The primary purpose of a metadirectory is to gather identity information from multiple sources and combine it in a single location so that the data can be easily administered from one location. Each data source that contributes to or receives data from the metadirectory is known as a connected data source. A connected data source can be an enterprise directory, a mail directory, a human resources database, or data in flat files, such as LDIF or delimited text files.

Microsoft® Forefront Identity Manager (FIM) 2010 supports the following connected data sources:

• Active Directory Domain Services 2000, 2003, 2003 R2, 2008
  
  
• Active Directory Lightweight Directory Services (ADLDS)
  
  
• Active Directory global address list (GAL)
  
  
• Attribute-value pair text files
  
  
• FIM Certificate Management
  
  
• Delimited text files
  
  
• Directory Services Markup Language (DSML) 2.0
  
  
• Microsoft Exchange Server 2007 and 2010 (use the management agent for Active Directory)
  
  
• Microsoft SQL Server 2000, SQL Server 2005, SQL Server 2008
  
  
• Fixed-width text files
  
  
• IBM DB2 Universal Database 9.1 or 9.5
  
  
• IBM Directory Server 6.0 or 6.2
  
  
• LDAP Data Interchange Format (LDIF)
  
  
• Lotus Notes release 6.5 or 7.0
  
  
• Novell eDirectory 8.7.3 or 8.8
  
  
• Oracle10g Database
  
  
• AP R/3 Enterprise (4.7), mySAP 2004 (ECC 5.0)
  
  
• Sun ONE and Netscape Directory Server 5.1 and 5.2
  
  

Management agents control the data flow between a connected data source and the metaverse. There is a management agent for each supported connected data source. To configure a management agent, you use a set of user-defined properties to determine how objects from the connected data source are synchronized with the metaverse. The property set of a management agent differs slightly depending on the management agent type, but all management agents perform the following common tasks:

• Schema discovery. The management agent generates a schema based on the objects and attributes in the connected data source.
  
  
• Configure the Connector Filter. The connector filter controls which objects from the connector space are processed by the management agent. You use connector filters to prevent selected connector space objects from synchronizing with objects in the metaverse.
  
  
• Configure Join and Projection. Join and projection rules determine how an object from the connector space is synchronized with an object in the metaverse. If a similar object already exists in the metaverse and meets specific criteria, the connector space object can be joined, or linked, to that metaverse object. If a similar object is not found in the metaverse, the connector space object can be projected to the metaverse; that is, a corresponding new metaverse object is created.
  
  
• Configure Attribute Flow. When you configure attribute flow, you map the attributes of the connected data source object to the attributes of the metaverse object type.
  
  
• Configure Deprovisioning. Deprovisioning determines how connector space objects are processed after they have been deleted from the metaverse object, or disconnected due to provisioning.
  
  
• Configure Rules Extensions. You can further control how the management agent processes data by writing a rules extension for the management agent. You can use rules extensions to perform customized actions, such as searching for a specific attribute value or catching synchronization errors. For more information about rules extensions, see the FIM Developer Reference.
  
  

For more information about how management agents process data, see Understanding Management Agent Rules.

Management agents can be one of two types: call-based or file-based. Call-based management agents use a real-time connection to import data from and export data to the connected data source, whereas file-based management agents use a text file to import data from and export data to the connected data source.

The management agent for extensible connectivity is a special management agent provided with FIM that you can use to develop a management agent that can synchronize with any connected data source. It is part of the FIM management agent software development kit (SDK). The management agent SDK is set of tools, interfaces, documentation, and sample code needed to develop a custom management agent. You can use the management agent SDK and the management agent for extensible connectivity to develop management agents that integrate with the Synchronization Service Manager configuration without creating your own user interface. Some of the tasks you can perform with the management agent SDK are:

• Authenticating and connecting to connected data sources
  
  
• Creating and importing files from a connected data source to FIM
  
  
• Performing delta exports to a connected data source or file
  
  

When you create an extensible management agent, you specify a previously configured extension DLL file that contains the configuration information necessary to create the management agent and connect to the data source. When the management agent is run, the extension DLL will query the connected data source and create an import file for the management agent. The management agent then uses this import file and runs in the same manner as any other file-based management agent. The extension DLL can also create an export file to export connector space data out to the connected data source.

For more information, see Using the Management Agent for Extensible Connectivity, or see the FIM Developer Reference.

FIM provides you with flexibility for connecting to a wide range of connected data sources using management agents. In addition to the management agents included when you install FIM, Microsoft makes available new management agents online. For the latest information about management agents available for FIM, see the FIM Technical Library (http://go.microsoft.com/fwlink/?LinkID=101307).

Management agent run profiles

Each management agent contains a schema that is created from the structure of the data in the connected data source. The schema is created in different ways, depending on the management agent type. The following table lists and describes the management agent types.

	Note
	After you create a management agent, the schema for that management agent persists with the configuration for that management agent The schema is updated only when the user explicitly requests it by using the Refresh Schema command in Management Agents. For information about refreshing the schema, see Configuring Management Agents.

Each management agent configured in FIM contains data that needs to be secured, for example the credentials required to connect to the target data source, and any SetPassword calls made by that management agent. All credential data is encrypted using a Windows Crypto API key, which is stored securely in the FIM SQL database. The following table lists the encryption technologies supported by FIM to bind and connect to the target data source, and to secure SetPassword calls.