Applies To

  • FIM 2010 (R2)
  • MIM 2016

 


Scenario

Contoso is planning to use the MIM to manage contacts in the corporation’s Active Director Domain Services (ADDS). The business has decided a select group of service desk people will be allowed to utilize the MIM Portal to create, modify and delete contacts in the MIM Portal and have those contacts created, updated, and deleted in ADDS.

 


Requirements

 

   
Provisioning Domain  CONTOSO

Provisioning Organizational Unit

OU=Contacts,DC=contoso,DC=com
Access Group Contoso Service Desk Team
Active Directory Attributes
  • displayName
  • givenName
  • mail
  • sn
Deprovisioning

MIM Portal is authoritative for deletes and should be used for deleting contact objects. A delete of a contact in the MIM Portal will delete the object in AD.  A delete of the object directly in AD will trigger recreation of the object in AD.

Design

  1. Active Directory domain controller
  2. MIM Synchronization Server
  3. MIM Portal Server

The following illustration outlines the required environment:

Implementation

Task 1: Create the Contact resource in the MIM Portal

We begin by creating the Contact resource in the MIM Portal.

  1. Go to the MIM Portal
  2. On the upper-right part of the MIM Home page, click on the Schema Management link
  3. Click on the All Resource Types link at the top of the Schema management page
  4. Click on New
  5. On the General page enter
    1. System name: Contact
    2. Display name: Contact
  6. Click Next
  7. On the Localization page click Next
  8. On the Summary page click Submit
 

Task 2: Bind attributes to the Contact resource

We now have to bind the attributes we want to use in the MIM Portal Contact resource.

  1. Go to the MIM Portal
  2. On the upper-right part of the MIM Home page, click on the Schema Management link
  3. Click on the Schema Management
  4. Click on the icon All Bindings
  5. Click New and add each of the needed attributes to the Contact resource

Task 3: Create the MIM Search Scope

Next, we will create a new Search Scope for use in the search boxes of the MIM Portal.

  1. Click on Home in the navigation bar
  2. Click on the Administration link on the left navigation bar
  3. Click on the Search Scopes link
  4. Click New
  5. On the General page enter
    1. Display Name: All Contacts
    2. Description: Returns all resources of type Contact
    3. Usage Keyword: (type on separate lines)
      • BasicUI
      • Global
      • Site
      • GlobalSearchResult
    4. Order: 10
  6.  Click Next /li>
  7.  On the Search Definition page enter (case sensitive!)
    1. a. Attribute Searched:
      • DisplayName
      • Email
      b. Search Scope Filter: /Contact
  8. Click Next
  9. On the Results page enter (case sensitive!)
    1. Resource Type: Contact
    2. Attribute: DisplayName;Email
    3. RedirectingURL:
  10. Click Next
  11. On the Localization page click Next
  12. On the Summary tab click Submit

Task 4: Refresh the MIM Portal Cache

In order for the new Search Scope to be visible in the MIM Portal, we will need to run IISRESET to refresh the MIM Portal cache.

  1. Click on the Windows Start button
  2. Launch a Command Prompt and enter IISRESET
  3. Navigate back to the MIM Home Page
  4. Click on the Search within drop-down menu in the upper right side
  5. You should see the inclusion of All Contacts towards the top of the drop down box. Do not attempt to create a Contact resource yet. You won’t be able to since we haven’t given the administrator the proper rights in a permission granting MPR yet.

Task 5: Customize the RCDC

We now need to create a web page for creating, viewing and editing Contact resources.

