents to Manage Directory Entries

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

#
##
#


Creating Management Agents and Connecting to an
External Directory
!
Overview of Predefined Management Agents
!
Creating a Management Agent
!
Configuring the Connection to an External Directory


Creating a management agent involves creating an instance of one of the
predefined management agents. Predefined management agents contain the
capabilities to integrate a specific type of external directory, for example a cc:
Mail directory, with the metadirectory. You then associate the newly created
management agent with an actual connected directory by adding configuration
information specifying the location and access requirements of the connected
directory. Understanding how to create and connect a management agent to an
external directory is essential to implementing MMS.
Topic Objective
To introduce the topics
associated with creating
management agents and
connecting to an external
directory.
Lead-in
Creating a management
agent involves creating an
instance of one of the
predefined management

agents.
Module 3: Configuring Management Agents to Manage Directory Entries 5

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Overview of Predefined Management Agents
Novell
Novell
NDS
NDS
(LDAP)
(LDAP)
Novell
Novell
Netware
Netware
Banyan
Banyan
VINES
VINES
Lotus
Lotus
cc: Mail
cc: Mail
Lotus
Lotus
NOTES
NOTES
Active
Active

Directory
Directory
Exchange
Exchange
(LDAP)
(LDAP)
Exchange
Exchange
(MAPI)
(MAPI)
Windows
Windows
NT
NT
Netscape
Netscape
LDAP
LDAP
Novell
Novell
Group
Group
-
-
Wise
Wise
Microsoft
Microsoft
Metadirectory
Metadirectory

Services
Services
!
Predefined
Management
Agents also
include:
$
Generic
$
Report
$
Together
Administration


MMS includes a number of predefined management agents, each of which is
configured to integrate information in a specific type of external directory, for
example cc: Mail, with the metadirectory. The predefined management agents
that are designed to integrate information from specific external directories are:
• Banyan VINES • Microsoft NT
• Lotus cc: Mail • Netscape LDAP
• Lotus NOTES • Novell Groupwise API
• Microsoft Active Directory • Novell NDS (LDAP-based)
• Microsoft Exchange (LDAP-based) • Novell Netware
• Microsoft Exchange (MAPI based)

MMS includes three additional predefined management agents, each of which
has a specific function:
!

Generic. The Generic management agent is a starting point to build your
own management agent.
!
Report. The Report management agent is used for creating flat file reports.
!
Together Administration. The Together Administration management agent
(TAMA) works in conjunction with the other management agents to provide
full enterprise provisioning and object management.

MMS also includes four predefined management agents that are
associated with the tutorial included with the product.

Topic Objective
To describe the predefined
management agents
provided in MMS.
Lead-in
MMS includes a number of
predefined management
agents that are configured
to integrate information in a
specific type of connected
directory with the
metadirectory.
Note
6 Module 3: Configuring Management Agents to Manage Directory Entries

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Creating a Management Agent

Administrator via Vancouver – MMS Compass
F
ile Edit Configure Options View Help
Bookmarks
Actions
Properties
Create New Management Agent
Administration
Access Control
The Known Universe
The Known Universe
vancouverdom
nwtraders
msft
Servers
ADMIN FRS
BASIC FRS
Vancouver
Directory Methods
Server Methods
Together Administrators
Directory Administrators
Create Management Agent
Name the Management Agent:
Type of the Management Agent:
C
reate Cancel
Banyan VINES Management Agent
Generic Management Agent
Lotus cc:Mail Management Agent

Lotus NOTES Management Agent


When you create a management agent, you must specify which predefined
management agent you want use as the basis for that management agent.
To create a management agent, perform the following steps:
1. In the directory pane of MMS Compass, navigate to and click on the entry
for the MMS server.
2. In the control pane, click Create New Management Agent.
3. In the Create Management Agent dialog box, in the Name of the
Management Agent box, type a name for the management agent.
4. In the Type of the Management Agent list, select the predefined
management agent associated with your external directory.
5. In the Create Management Agent dialog box, click Create to create the
new management agent under the entry for the MMS server.
The Configure the Management Agent dialog box appears, prompting you
for information regarding the connection to the external directory.

Topic Objective
To identify how to create a
management agent.
Lead-in
When you create a
management agent, you
must specify which of the
predefined management
agents in MMS you want
use as the basis for that
management agent.
Delivery Tip

Demonstrate how to create
an instance of the Exchange
(LDAP) management agent.
Module 3: Configuring Management Agents to Manage Directory Entries 7

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Configuring the Connection to an External Directory
External
Directory
External
Directory
Server Name
Protocol
Authentication
Server Name
Protocol
Authentication
Metadirectory
Metadirectory
Management
Agent
Management
Agent
Configure the Management Agent
Connected Directory Specifics
Metadirectory Relationships Personal Names Inclusions and Exclusions
Attributes to DiscoverMailbox CreationCustom RecipientsDisplay NamesAdvanced
Discovery
Mode and Namespace Management

LDAP server
Address/name:
LDAP TCP/IP port:
Context prefix:
Login as:
Login password:
389
e.g. ldap.microsoft.com
e.g. ou=MSX,o=Microsoft
e.g. cn=NTAccount,
cn=NTDomain
Test you configuration
LDAP Discovery
Parameters
LDAP Server
Address/Name
Enter the Server IP address
or name that the
management agent accesses
to import or export Exchange
directory entries. The LDAP
server address is the IP
address or name of the
server.


After you create a management agent, you need to associate it with an actual
external directory. To accomplish this, you must configure the management
agent with the location and access requirements of the directory. Depending on
the type of management agent that you create, these parameters might include

server name, IP address, protocol, authentication, or port number.
The connection configuration parameters required for each predefined
management agent vary depending on the functionality of the external
directory. For example, the following table describes the parameters that you
configure to connect the Microsoft Exchange (LDAP-based) management
agent.
Parameter Description

LDAP Server
Address/Name
The Internet Protocol (IP) address or host name of the server
that the management agent accesses to import or export
Exchange directory entries.
LDAP TCP/IP Port The LDAP Transmission Control Protocol/Internet Protocol
(TCP/IP) port number. The default value is 389.
Context prefix The distinguished name of the node in the Exchange Directory
tree where you want to start the discovery. To discover the
entire tree, do not specify a context prefix.
Login as The user account that the management agent uses to log on to
the Exchange Server. The management agent must log on as an
Exchange administrator to modify or create Exchange Server
directory entries.
Login password The password associated with the user account the management
agent uses to log on to the Exchange server.

Topic Objective
To identify how to configure
the connection to an
external directory.
Lead-in

After you create a
management agent, you
need to associate it with an
actual external directory.
Delivery Tip
Continue the previous
demonstration by
configuring the connection
to the Exchange (LDAP)
directory.

Point out that the arrow in
the illustration indicates that
the management agent is
initiating the connection to
the external directory.