Quest Management Agent for Forefront Identity Manager



Similar documents
Enterprise Single Sign-On Installation and Configuration Guide

Enterprise Single Sign-On 8.0.3

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

10.2. Auditing Cisco PIX Firewall with Quest InTrust

An Introduction to Toad Extension for Visual Studio. Written By Thomas Klughardt Systems Consultant Quest Software, Inc.

Direct Migration from SharePoint 2003 to SharePoint 2010

6.0. Planning for Capacity in Virtual Environments Reference Guide

Foglight for SQL Server

Go Beyond Basic Up/Down Monitoring

Secure and Efficient Log Management with Quest OnDemand

Eight Best Practices for Identity and Access Management

Foglight Foglight Experience Viewer (FxV) Upgrade Field Guide

Migrating Your Applications to the Cloud

Quest ChangeAuditor 5.0. For Windows File Servers. Events Reference

Taking Unix Identity and Access Management to the Next Level

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

The Active Directory Recycle Bin: The End of Third-Party Recovery Tools?

Quest One Password Manager

Quick Connect Express for Active Directory

Toad for Oracle Compatibility with Windows 7 Revealed

Using Stat with Custom Applications

Quest ChangeAuditor 4.8

6.5. Web Interface. User Guide

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

2009 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Disclaimer

Key Methods for Managing Complex Database Environments

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

4.0. Offline Folder Wizard. User Guide

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

Proactive Performance Management for Enterprise Databases

Six Steps to Achieving Data Access Governance. Written By Quest Software

Quest One Privileged Account Appliance

Enterprise Single Sign-On Getting Started with SSOWatch

FOR WINDOWS FILE SERVERS

Moving to the Cloud : Best Practices for Migrating from Novell GroupWise to Microsoft Exchange Online Standard

Defender Delegated Administration. User Guide

The Case for Quest One Identity Manager

An Innovative Approach to SOAP Monitoring. Written By Quest Software

formerly Help Desk Authority Quest Free Network Tools User Manual

Web Portal Installation Guide 5.0

8.7. Resource Kit User Guide

Quest Support: vworkspace Troubleshooting Guide. Version 1.0

6.7. Quick Start Guide

2.0. Quick Start Guide

Top Seven Tips and Tricks for Group Policy in Windows 7

4.7. Administrator Guide

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Spotlight on Messaging. Evaluator s Guide

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Quest Application Performance Monitoring Implementation Methodology

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Enterprise Single Sign-On User Guide

formerly Help Desk Authority Upgrade Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

6.7. Replication: Best Practices and Troubleshooting

Defender 5.7. Remote Access User Guide

Foglight. Dashboard Support Guide

Quest vworkspace Virtual Desktop Extensions for Linux

8.7. Target Exchange 2010 Environment Preparation

System Requirements and Platform Support Guide

Big Brother Professional Edition

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Quest Migration Manager 3.2

ActiveRoles 6.8. Web Interface User Guide

Foglight Managing Microsoft Active Directory Installation Guide

Quest Privilege Manager Console Installation and Configuration Guide

Quest Collaboration Services How it Works Guide

Foglight. Managing Hyper-V Systems User and Reference Guide

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Deployment Guide 6.7

formerly Help Desk Authority HDAccess Administrator Guide

Gain Control of Space with Quest Capacity Manager for SQL Server. written by Thomas LaRock

Foglight Cartridge for Active Directory Installation Guide

Are You Spending More than You Realize on Active Directory Management?

