Microsoft Identity Integration Server 2003 is a service that runs on Windows Server 2003, Enterprise Edition. With Microsoft Identity Integration Server 2003, you can store and coordinate identity information from multiple connected data sources within an organization. Microsoft Identity Integration Server 2003 enables you to combine that information into a single logical view that represents all of the identity information for a given user or resource.
With Microsoft Identity Integration Server 2003, you can manage identity information by centralizing identity information, synchronizing identity information, managing ownership of identity information, creating new objects, and synchronizing passwords across different connected data sources.
In most organizations, identity information exists in many different connected data sources, which can result in the duplication of information, incompatible data formats, and administrative overhead, and also requires administrators to have access to multiple connected data sources.
To solve the problems that result from identity data residing in multiple data sources, Microsoft Identity Integration Server 2003 can combine all of the data pertaining to a specific person or resource in the metadirectory, thereby creating a single object that contains some or all of the identity information from each connected data source.
The following illustration shows how Microsoft Identity Integration Server 2003 combines data from different data sources into a single object.
Typically, an organization stores identity information in different connected data sources. When a user makes a change to data in one data source, that change is not automatically made in the other data sources. To reflect the change throughout the organization, typically administrators have to manually update each separate data source. Unmanaged identity information can become unorganized, which results in identity information that is inconsistent throughout the organization.
To resolve problems that result from unsynchronized identity information, you can use Microsoft Identity Integration Server 2003 to do the following:
Different directories often contain conflicting identity information about the same person or resource. In addition, the department or Information Technology (IT) group that owns and manages the data in a specific connected data source typically believes that their data is authoritative when compared to similar data that resides in a different connected data source. In these cases, data owners are often reluctant to relinquish control of their identity information.To resolve problems that result from conflicting identity information, you can use Microsoft Identity Integration Server 2003 to do the following:
When a new user is added to an organization, an account is created in the primary human resources data source. To synchronize this new account data with other data sources in the enterprise, new accounts must also be added to the other data sources.
To resolve the problem of creating multiple new accounts, Microsoft Identity Integration Server 2003 uses provisioning to propagate the new user data to the other data sources, which can then create the new accounts.In the following illustration, the User object from DataSource1 is created in the metaverse and then provisioned to DataSource2 and DataSource3.
In an enterprise environment with multiple data sources, users might have multiple accounts. This can result in the user having to remember different passwords for each account, and the administrator having to individually set or change passwords on multiple data sources.
To resolve the problem of managing passwords, you can use Microsoft Identity Integration Server 2003 password management applications to do the following:
The overall metadirectory environment encompasses data sources, data and configuration storage areas, and processing rules. This section describes the primary components of the metadirectory environment and their relationships to each other.
The following illustration shows how the components work together to flow data from one data source to multiple data sources.
Microsoft Identity Integration Server 2003 uses SQL Server 2000 for its primary data store. SQL Server 2000 can be indexed for faster searches, and it has its own set of monitoring and maintenance tools. Microsoft Identity Integration Server 2003 uses the SQL Server 2000 database to store all of the critical data that you need to restore your metadirectory environment in the event of a system failure. For more information about SQL Server 2000, see The role of Microsoft SQL Server 2000.
The Microsoft Identity Integration Server 2003 metadirectory consists of the following two components:
For more information about the connector space and the metaverse, see The metaverse and the connector space.
A connected data source is a directory, database, or other data repository that contains data that you want to integrate in the metaverse. Connected data sources can be enterprise directories, mail directories, human resources databases, or data in flat files, such as LDIF or delimited text files.
A management agent connects a specific connected data source to the metadirectory. It is responsible for moving data from the connected data source to the connector space, and then determining what data in the connector space is synchronized with the metaverse. When data in the metadirectory is modified, the management agent can export the data out to the connected data sources to keep the connected data source synchronized with the metaverse. For more information about connected data sources and management agents, see Connected data sources and management agents.
Management agents use a set of rules to determine if and how objects in the connector space are synchronized with the metaverse. These rules determine how metaverse objects are created or linked to, how connector space objects are handled after a deletion, and how attributes of a connector space object are synchronized with a metaverse object. For more information about management agent rules, see Understanding management agent rules. The metaverse also uses a set of rules to determine how changes to metaverse objects are pushed out to the connector space, and how metaverse objects are handled after they are deleted. For more information about metaverse rules, see Understanding metaverse rules.
Identity Manager is the administrative interface for Microsoft Identity Integration Server 2003. In Identity Manager, you can create and run management agents, view server status and statistics, configure the metaverse, import and export configurations, and perform other administrative tasks. For more information, see Identity Manager.