A

anchor

One or more unique attributes of an object type that does not change and represents an object in the connected data source to which the connector space object is linked (for example, an employee number or a user ID).

See also: attribute; connected data source; connector space object

application directory partition

An Active Directory directory partition that stores application-specific data that can be dynamic (subject to Time to Live restrictions). Application directory partitions can store any type of object except security principals and are not replicated to the global catalog. The replication scope of an application directory partition can be configured to include any set of domain controllers in the forest.

attribute

A property of an object. The schema defines which attributes an object must have and which additional attributes it might have.

See also: anchor; attribute flow; object; schema

attribute flow

The synchronization of attributes between objects in connected data sources, the connector space, and the metaverse. This process can involve the application of rules extensions and filters, and the modification of attributes.

See also: attribute flow precedence; attribute flow rules; connected data source; connector space; metaverse; object

attribute flow precedence

The order in which two or more import attribute flow rules that exist for a single metaverse attribute are evaluated. For example, using direct mapping, attribute flow rule A sets a value from source attribute person:name to metaverse destination attribute person:name, and attribute flow rule B sets a value from source attribute user:firstname to metaverse destination attribute person:name. An attribute flow precedence rule can state that attribute flow rule A takes precedence over attribute flow rule B. When the import attribute flow rules are evaluated, the metaverse destination attribute value for person:name is set by first applying attribute flow rule A. If no value is set by attribute flow rule A, the value is set by attribute flow rule B.

See also: attribute flow; attribute flow rules; management agent; metaverse

attribute flow rules

Rules that determine the process of synchronizing attributes between objects in connected data sources, the connector space, and the metaverse.

See also: attribute flow; attribute flow precedence; connected data source; connector space; metaverse; object

attribute mapping

The specification of unidirectional relationships between connector space and metaverse attributes. You use attribute mappings to define attribute flow rules.

See also: attribute flow; attribute flow rules; connector space; constant mapping; direct mapping; metaverse

attribute-value pair (AVP)

Data that consists of a single attribute followed by the attribute's value, which is separated by a colon (for example, name:Fred). This does not apply to all management agent types.

AVP

See definition for: attribute-value pair (AVP)

B

There are no glossary terms that begin with this letter.

C

call-based management agent

Any management agent that uses a real-time connection to the data source to import or export data.

See also: connected data source; management agent

change type attribute

An attribute applicable to text file and database management agents that denotes the type of change (that is, add, modify, or delete) to be made to a connector space object.

See also: attribute; connector space object; management agent

collation

A set of rules that determines how data is compared, ordered, and presented. Character data is sorted using collation information, including locale, sort order, and case-sensitivity.

connected data source

A directory, database, file, or other data repository.

See also: identity information; metaverse; synchronization

connector filter

A rule that you use to prevent connector space objects from linking to metaverse objects.

See also: connector object; connector space object; disconnector object; filtered disconnector object; metaverse object

connector object

An object in the connector space that represents an object in a connected data source and is currently linked to an object in the metaverse. The metadirectory uses connector objects to synchronize attribute values between a connected data source and the metaverse.

See also: attribute; connected data source; connector space; connector space object; disconnector object; explicit connector object; metaverse; object; synchronization

connector space

A staging area that contains representations of selected objects and attributes in a connected data source.

See also: attribute; connected data source; connector space object; management agent; metaverse; object

connector space object

An object in the connecter space that is either created by a data import from the connected data source or by provisioning. These objects hold attribute values that can be imported or exported from corresponding objects in the connected data source or the metaverse.

See also: attribute; connected data source; connector object; connector space; disconnector object; metaverse; object; provisioning

constant mapping

A type of attribute mapping that specifies a single destination attribute and a constant string value for that attribute.

See also: attribute mapping; direct mapping; string

convergence

The ability to define a set of business rules that govern the flow of identity information, which can be enforced over time by the metadirectory.

See also: identity information; metadirectory

custom data input file

A file that contains the actual data that you want to import into the metadirectory by using a file-based management agent.