New Features and Enhancements

for Oracle User Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Quest Collaboration Services 3.5. How it Works Guide

Dell Statistica Statistica Enterprise Installation Instructions

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

Transcription:

Quest Management Agent for Forefront Identity Manager Version 1.0 Administrator Guide

2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software, Inc. If you have any questions regarding your potential use of this material, please contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com email: legal@quest.com Refer to our Web site for regional and international office information. TRADEMARKS Quest, Quest Software, the Quest Software logo, Aelita, Akonix, Akonix, AppAssure, Benchmark Factory, Big Brother, ChangeAuditor, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, GPOAdmin, I/Watch, Imceda, InLook, IntelliProfile, InTrust, Invertus, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, MessageStats, NBSpool, NetBase, Npulse, NetPro, PassGo, PerformaSure, Quest Central, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, vanalyzer, vautomator, vcontrol, vconverter, vessentials, vfoglight, vmigrator, voptimizer Pro, vpackager, vranger, vranger Pro, vreplicator, vspotlight, vtoad, Vintela, Virtual DBA, VizionCore, Vizioncore vautomation Suite, Vizioncore vessentials, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners. Third Party Contributions Quest Management Agent for Forefront Identity Manager contains some third party components (listed below). Copies of their licenses may be found on our website at www.quest.com/legal/third-party-licenses.aspx. COMPONENT LICENSE OR ACKNOWLEDGEMENT.NET logging library 1.0 BSD 4.4 Disclaimer The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. Quest Management Agent for Forefront Identity Manager - Administrator Guide Updated - December 03, 2010 Software Version - 1.0

CONTENTS INTENDED AUDIENCE............................................ 5 CONVENTIONS................................................ 5 ABOUT QUEST SOFTWARE......................................... 6 CONTACTING QUEST SOFTWARE.................................. 6 CONTACTING QUEST SUPPORT................................... 6 ABOUT MANAGEMENT AGENT FOR FIM................................ 7 SYSTEM REQUIREMENTS.......................................... 7 DEPLOYING MANAGEMENT AGENT FOR FIM............................. 8 STEP 1: INSTALL MANAGEMENT AGENT FOR FIM........................ 8 STEP 2: CREATE MANAGEMENT AGENT IN FIM SYNCHRONIZATION SERVICE MANAGER. 8 CONFIGURING MANAGEMENT AGENT FOR FIM........................... 8 REMOVING MANAGEMENT AGENT FOR FIM............................ 11 iii

Quest Management Agent for Forefront Identity Manager iv

Administrator Guide Intended Audience This document has been prepared to familiarize you with Quest Management Agent for Forefront Identity Manager. The Administrator Guide contains the information required to install and start using Quest Management Agent for Forefront Identity Manager. It is intended for network administrators, consultants, analysts, and any other IT professionals who want to evaluate the product. Conventions In order to help you get the most out of this guide, we have used specific formatting conventions. These conventions apply to procedures, icons, keystrokes and cross-references. ELEMENT Select Bolded text Italic text Bold Italic text Blue text CONVENTION This word refers to actions such as choosing or highlighting various interface elements, such as files and radio buttons. Interface elements that appear in Quest Software products, such as menus and commands. Used for comments. Used for emphasis. Indicates a cross-reference. When viewed in Adobe Reader, this format can be used as a hyperlink. Used to highlight additional information pertinent to the process being described. Used to provide Best Practice information. A best practice details the recommended course of action for the best result. Used to highlight processes that should be performed with care. + A plus sign between two keystrokes means that you must press them at the same time. A pipe sign between elements means that you must select the elements in that particular sequence. 5

Quest Management Agent for Forefront Identity Manager About Quest Software Quest Software simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest go to www.quest.com. Contacting Quest Software Email Mail Web site info@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com Please refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com/ From SupportLink, you can do the following: Quickly find thousands of solutions (Knowledgebase articles/documents). Download patches and upgrades. Seek help from a Support engineer. Log and update your case, and check its status. View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at http://support.quest.com/pdfs/global Support Guide.pdf. 6