  1. On the MIM Home Page, click on the link for Resource Control Display Configurations
  2. Click New
  3. On the General page enter
    • Display name: Configuration for Contacts
    • Target Resource Type: Contact
    • Click on Download default create mode template
    • Save to the desktop as Configuration for Contact.XML
    • Click Cancel
    • Find the file Configuration for Contact.XML that you just saved on the desktop and double click on it. Notice that this default XML file generated contains the definition of a Resource Control Display Configuration (RCDC) with web controls for all the attributes that the resource type Contact contains in the MIM schema.
  4. Edit the RCDC to only include Display Name, First Name, Last Name, and E-Mail.
  5. Let's import the RCDC definition from an XML file that we have already customized. On the MIM Home Page, click on the link for Resource Control Display Configurations
  6. Click New
  7. On the General page do the followings:
    1. For Display name enter: Configuration for Contact
    2. For Target Resource Type select Contact
    3. For Configuration Data click on the Browse button
    4. Navigate to the desktop and select Configuration for Contact.XML   
    5. Select the check box Applies to Create. This will make sure the RCDC you are defining will be used when you create a new resource of type Site.
    6. Select the check box Applies to Edit. This will make sure the RCDC you are defining will be used when you edit an existing resource of type Site.
    7. Select the check box Applies to View. This will make sure the RCDC you are defining will be used when you view an existing resource of type Site.
    8. Click Next
  8. On the Localization page, click Next
  9. On the Summary page click Submit
  10. Open a Command Prompt and run IISRESET for the new RCDC to take effect.

Task 6: Create a Set of All Contacts

Next, we create a Set which has a filter condition based on the resource type we previously created: Contact.

  1. On the left side Navigation Bar of the MIM Home page, click on the Sets link
  2. Click New
  3. On the General page enter: • Display name: All Contacts
    1. Description: Contains all resources of type Contact.
  4. Click Next
  5. On the Criteria-based Members page do the followings:
    1. Click on All resources
    2. Select Contact from the list
    3. Click Finish
    4. On the Summary page click Submit

Task 7: Create an MPR for Contact Resource Management

We are going to create an MPR for the CONTOSO Support Desk team.

  1. Click on Management Policies on the left side of the MIM Home Page
  2. Click on New
  3. On the General Information tab enter:
    1. Display Name: _Contoso_Support_Desk can Manage Contact Resources
    2. Type: Request
    3. Disabled: not selected
  4. Click on Next
  5. On the Operation and Users page do the followings:
    1.  Requestors: Administrators in the Specific Set of Requestors
    2. Operations:
      1. Create resource: checked
      2. Delete resource: checked
      3. iii. Read resource: checked
      4. Modify a single-valued resource attribute: checked

    3. Grants permission: selected
  6. Click on Next
  7. On the Target Resources page enter:
    1. Target Resource Definition before request: enter All Contacts
    2. Target Resource Definition after request: enter All Contacts
    3. Attributes: select (Needed Attributes)
  8. Click on Next
  9. On the Policy Workflows page, Click on Next
  10. On the Summary page click Submit

Task 8: Add a Contact link to the MIM navigation bar

We will now add a Contact link to the bottom of the MIM Navigation Bar:

  1. Click on the Home link in the upper left
  2. Click on the All Resources link on the right of the MIM Home Page
  3. Find Contact in the list of All Resources and click on it
  4. Copy the URL of the page that loads for later use
  5. Click on the Home link in the upper left
  6. Click on the Navigation Bar Resources link on the right of the MIM Home Page
  7. Click New
  8. On the General tab enter: • Display Name: Contacts • Description: • Usage Keyword: BasicUI
  9. Click Next
  10. On the UI Position tab enter:
    1. • Parent Order: 99
    2. Order: 0
  11. On the Behavior tab enter 
    1. Navigation URL: paste in the URL you copied earlier and replace the "http://...com" portion of the URL with a "~".
  12. Click Next
  13. On the Localization page, click Next
  14. On the Summary page, click Submit
  15. Click on the Windows Start button
  16. Launch a Command Prompt and enter IISRESET
  17. Open a new instance of Internet Explorer
  18. Navigate back to the MIM Home Page
  19. Note the Contacts link should appear beneath Administration on the left navigation bar.

Task 9: Add Contact Object to Sync Filter

Perform the next task to allow the MIM Synchronization Engine to see the new resource type and make it available for synchronization with other data sources.

  1. Click on the All Resources link on the right side of the MIM home page
  2. Click the right arrow to go to the second page of the resources listed
  3. Click on the Synchronization Filter link
  4. Click on the Synchronization Filter resource (there should be only one)
  5. Click on the Extended Attributes tab
  6. Add ;Contact to the end of the string in the Synchronize ObjectTypeDescription field
  7. Click the Validate and resolve control (the green checkmark)
  8. Click OK
  9. You should see a Select Resource window opening up with a list of resources that match Site. Select the resource which has a Resource Type of Resource Type Description.
  10. Click OK
  11. Click OK again and on the Summary page click Submit

Task 10: Refresh the MIM Management Agent Schema

In order to see the new object type in the MIM Management Agent, we need to refresh the schema.