See also: file-based management agent; metadirectory; template input file

D

data lineage

The history of an object in the metadirectory.

See also: metadirectory; object

data store

The location where data is stored. For example, a SQL database. You can import data to, export data from, and modify data within a data store.

delimited text file

A file containing values separated by commas, tabs, semicolons, or other characters.

delta export

An export of only data that has been changed in the metadirectory. All exports to the connected data sources are delta exports. Depending on the type of management agent that you use, the changes implemented by an export can be at the attribute, object, or value level.

See also: attribute; attribute flow precedence; connected data source; join rules; metadirectory; metaverse; object

delta import

An import, into the connector space, of only data that has changed in the connected data source since the last synchronization between the connected data source and the connector space.

See also: attribute flow; connected data source; connector space; connector space object; metaverse

deprovisioning

Determines how a connector space object is processed after it has been disconnected from a metaverse object by the provisioning rule. Deprovisioning rules are defined within individual management agents.

See also: connector space object; management agent; metaverse object; provisioning

direct mapping

A type of attribute mapping that specifies a direct relationship between a single source attribute and a single destination attribute. The destination attribute is assigned the value of the source attribute, and it cannot be modified by a rules extension.

See also: attribute; attribute mapping; constant mapping; rules extension; source attribute

directory service

Both the directory information source and the service that makes the information available and usable. A directory service enables the user to find an object when given any one of its attributes.

Directory Services Markup Language (DSML)

An open, extensible, standards-based format for publishing directory service schemas and exchanging directory contents.

See also: directory service

disconnector object

An object in the connector space that is not linked to an object in the metaverse.

See also: connector object; connector space; connector space object; explicit disconnector object; filtered disconnector object; metaverse; metaverse object; object

distinguished name

A name that uniquely identifies an object by indicating its current location in the directory hierarchy. The name is formed by concatenating the relative distinguished names (or distinguished name part) of the object and each of its ancestors up to the root of the directory partition. An object distinguished name is unique across the entire directory, but it changes if the object is moved or renamed. For example:

CN=MyName,CN=Users,DC=Microsoft,DC=Com

This identifies the MyName user object in the microsoft.com domain.

See also: distinguished name component mapping; relative distinguished name

distinguished name component mapping

A type of attribute mapping that sets a single destination attribute value to one piece of the source object's distinguished name attribute, which can consist of many values.

See also: attribute; attribute mapping; distinguished name; object

domain

In Active Directory, a collection of computer, user, and group objects defined by the administrator. These objects share a common directory database, security policies, and security relationships with other domains.

domain controller

In an Active Directory forest, a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Administrators can manage user accounts, network access, shared resources, site topology, and other directory objects from any domain controller in the forest.

See also: forest

E

encryption key

A bit string that is used in conjunction with an encryption algorithm to encrypt and decrypt data.

explicit connector object

An object in the connector space that is linked to an object in the metaverse and cannot be disconnected by a connector filter. An explicit connector object can only be created manually with Joiner, and it can be disconnected by provisioning.

See also: connector filter; connector object; connector space; connector space object; Joiner; metaverse; object; provisioning

explicit disconnector object

An object in the connector space that is not linked to an object in the metaverse and can only be joined by using Joiner. To change an explicit disconnector object to a disconnector object, you must use Joiner.

See also: connector space; connector space object; disconnector object; Joiner; metaverse; metaverse object; object

export attribute flow

The process of exporting an attribute from the metaverse to the connector space. This process might involve applying rules extensions or modifying attributes. Exported attributes are staged in the connector space for the next delta export.

See also: attribute; attribute flow; connected data source; connector space; delta export; metaverse; rules extension

Extensible Markup Language (XML)

A meta-markup language that provides a format for describing structured data. This facilitates more precise declarations of content and more meaningful search results across multiple platforms. In addition, XML enables a new generation of Web-based data viewing and manipulation applications.

F

file-based management agent

Any management agent that uses a text file to import data from and export data to a connected data source.

