GuidesMicrosoft Metadirectory Services - an overview

Microsoft Metadirectory Services – an overview




by John Loomes

Background

The introduction of Active Directory in Windows 2000
presents organisations with a unique challenge and opportunity: the
ability to consolidate and centralise directory information.

The introduction of Active Directory in Windows 2000
presents organisations with a unique challenge and opportunity: the
ability to consolidate and centralise directory information. The
fact that Active Directory is LDAP based and includes a standard set
of API’s (Application Programming Interfaces), only this makes this
prospect more attractive. Schema updates allow companies to put
whatever information they like in the Active Directory.

However, many companies already have some or all of
this directory information stored in various systems throughout the
enterprise, and not all of these systems will expose their data
through an interfect such as LDAP. Also some information may be
duplicated across several systems, creating synchronisation
problems.

Making use of all this information is difficult when
it is spread around like this, and as time goes by the problem can
only get worse……

The Solution

So, in an ideal world, all this directory
information would be held in one place. A single, extensible
Enterprise level directory that is all things to all people.
Obviously, this is not as easy as all that – getting applications
from various 3rd parties to all share data and keep things in sync
is to say the least difficult, and in many cases will be neither
possible, or even desireable.

Therefore the answer to this problem is
to create a central directory management entity- a META Directory,
that manages and controls all the data from all the other systems.
This, in a nutshell, is what Microsoft Metadirectory Services (MMS)
is all about……

Typically, such a solution needs to be
able to access, synchronise and update data in the following types
of system:

  • Standard LDAP Directories
  • Popular Non-LDAP directories
  • Enterprise Resource Planning (ERP)
    applications
  • Databases, such as SQL and Oracle
  • Applications only accessible via an applications
    programming interfact (API)

In order to effectively manage directory information across the
Enterprise, the Metadirectory Service must be able to adress the
following:

Change Event Processing – the Metadirectory must be able
to detect and track changes in any of the systems it is
managing.

Data Aggregation – the Metadirectory must be able to join
data from different sources, in order to create a central
directory.

Object Tracking – the Metadirectory must be able to track
directory objects as they move through the system. A user moving
departments for example, must be recognisable by the system as being
the SAME user, and not someone else with the same name…

Integrity Management – the Metadirectory must ensure that
data is kept in sync and doesnt become corrupt.

Ownership – the Metadirectory must be able to determine
which system OWNS a particular piece of data, in order to ensure
that updates to certain fields within the directory can ONLY be made
by that application that OWNS that particular element. For example
you would want an email application to own the email address of a
user, so that the email adress can only be updated by the email
application.

Failure Management – the Metadirectory must be able to
detect when a directory update has failed, and provide a mechanism
such that data can be returned to a ‘known state’.

Referential Integrity – the Metadirectory must be able to
ensure that the relationships between related peices of data are
maintined. For example, a persons job title and salary level may be
related, and as such, a change in job title could also update the
salary information.

 

Microsoft
Metadirectory Services (MMS)

In July 1999, Microsoft purchased ZOOMIT Corporation, a well
known supplier of Metadirectory solutions. ZOOMIT VIA 2.1 has
evolved, over the last year or so, into Microsoft Metadirectory
Services (MMS), the lastest version being MMS 2.2.

MMS consists of the following components:

Connector Namespace – an area where the connected
namespaces are first imported.

Metaverse – the Metaverse presents the integrated view of
joined objects from multiple connected directories.

Management Agents – Management agent contains all the
configuration parameters, scripts, rules, attribute ownership and
other items that define how directories will be joined in the
Metadirectory.

 

Operating Mode – The operating mode determines at which
point an object is managed. This can be either in the connected
directory (local management) or in the Metadirectory (central
management). The modes available are as follows:

Reflector – Changes made in the connected directory are
reflected in the namespace and metaverse.

Creator – Chnages in the Metaverse are made in the
connected directory as well

Association – Changed in the connected directory appear in
the namescpae but dont get merged with the metaverse…

Management Agents exist for well know directory types such as
LDAP, Windows NT, Novell NDS, Lotus Notes etc etc..

New MA’s can be written using the Management Agent Toolkit, in
order to provide connectivity to other systems.

Summary

MMS may be just the thing large organisations need in
order to make best use of Active Directory. MMS is intended to
enhance Active Directory by allowing organisations to integrate
existing directory services with Active Directory, in order to
provide a comprehensive Enterprise level source of information. A
typical use of this would be to integrate user accounts, email
addresses, with HR information.

Latest Posts

Related Stories