How to Use the MsMMS-ManagedByMa Attribute to Create Users in Active Directory (285298)
The information in this article applies to:
- Microsoft Metadirectory Services 2.2
This article was previously published under Q285298 SUMMARY
This article discusses the msMMS-ManagedByMA attribute, a new attribute introduced in Microsoft Metadirectory Services, version 2.2.
This attribute has been designed exclusively for the Active Directory Management Agent (MA). It enables the administrator to tag a metaverse object with a value of a Distinguished Name (DN) of one or more MAs. If you set this attribute on the metaverse object, you can configure the Active Directory MA to create a User object instead of the default behavior of a contact.
This attribute is multivalued. It enables you to create users or to disable users in multiple locations. Generally, this attribute is used with service provisioning scenarios, for example, in Microsoft Exchange 2000 situations where you are required to create a mailbox in one forest, but the primary user account resides in another forest.
MORE INFORMATION
The attribute assignment resembles the following example:
$mv.msMMS-ManagedByMA =
ma=ADMA,DsaName=MMS1,OU=application,DC=microsoft,DC=com
You can add additional values to this attribute, such as:
$mv.msMMS-ManagedByMA +=
ma=Corp,DsaName=MMS1,OU=application,DC=microsoft,DC=com
You may need more advanced scripting to control which metaverse objects are tagged with this attribute. In the following example, the advanced flow script assigns to software development engineers the Distinguished Name of the MA that manages the Dev Active Directory forest, all other employees are created as users in the Corp Active Directory forest, which is managed by the Corp Active Directory MA:
if $mv.organizationalRole = SDE
then
# SDE = Software development engineer; these individuals are to be created
# as Users in the Dev forest managed by the Dev Active Directory management agent
$mv.msMMS-managedByMA=
ma=DEV,DsaName=MMS1,ou=Applications,dc=microsoft,dc=com
else
# All other employees are to be created in the Corp forest
# managed by the Corp Active Directory management agent
$mv.msMMS-managedByMA=
ma=CORP,DsaName=MMS1,ou=Applications,dc=microsoft,dc=com
endif
The msMMS-managedByMA attribute can be set by means of a program on metaverse objects in one of the following two ways:
- This value can be set by means of the Advanced Attribute Flow template on the primer MA.
- By means of the Drag-and-Drop template on the MA assigned to the target MA.
Method 1
You can set this value using the Advanced Attribute Flow template on the primer MA, by performing the following steps: - Select the MA (primer MA) that can create the user in the metaverse.
- In the Action Panel, click Attribute Flow.
- Click the Advanced Flow Script tab.
- Make the assignment using the $mv.msMMS-ManagedByMA attribute to assign this value to the users metaverse object. For example,
$mv.msMMS-ManagedByMA = ma=ADMA,DsaName=MMSServer,OU=application,DC=microsoft,DC=com
NOTE: This value is assigned to the metaverse object when the primer MA runs.
Method 2
You can set this value using the Drag-and-Drop template on the target MA, by performing the following steps:
- Select the MA (target MA) where the connector space objects are to be created.
- In the Action Panel, click Design MA.
- Click the Control Connected Directory tab.
- Click the Output Construction tab.
- Click New Connectors tab.
- Add the following lines of code to this template:
$mvp.msMMS-ManagedByMA = $MA()
$mvp.zcMisc1 = UpdateNow
- In addition you need to add the following lines of code to the Advanced Attribute Flow template:
if $mvp.zcMisc1 = UpdateNow
then
$mv.msMMS-ManagedByMA = $mvp.msMMS-ManagedByMA
endif
The attribute is defined as:
- DN: ZAN=msMMS-managedByMA,ZAN=ADMA,ZAN=MMS,ZAN=ms,F=Attributes
- -cn;M: msMMS-managedByMA
- -zcOid;M: 1.2.840.113556.1.6.7.1.700.16.1.47
- zcSyntax;M: T61String
- zcMultiValued;M: M
| Modification Type: | Minor | Last Reviewed: | 1/25/2006 |
|---|
| Keywords: | kbenv kbinfo KB285298 |
|---|
|