See also: connected data source; management agent

filtered disconnector object

A connector space object that is prevented from being projected or linked to an object in the metaverse based on connector filter rules in the associated management agent.

See also: connector filter; connector space object; disconnector object; management agent; metaverse; metaverse object; object; projection

forest

One or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog). Domains in the same forest are linked with two-way, transitive trust relationships.

full import

An import of all data from a file, or a scoped view, of a connected data source to the connector space. Data from the connected data source is compared with data in the connector space. If there are no attribute changes, the object is not changed in the connector space.

See also: attribute; connected data source; connector space; object; scope

G

GAL

See definition for: global address list (GAL)

global address list (GAL)

A directory of all mail-enabled objects to which messages can be addressed.

global catalog

A directory database that applications and clients can query to locate any object in a forest. The global catalog is hosted on one or more domain controllers in the forest. It contains a partial replica of every domain directory partition in the forest. These partial replicas include replicas of every object in the forest, as follows: the attributes most frequently used in search operations and the attributes required to locate a full replica of the object.

See also: domain controller; forest

group

A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists.

H

There are no glossary terms that begin with this letter.

I

identity information

Electronically stored data about a person or resource, such as a device. For example, a person's name, employee ID, or a printer's physical location.

import attribute flow

The process of importing an attribute from the connector space to the metaverse. This process might involve applying rules extensions, applying filters, or modifying attributes.

See also: attribute; attribute flow; connected data source; connector space; metaverse; rules extension

index

In a relational database, a database object that provides fast access to data in the rows of a table, based on key values. Indexes can also enforce uniqueness on the rows in a table.

J

join

The process of linking a connector space object with an existing metaverse object. Attribute values flow only between linked objects.

See also: attribute flow; connector space object; join criteria; join rules; Joiner; metaverse object

join criteria

For a given connector space object, the specific characteristics that must be met by the metaverse object to which the connector space object is to be joined.

See also: connector space object; join; join rules; metaverse object

join rules

Rules that determine whether there is an existing metaverse object that meets the join criteria for a connector space object. If the join criteria is met, the connector space object is linked to that metaverse object.

See also: connector space object; join; join criteria; metaverse object

Joiner

A FIM tool that you use to perform any of the following tasks: change the disconnection type of an object, join a connector space object to an existing metaverse object, or project a connector space object into the metaverse thereby creating a new metaverse object.

See also: connector space; connector space object; join; metaverse; metaverse object; projection

K

There are no glossary terms that begin with this letter.

L

log file

A file that stores messages generated by an application, service, or operating system. These messages are used to track the operations performed. For example, Web servers maintain log files listing every request made to the server. Log files are usually plain text (ASCII) files and often have a .log extension.

M

MA

See definition for: management agent

management agent

A component that consists of properties, rules, and rules extensions that determine how an object is processed in the metadirectory. A single management agent can have one or more run profiles that determine the management agent's behavior, such as how or when the management agent runs.

See also: connected data source; metaverse; rules extension; run history; run profile; synchronization

Management Agent Designer

The user interface that you use to configure data synchronization between a connected data source and the metaverse.

See also: connected data source; management agent; metaverse

manual precedence

A configuration option for metaverse attributes where attribute flow precedence is ignored and updates to the destination attribute values are determined by a rules extension.

See also: attribute flow; attribute flow precedence; connected data source; metaverse; rules extension

mapping

A rule that establishes a data flow relationship from a source (which can be a connector space attribute, metaverse attribute, constant value, distinguished name component, or nothing) to a target connector space or metaverse attribute.

See also: attribute; attribute flow; attribute flow rules; connector space; metaverse; rules extension

metadirectory

A data store and a collection of services that synchronizes and provisions identity information across multiple connected data sources.

See also: connected data source; data store; identity information; provisioning; synchronization

metaverse

The data store used by FIM to contain the aggregated identity information from multiple connected data sources, providing a single global, integrated view of all combined objects.

See also: connected data source; connector space; data store; identity information; metadirectory; metaverse object; object

Metaverse Designer

A FIM tool that you use to create and manage object and attribute schema, object deletion rules, and attribute flow precedence in the metaverse.