  1. Launch the Synchronization Service Manager console
  2. Click the Management Agents tab
  3. Click on the MIM Management Agent
  4. In the Action menu to the right click Refresh Schema
  5. Click OK to proceed
  6. Supply the password
  7. Click Close
  8. Click on Properties in the Actions menu to the right
  9. Click on Select Object Type
  10. Click the Show All checkbox
  11. Click on the checkbox next to Contact
  12. Click on Select Attributes
  13. Click the Show All checkbox
  14. Click on the checkbox next to Name
  15. Click OK

Task 11: Create a Contact Metaverse schema object type

We will now create a Contact Metaverse schema object type.

  1. In the Synchronization Service Manager, go to the Metaverse Designer
  2. Click on the person object
  3. Click on Copy Object Type
  4. Create the object type name: contact
  5. Click OK

 

Task 12: Configure the MIM Management Agent

We will now go to the MIM Management Agent and map the Contact (Connector Space) object to the Contact Metaverse object we just created.

  1. Open up the properties of the MIM Management Agent
  2. Click on Configure Object Type Mappings
  3. Click on Contact
  4. Click on Add Mapping and select the Metaverse object type: contact

  5. Click OK
  6. Click on Configure Attribute Flow
  7.  Make sure the following attributes are set for import flow (in addition to others required):
    1. Name --> cn
    2. displayName --> displayName
    3. FirstName --> firstName
    4. LastName --> lastName
    5. Email --> email

Task 13: Configure the ADDS Management Agent

We will now configure the ADDS Management Agent

  1. In the Synchronization Service Manager click on the ADDS Management Agent
  2. Click on Select Object Types
  3.  Click on contact
  4.  Click on Select Attributes and verify the following attributes are selected (in addition to others required):
    1. cn
    2. displayName
    3. givenName
    4. sn
    5. mail
  5. Click on Configure Attribute Flow
  6.  Add contact object type
  7.  Make sure the following attributes are set for export flow:
    1. cn <-- cn
    2. displayName <-- displayName
    3. givenName <-- firstName
    4. sn <-- lastName
    5. mail <-- email

 

 

Task 14: Create Outbound Sync Rule “AD Contact Inbound/Outbound Sync Rule”

We will now create the Outbound Sync Rule “AD Contact Inbound/Outbound Sync Rule” to specific metaverse resources of this type based on OSR

  1. Relationship: Contact, AD, contact
  2. displayName -> displayName
  3. Name --> cn
  4. displayName --> displayName
  5. FirstName --> firstName
  6. LastName --> lastName
  7. Email --> email “SMTP:” + email -> proxyaddresses

Create resource

Disconnect MIM resource

Outbound attribute flow

(initial flow only) “cn=” + cn + “,OU=Contacts,DC=contoso,DC=com” “cn=” + cn + “,OU=Contacts,DC=contoso,DC=com”

 

Task 15: Create Workflow “AD Contact Provision Workflow”

Create workflow “AD Contact Provision Workflow” and add “AD Contact Outbound Sync Rule” sync rule.

 

Task 16: Create MPR to tie Workflow to “All Contacts”

Set Create MPR to connect workflow to “All Contacts” Set

 

Task 17: Enable Synchronization Rule Provisioning

In the MIM Sync engine, click on Tools, Options, and select Enable Synchronization Rule Provisioning.

 

Task 18: Import MIM Test Contact

We will now import the MIM test contact into the Metaverse

  1. In the Synchronization Service Manager click on the MIM Management Agent
  2. On the Actions menu click Run
  3. Select Full Import
  4. Click OK
  5. Click on the Add link in the Status Pane to the lower left and verify that the test contact object was imported.
  6. On the Actions menu click Run
  7. Select Full Synchronization
  8. Click OK You should now see contact objects in the metaverse and AD connector space.

 

Task 19: Export the contact to ADDS

Run an export on AD MA. You should now see contact objects in ADDS.

 

↑ Return to Top