Administrator Guide About Management Agent for FIM Quest Management Agent for Forefront Identity Manager allows you to combine the capabilities provided by Quest ActiveRoles Server and Microsoft Forefront Identity Manager (FIM) to automate user management tasks. With Quest Management Agent for Forefront Identity Manager you can benefit from the bi-directional synchronization of user accounts, groups, and other directory objects between FIM and the Active Directory domains and AD LDS (ADAM) instances managed by ActiveRoles Server. Synchronization includes the import of directory data from specified Active Directory containers and the export of user accounts, groups, and other directory objects from FIM to Active Directory, as well as password resets triggered from FIM to Active Directory. Both the import and export operations are performed via ActiveRoles Server, allowing you to use ActiveRoles Server s security, workflow integration, reporting benefits, and automation of directory management tasks in compliance with your organization s business rules and security policies. For organizations that rely on FIM for enterprise provisioning, Quest Management Agent for Forefront Identity Manager facilitates the user provisioning in Active Directory based on users identities in corporate data stores. With the ability to export identity information from FIM to ActiveRoles Server, the Management Agent makes it possible to have FIM populate Active Directory based on business policies defined in ActiveRoles Server. System Requirements The computer where you want to install Quest Management Agent for Forefront Identity Manager must meet the following system requirements: PROCESSOR MEMORY HARD DISK SPACE OPERATING SYSTEM REQUIRED SOFTWARE x64 capable 2 GB or more of RAM 10 MB or more of free disk space 64-bit edition of Windows Server 2008 or Windows Server 2008 R2, Standard or Enterprise Microsoft Forefront Identity Manager 2010 Synchronization Service Quest ActiveRoles Server ADSI Provider 6.1, 6.5, or 6.7 (it is supplied with the Quest ActiveRoles Server installation package) Quest ActiveRoles Server 6.1, 6.5, or 6.7 (it must be installed on the computer where you want to deploy Quest Management Agent for FIM or be accessible from that computer) 7

Quest Management Agent for Forefront Identity Manager Deploying Management Agent for FIM To deploy Quest Management Agent for Forefront Identity Manager, complete the next steps. Step 1: Install Management Agent for FIM 1. Ensure the computer where you want to install the Management Agent meets the system requirements (see System Requirements on page 7). 2. Run the ManagementAgentForFIM_x64.msi file supplied with the Management Agent installation package. 3. Complete the Setup Wizard. Step 2: Create Management Agent in FIM Synchronization Service Manager 1. On the computer where you installed Management Agent for FIM in Step 1, start FIM Synchronization Service Manager (click Start All Programs Microsoft Forefront Identity Manager Synchronization Service). 2. On the Tools menu, click Management Agents. 3. On the Actions menu, click Create. 4. From the Management agent for list, select Active Directory (ActiveRoles Server Management Agent, Quest Software, Inc.), and then click Next. 5. Follow the steps in the Management Agent Designer to configure the Management Agent. For more information on the options you need to configure, see Configuring Management Agent for FIM on page 8. Configuring Management Agent for FIM To configure the various parameters of Quest Management Agent for Forefront Identity Manager, use the Management Agent Designer provided in FIM Synchronization Service Manager. When you are creating a new Management Agent in FIM Synchronization Service Manager, the Management Agent Designer starts automatically so that you could configure the newly-created Management Agent. For more information on the options you need to configure in the Management Agent Designer, see the table later in this section. To reconfigure an existing instance of Management Agent for FIM, you need to open the Management Agent Designer manually. To open the Management Agent Designer manually 1. Start FIM Synchronization Service Manager (click Start All Programs Microsoft Forefront Identity Manager Synchronization Service). 2. On the Tools menu, click Management Agents. 3. Under Management Agents, select the entry that represents Management Agent for FIM. 4. On the Action menu, click Properties, and then use the Management Agent Designer to configure the Management Agent. For more information on the options you need to configure, see the table below. 8

