For this procedure, in Management Agent Designer, on the
Configure Attribute Flow page, you can configure how
attributes are flowed between a connected data source and the
metaverse. Object attributes in the connected data source (that is,
source attributes) can be flowed to existing object attributes in
the metaverse (that is, destination attributes) and vice versa. You
can choose a direct mapping, which performs simple import or export
attribute flow, or an advanced attribute mapping, where you can
flow specific components or values of an attribute. Or, you can
specify a rules extension that manages attribute flow. To complete this procedure, you must be logged on as a member of the MIISAdmins security group.
This procedure applies to management agents for the following
Microsoft Identity Integration Server 2003 editions:
Enterprise Edition
Identity Integration Feature Pack for Active Directory
All
Active Directory, Active Directory Application Mode (ADAM),
Active Directory Global Address List (GAL)
To configure attribute flow rules
In Management Agent Designer, on the Configure
attribute flow page, in Build Attribute Flow, in Data
source object type, click a connected data source object
type.
In Data source attribute, select the connected data
source attribute that you want to map.
In Mapping Type, click one of the following:
If you want to configure a simple attribute flow where the
connected data source attribute is mapped to a metaverse attribute,
click Direct (default). Data source attribute and Metaverse
attribute must be of the same type.
If you want to configure an advanced attribute flow where a
selected component of a distinguished name, to specify a constant
value, or to specify a rules extension for attribute mapping click
Advanced.
In Metaverse object type, click the metaverse object
type.
In Metaverse attribute, click the metaverse attribute
that you want to map.
In Flow Direction, do one of the following:
To flow the data source attribute to the metaverse attribute,
click Import.
To flow the metaverse attribute to the data source attribute,
click Export.
If you want to allow null values from the metaverse source
attribute to flow to a destination connected data source attribute
during export attribute flow, select the Allow Nulls check
box. By selecting this, Microsoft Identity Integration Server 2003
deletes a connected data source attribute value when all of the
metaverse attributes that are configured for export attribute flow
to that attribute contain no values.
Click New.
If you clicked Advanced mapping type in step 3, in
Advanced Import/Export Attribute Flow Options, do one
of the following:
Task
Steps
To select a component of a distinguished name (for import
attribute flow only)
Click Distinguished name, and then in Component,
select the location number where the component exists in the
distinguished name (also known as DN) string.
To select a constant value
Click Constant, and then in Value, type a value
to be flowed to the destination attribute. The value entered must
be of the same type as the destination attribute.
To specify a rules extension to manage mapping for this
attribute
Click Rules extension, and then in Flow rule
name, type the complete flow rule name.
Important
If you make a change to an existing attribute flow mapping, you
must click Edit to save the change prior to clicking
OK.
During synchronization, Microsoft Identity Integration Server 2003
might not apply attribute flow rules that you define on the
Configure Attribute Flow page in Management Agent Designer
or configure in a rules extension in order.
When you configure advanced attribute flow that contains a
Constant value, or a rules extension is configured with no
source attribute, attribute flow is performed only during the first
synchronization of an object and during subsequent Full Import
and Full Synchronization and Full Synchronization
runs.
A Constant value flow to a reference destination
attribute must be configured in a rules extension.
When you configure export attribute flow for reference
attributes (that is, attributes based on the distinguished name,
such as manager and group membership) and Allow Nulls is not
selected, referential integrity is not guaranteed. An attribute
that references an object that is either deleted (or will be
deleted in a subsequent run) will continue to reference the deleted
object. To guarantee referential integrity, reference attributes
should only be used as a destination attribute if you configure
them in a direct mapping or rules extension flow rule mapping and
Allow Nulls is selected.
Notes
When configuring advanced attribute mapping type, you can
specify all or part of a connected data source attribute that you
want to map to a metaverse attribute with the following
options:
When specifying a distinguished name part mapping, you must
specify the component number of the distinguished name that you
want to map. This component is typically a delimiter-separated
value within the distinguished name. The number that determines the
location is read from left to right, each delimited component being
one number. For example, in the following distinguished name,
CN=EmpID,CN=Name,CN=Employees,DC=Microsoft,DC=Com where
EmpID is component number 1 (otherwise known as relative
distinguished name), Name is component number 2, and so on.
For an advanced attribute mapping that uses the distinguished name
option with a component number of 1, only the EmpID value of
the connected data source attribute is mapped to a metaverse
attribute.
When specifying a rules extension for attribute mapping, you
are provided with a default flow rule name. If necessary, you can
specify a different flow rule name. This flow rule must be present
in a rules extension. For more information about using rules
extensions for import and export attribute flow, open the Microsoft Identity Integration Server 2003 Developer Reference.
When configuring advanced attribute mapping type, to select
multiple attributes, click an attribute, press CTRL or SHIFT, and
then click any additional attributes.
Microsoft Identity Integration Server 2003 Developer Reference. 