See also: attribute; attribute flow precedence; metaverse; object; object deletion rule; schema

metaverse object

An object that has been projected into the metaverse from a connector space object and is linked to at least one object in the connector space. A metaverse object represents the aggregated view of objects from one or several connected data sources.

See also: connected data source; connector space; connector space object; metaverse; object; projection

metaverse object type

A formal definition, contained in the schema, for a specific kind of object that can be stored in the connector space or the metaverse. An object type is a distinct, named set of attributes that represents something concrete, such as a user, a printer, or an application. The attributes contain data that describe the object's characteristics. For example, attributes of a user might include the user's first name, last name, and e-mail address.

See also: attribute; connector space; metaverse; object; schema

Microsoft Forefront Identity Manager encryption key

A code that is used by the industry-standard, cryptography-based protection service that protects FIM configuration data.

See also: encryption key

N

naming context

A specific subtree of a directory information tree that is identified by its distinguished name (also known as DN). For example, a naming context that stores all entries for Litware, Inc. marketing employees at the Boston office might be called ou=mktg, ou=Boston, o=Litware, c=US.

See also: distinguished name

O

object

An entity of a certain type in the connector space or metaverse that is uniquely identified by a distinguished name, anchor, and internal identifier.

See also: anchor; connector object; connector space; connector space object; disconnector object; distinguished name; metaverse; metaverse object

object class

A distinct, named set of attributes that represents a specific type of entity stored in the directory, such as users, printers, or applications. The attributes include data describing the thing that is identified by the directory object. Attributes of a user might include the user's first name, last name, and e-mail address.

See also: attribute; object

object deletion rule

A rule that is applied by a management agent when a connector space object is deleted or disconnected. This rule determines whether or not the corresponding metaverse object should also be deleted.

See also: connector space object; management agent; metaverse object

out-of-process

A process or dynamic-link library (DLL) that is run in a memory space that is separate from that of the parent process.

P

partition

A logical volume of data in the connector space. A management agent can create one or more partitions to logically divide data into separate logical groupings. Each volume of data is processed individually during synchronization.

See also: connector space; management agent; synchronization

placeholder object

An object in the connector space that represents a single level of the hierarchy of the connected data source. Or, an object in the connector space that represents an object in the connected data source to which an imported attribute value refers (for example, the object to which the manager attribute refers in a user object). Placeholder objects do not contain attribute values and cannot be linked to the metaverse.

See also: connected data source; connector space object; metaverse; object

Preview

A tool that administrators use to perform a test run of changes to a single object. With Preview, administrators can see the effect of a configuration change before actually applying the change.

See also: management agent; object

projection

The process of creating an object in the metaverse based on projection rules, and then automatically linking that object to an existing object in the connector space.

See also: connector space; connector space object; metaverse; object; projection rules

projection rules

Rules that govern the conditions under which a new metaverse object is created from a connector space object. Projection rules are applied to connector space objects that are not already joined to metaverse objects, or when a join fails or is not configured.

See also: connector space object; join; metaverse object

provisioning

The process of creating, renaming, and deprovisioning objects in the connector space based on changes to an object in the metaverse.

See also: connector space; connector space object; deprovisioning; metaverse; metaverse object; object

provisioning rules

Rules that, if enabled, are called whenever a metaverse object is modified. These rules can perform object-level actions, such as creating a new connector space object or disconnecting existing connector space objects that are linked to the metaverse object.

See also: connector space object; metaverse object

Q

There are no glossary terms that begin with this letter.

R

relative distinguished name

The part of the object name that identifies the object as unique from its siblings at its level in the naming hierarchy. For example, in the distinguished name CN=My Name,CN=Users,DC=Microsoft,DC=Com the relative distinguished name of the user object is My Name. The relative distinguished name of the user object's parent object is Users.

