Using 2nd MIM as Data Generator for Referential Objects

using a 2 nd mim as data generator n.w
1 / 12
Embed
Share

Explore how Peter Stapf, an MVP in Directory Services, utilized a 2nd MIM as a data generator to manage referential objects efficiently. Discover the challenges, environmental facts, requirements, and solution implemented in this complex environment.

  • Directory Services
  • Data Generator
  • Peter Stapf
  • Referential Objects
  • Identity Management
rayaanacharya
kran_yli Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Using a 2nd MIM as data generator for referential objects Peter Stapf MVP - Directory Services 14. October 2015

  2. About me Age: 44 Location: Germany MVP (Directory Services) Senior Consultant @ Main focus: IDM, AD, Azure Working on IDM since 2006 Blog: http://justIDM.wordpress.com

  3. Environment PROD DEV UAT domain.com x.domain.com t.domain.com int.domain.com int.x.domain.com int.t.domain.com SBX sbx.domain.com FIM 2010 R2 DEV FIM 2010 R2 UAT FIM 2010 R2 Production EXT DEV EXT UAT EXT Prod ext.x.domain.com ext.t.domain.com ext.domain.com

  4. Environmental facts Internal Forests External Forests 1200 Users 80000 Users 2500 Groups 5 major roles/groups 3000 Contacts Users grow 250/week Admin accounts in each domain Admin accounts in each domain Additional personalized accounts Additional personalized accounts Historical facts Implemented in 2004 with MIIS Currently 25 Management Agents Migrated to ILM, FIM, FIM R2, (MIM) Re-use DB all the time Portal for Admin, Helpdesk, Team management

  5. Requirements Collect and import additional account from all forests/domains Reference additional accounts to employees Display account status and permissions Reporting for IT/Security management Identify accounts without referenced users Improper created accounts (EmployeeID for reference) Accounts of deactivated employees Account of employees that has left company Accounts not currently referenced to employees

  6. Challenge

  7. Challenges & Options Challenges The 3 stage environment itself Reference cross forest/domain resources Access rights, permissions and firewall rules Options Connect each forest to each FIM PowerShell Scripts/Connector to import data from all forests/domain Separate MIM Sync to collect data from all forests/domain

  8. Solution Multivalue Groupmember Multivalue (String) Account <> Group 7x PS MA Group Memberships Combined Multivalue SQL: Union Regular IDM FIM Dev, UAT & Prod Multivalue (Ref) User <> Account Account Data MIM Sync 7x AD MA Additional Accounts Employees & Accounts SQL: Union 1x SQL MA HR Employee Data Employee Data

  9. Solution

  10. Tables, Views, SQL Table: EmployeeData Table: AccountData SELECT ID, ObjectClass, Firstname, Lastname, AccountName, EmployeeStatus, NULL AS samAccountName, NULL AS UPN, NULL AS Domain, NULL AS Description, NULL AS EmployeeNumber, NULL AS pwdLastSet, NULL AS pwdNeverExpires, NULL AS lastLogon, NULL AS accountEnabled FROM EmployeeData UNION SELECT ID, ObjectClass, NULL AS FirstName, NULL LastName, NULL AS Accountname, NULL AS EmployeeStatus, samAccountName, UPN, Domain, Description, EmployeeNumber, pwdLastSet, pwdNeverExpires, lastLogon, accountEnabled FROM AccountData View: IDMAccountView

  11. Tables, Views, SQL Table: AccountData Table: AccountDataMultivalue SELECT EmployeeNumber AS ID, AttributeName, UPN AS AttributeValue FROM dbo.AccountData WHERE (EmployeeNumber IS NOT NULL) SELECT dbo.AccountData.UPN AS ID, dbo.AccountDataMultivalue.AttributeName, dbo.AccountDataMultivalue.AttributeValue FROM dbo.AccountData INNER JOIN dbo.AccountDataMultivalue ON dbo.AccountData.Anchor = dbo.AccountDataMultivalue.Anchor View: IDMAdditionalAccountMultivalue View: IDMGroupMemberMultivalue View: IDMAccountMultivalue

  12. Portal

Related


No related presentations.

More Related Content