Administrator Guide The following table describes the options you need to configure in the Management Agent Designer in order to prepare Quest Management Agent for FIM for working with FIM and Active Directory: MANAGEMENT AGENT DESIGNER PAGE Properties (when you are creating a new Management Agent, this page is titled Create Management Agent) Configure Connection Information YOUR ACTION Specify values as necessary. For more information about the options provided on this page, see Help in FIM Synchronization Service Manager. Specify what ActiveRoles Server Administration Service you want to use for the synchronization operations. You can use one of the methods described below. Method 1: Always use specified Administration Service With this method, the Management Agent performs synchronization operation using the Administration Service you specify. To use Method 1 1. In the Connect To box, type the NetBIOS name, IP address, or Fully Qualified Domain Name (FQDN) of the computer running the ActiveRoles Server Administration Service you want to use. 2. Use the User and Password boxes to type the user name and password of the account that has sufficient rights on the Administration Service you specified in the Connect To box. Method 2: Use any available Administration Service in an ActiveRoles Server replication group To increase the reliability of your environment, you can configure the Management Agent to use any available ActiveRoles Server Administration Service in a particular ActiveRoles Server replication group. With this method, the Management Agent does not rely on a single Administration Service. Rather, the Agent will use any Administration Service available in a particular ActiveRoles Server replication group. This method is available only if ActiveRoles Server replication is used to synchronize configuration data in your environment. For more information about ActiveRoles Server replication, see the ActiveRoles Server Administrator Guide. To use Method 2 1. In the Connect To box, type the NetBIOS name, IP address, or Fully Qualified Domain Name (FQDN) of the computer running the ActiveRoles Server Administration Service whose database server acts as the Publisher for the configuration database. The Management Agent will use any available Administration Service that belongs to the same ActiveRoles Server replication group holding the specified Administration Service. 2. Use the User and Password boxes to type the user name and password of the account that has sufficient rights on the Administration Service you specified in the Connect To box. 3. On the Configure Additional Parameters page, set the value of the UseAnyAvailableAdminService parameter to True. For more information, see the description of the Configure Additional Parameters page later in this table. 9

Quest Management Agent for Forefront Identity Manager MANAGEMENT AGENT DESIGNER PAGE Configure Additional Parameters YOUR ACTION Use the Parameters list to configure the synchronization scope and specify whether you want to use a particular ActiveRoles Server Administration Service or any available Administration Service in a particular ActiveRoles Server replication group. Configuring Synchronization Scope By default, the synchronization scope includes all containers in Active Directory: in the Parameters list, the value of the parameter CN=Active Directory is set to Include. You can narrow the synchronization scope by including or excluding specific containers. To configure the synchronization scope 1. Do one of the following: - To create a new entry in the list, click the New button. - To edit an existing entry, select the entry and click the Edit button. 2. In the Parameter name box, type the Distinguished Name of the container you want to include in or exclude from the synchronization scope. 3. In the Value box, do one of the following, and then click OK: - If you want to include the container in the scope, type Include. - If you want to exclude the container from the scope, type Exclude. 4. Repeat steps 1-3 if necessary. Using Any Available Administration Service By default, the Management Agent uses only the ActiveRoles Server Administration Service you specified on the Configure Connection Information page. To increase the reliability of your environment, you can configure the Management Agent to use any available ActiveRoles Server Administration Service in a particular ActiveRoles Server replication group. To use any available Administration Service 1. Make sure that in the Connect To box on the Configure Connection Information page you specify the Administration Service that acts as the Publisher in the ActiveRoles Server replication group where you want to use any available Administration Service. 2. On the Configure Additional Parameters page, double-click the UseAnyAvailableAdminService parameter, and then change the value in the Value box to True. 3. Click OK. Configure Attributes Map Object Types Specify values as necessary. For more information about the options provided on these pages, see Help in FIM Synchronization Service Manager. Define Object Types Configure Connector Filter Configure Join and Projection Rules Configure Attribute Flow Configure Deprovisioning Configure Extensions 10

Administrator Guide Removing Management Agent for FIM To remove Management Agent for FIM 1. Open the list of installed programs: a) On the computer where the Management Agent is installed, click Start. b) In the Search box, type appwiz.cpl, and then press ENTER. 2. In the list of installed programs, select Quest Management Agent for Forefront Identity Manager, and then click Uninstall. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information