See also: distinguished name

rules extension

A dynamic-link library (.dll) that contains a defined set of rules for managing data. You can use rules extensions with management agents and the metaverse to extend functionality. For example, you can use a rules extension to combine data from two source attributes (for example, sn and givenName) and flow them to one target attribute (for example, displayName).

See also: attribute; management agent; metaverse; synchronization

run history

A set of statistics that show the results of a single run of a management agent.

See also: management agent

run profile

A set of steps that specify how to run a management agent. A management agent can have multiple run profiles, which are stored with the management agent.

See also: management agent; run profile steps

run profile steps

Configuration settings that determine how a management agent runs. A run profile is composed of at least one run profile step. For example, if the delta import run profile step is specified, the management agent imports only data that has changed in the connected data source since the last synchronization between the connected data source and the connector space.

See also: connected data source; connector space; delta import; management agent; run profile

S

schema

The set of definitions for objects that can be stored in the connector space and metaverse. There is a schema for the metaverse and a schema for each management agent. For each object type, the schema defines which attributes an instance of the object type must have, which additional attributes it can have, and which other object types can be its parent object class.

See also: connector space; management agent; metaverse; metaverse object type; object; object class

scope

A range of values or conditions used to search for objects in the connector space or metaverse. A scope can include such conditions as date, pending import, disconnector objects, object type, and so on.

See also: connector space; disconnector object; metaverse; metaverse object type; object

security

On a network, protection of a computer system and its data from harm or loss, implemented especially so that only authorized users can gain access to shared files.

security group

A group that can be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. A security group can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group.

See also: group

source attribute

A connected data source attribute that is configured for import attribute flow to the metaverse, or a metaverse attribute that is configured for export attribute flow to a connected data source.

See also: attribute; connected data source; metaverse

staging

The process of running a management agent that imports data from a connected data source into the connector space, and then immediately stopping the run. Staging is configured as part of a management agent run profile. This process calculates all of the potential changes between the connected data source and the connector space. All objects that are to be changed are marked as pending. Staging does not synchronize any of the changes further within the metadirectory, however, you can synchronize staged changes at any time by using the Synchronization Only -- Delta Synchronization run profile step.

See also: connected data source; connector space; management agent; metadirectory; run profile; synchronization

string

A group of characters or character bytes handled as a single entity. Computer programs use strings to store and transmit data and commands. Most programming languages consider strings (such as 2674:gstmn) as distinct from numeric values (such as 470924).

synchronization

The process of keeping selected data in multiple data sources in agreement.

See also: connected data source; connector space; metadirectory; metaverse

T

template input file

A representative sample of a custom data input file that is used to create a file-based management agent. When you use a template input file, the file is parsed to determine the format type, object classes, and attributes.

See also: attribute; custom data input file; file-based management agent; management agent; object class

trust relationship

A logical relationship established between domains to allow pass-through authentication, in which a trusting domain honors the logon authentications of a trusted domain. User accounts and global groups defined in a trusted domain can be given rights and permissions in a trusting domain, even though the user accounts or groups don't exist in the trusting domain's directory.

See also: group

U

There are no glossary terms that begin with this letter.

V

There are no glossary terms that begin with this letter.

W

Windows Management Instrumentation (WMI)

A management infrastructure in Windows that supports monitoring and controlling system resources through a common set of interfaces and provides a logically organized, consistent model of Windows operation, configuration, and status.

X

XML

See definition for: Extensible Markup Language (XML)

Y

There are no glossary terms that begin with this letter.

Z

ZScript

The proprietary scripting language that was used in Microsoft Metadirectory Services version 2.2. ZScript has been replaced by the languages that are integrated with Visual Studio .NET 2008. You can use Visual C# .NET, Visual Basic .NET, or other languages (for example, Perl) that can be integrated with Visual Studio .NET 2008.

ZStore

The proprietary data store that was used in Microsoft Metadirectory Services version 2.2. ZStore has been replaced by Microsoft SQL Server 2008.

508 Resource Limit Is Reached

Resource Limit Is Reached

The website is temporarily unable to service your request as it exceeded resource limit. Please try again later.