Lab A: Implementing a Central Account Scenario Using TAMA

Lab A: Implementing a Central Account Scenario Using TAMA Objectives After completing this lab, you will be able to: !✂Create and configure TAMA resources. !✂Assign TAMA resources to TAMA account profiles Prerequisites !✂Before working on this lab, you must have experience creating and operating management agents. Lab Setup To complete this lab, you need the following: !✂MMS Server installed and running. !✂MMS Compass configured to connect to your server. !✂Run the C:\Moc\2062A\Labfiles\Lab8a.cmd batch file. This will prepare your computer for this lab. Estimated time to complete this lab: 45 minutes 2 Lab A: Implementing aCentral Account Scenario Using TAMA Exercise 1 Creating a Management Agent for the Human Resources Directory In this exercise, you will create a management agent for the Human Resources directory. Scenario Your company, NorthWind Traders, has decided to use MMS to centrally manage the creation and deletion of user accounts. An existing Human Resources directory will be used to create and delete all user accounts. User accounts that are created and deleted in the Human Resources directory need to be automatically created and deleted in Active Directory and Microsoft Exchange Server 5.5 as well. To accomplish this, you will use the TAMA component of MMS. Tasks Detailed Steps 1. Create a new management agent to connect the Human Resources directory to MMS using the following parameters: a. Log on as Administrator with a password of password. b. On the desktop, double-click MMS Compass. c. In the Login dialog box, in the Password box type server (where server is your computer name), and then click OK. • Name of the Management Agent: HR MA • Type of the Management Agent: Tutorial HR (LDIF) Management Agent • Metaverse location: ou=metaverse,dc=domai n,dc=nwtraders,dc=msft (where domain is your assigned domain name) • Management Agent Mode: Reflector • Discovery Parameters: Humongous Insurance. d. In the Servers dialog box, click your server name, and then click OK. e. On the Action pane, click Bookmarks, click Management Agents, and then click Create New Management Agent. f. In the Create Management Agent dialog box, in the Name of the Management Agent box, type HR MA g. In the Type of the Management Agent box, click Tutorial HR (LDIF) Management Agent, and then click Create. h. In the Configure the Management Agent dialog box, on the Connected Directory Specifics tab, on the Mode and Namespace Management tab, in the Metaverse Location box, type ou=metaverse, before the beginning of the current metaverse location (including the comma). i. Ensure that the Management Agent Mode is set to Reflector. j. On the Discovery Parameters tab, ensure that the Dataset to use is set to Humongous Insurance. k. Click OK to create the new management agent. l. Leave MMS Compass open. BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Lab A: Implementing a Central Account Scenario Using TAMA 3 Exercise 2 Connecting Active Directory In this exercise, you will create and configure a management agent for Active Directory. Scenario Before you can use TAMA to add objects to Active Directory, you need to create and configure a management agent for Active Directory. The Active Directory management agent needs to create enabled user accounts. The logon name for each account needs to a combination of the user’s first initial and surname, the user needs to change their password at the initial logon and the default password needs to be set to the user’s surname. Tasks Detailed Steps 1. Create a new management agent to connect Active Directory to MMS by using the following parameters: • Name of the Management Agent: AD MA • Type of the Management Agent: Microsoft Active Directory Management Agent a. In MMS Compass, in the directory pane, click computer_name (where computer_name is your assigned computer name). b. In the control pane, click Create New Management Agent. c. In the Create Management Agent dialog box, in the Name of the Management Agent box, type AD MA d. In the Type of the Management Agent box, click Microsoft Active Directory Management Agent, and then click Create. e. In the Configure the Management Agent dialog box, under Management Agent Mode, click Association. f. On the Active Directory Discovery Settings tab, in the Forest to discover box, type domain.nwtraders.msft (where domain is your • Management Agent Mode: Association • Forest to discover: domain.nwtraders.msft • Username: domain\administrator • Password: password. assigned domain name). g. In the Username box, type domain\administrator in the Password box, type password. h. Leave the Configure the Management Agent dialog box open. BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY 4 Lab A: Implementing aCentral Account Scenario Using TAMA Tasks Detailed Steps 2. Configure the Active Directory Object Creation Settings by using the following parameters: • User Logon Name Construction: First initial and surname (Jsmith) • User Account Creation Settings: Enabled user • Password Generation Script: $sn • User must change password at next logon: Enabled. a. On the Active Directory Object Creation Settings tab click Account Settings. b. In the Account Settings dialog box, under User Logon Name Construction, click First initial and surname (JSmith). c. Under User Account Creation Settings, click Enabled user, and then click Edit the account password generation script. d. In the Edit the account password generation script dialog box, replace the current script with $sn and then click OK. e. In the Account Settings dialog box, ensure that User must change password at next logon is disabled. f. Click OK to close the Account Settings dialog box, and then click OK to close the Configure the Management Agent dialog box. g. In the Change password dialog box, type password and then click OK. h. Leave MMS Compass open. BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Lab A: Implementing a Central Account Scenario Using TAMA 5 Exercise 3 Create an Advanced Flow Script for the HR MA In this exercise, you will create an Advanced Flow Script for the HR MA. This Advanced Flow Script will add the msMMS-ManagedByMA attribute to metaverse namespace entries that are created by the HR MA. Scenario One of the business requirements your organization needs to meet with MMS is to have user accounts created in Active Directory for each employee that is in the Human Resources database. The Active Directory management agent, by default, only creates contacts. To have the Active Directory management agent create users, you need to assign the msMMS-ManagedByMA attribute to all entries in the metaverse namespace that are created by the HR MA. Additionally, you need to assign the distinguished name of the Active Directory management agent as a value for the msMMS-ManagedByMA attribute. You will do this by creating an Advanced Flow Script for the HR MA. Tasks Detailed steps 1. Create an Advanced Flow Script for the HR MA to assign the following attribute and value to metaverse namespace entries created by the HR MA: a. In MMS Compass, click HR MA, and then in the control pane, click Attribute Flow. b. On the Advanced Flow Script tab type $mv.msMMS-!ManagedByMA = ma=AD !MA,DsaName=server,ou=Servers,dc=domain,dc=nwtraders,dc= !msft and then click OK. • Attribute: msMMS-!ManagedByMA. • Value: ma=AD !MA,DsaName=server !,ou=Servers,dc=domai !n,dc=nwtraders,dc=m !sft How can you determine the distinguished name of a management agent? Select the management agent, and then on the View menu, click All attributes. 1. (continued) c. Leave MMS Compass open. BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY ... - tailieumienphi.vn