A Microsoft PowerPoint for "Knowledge Transfer Training Presentation for Identity Lifecycle Manager" aka ILM 2007 FP1. This was put together on my own time and modified for publishing for educating our team on understanding ILM, the business rules, and Identity management.
Reference:
http://solventarchitect.com/2016/01/knowledge-transfer-presentation-for-identity-lifecycle-manager
2. INTRODUCTION
• The goal is to educate you on how the business currently provides the capability of Identity Provisioning
using the current Microsoft product called “Identity Lifecycle Manager 2007 FP1” Aka ILM
• You will also minor in Access Management areas that is directly effected by the Identity Provisioning side
• This information will provide you with fundamental concepts to maintain the provisioning process along
with the technology
• My level of expertise with MIISILM go back 8 years with Identity Management of 10 years
3. AGENDA
Day 1: Core concepts of ILM
• Review Objectives
• The History of How We Got Here
• The Road Map of IT Standards
• Review the Environments
• Discuss the Individual Data Sources
• Discuss he General Concepts of ILM
• The Job Engine and Dependencies
• “Disaster Recovery” Exercises
• ILM Configuration Review
• Exporting HTML documentation
• Summary/Questions & Answers
Day 2: Key “Use Cases” with
exercises
• Test Runs from Data files
• Review Business Logic
• Discussion on Use Cases
• Fun Test Exercise for “Self-Evaluation”
• Summary/Questions & Answers
4. DAY 1: OBJECTIVES
At the end of the day you should be able to:
• Understand the History of how we got here
• Understand the IT Standards currently in place and replacing the Legacy platform
• Know the Environments
• Have an high-level idea of why & how each Data Sources is used in the equation of a person’s identity
• Understand the core concepts of ILM at a high level
• Manage the ILM Job Engine process and understand the what & why the perimeter dependencies need from it running
successfully
• Maintain a the environment to be prepared in the event of an emergency that the primary ILM server crashes
5. DAY 1: HISTORY
• 2006 - First deployed Microsoft Identity Information Server “MIIS”
• MIIS provided capabilities of taking a PeopleSoft ID with provisioning/de-provisioning into Active Directory
• 2007 - Upgraded from MIIS to ILM (Identity Life Cycle Manager)
• 2008 - Enabled Auto-Provisioning for Corporate Employees into the NOS directory
• 2009 – Deployed Badge provisioning
• 2010 – Deployed Yammer integration with email as the identifier
• 2011 – Deployed Remedy user provisioning for employees and contractors
6. DAY 1: IT STANDARDS ROAD MAP
• Decided to keep Microsoft Identity Lifecycle
Manager 2007 FP1 in the phase of “Approved-
Maintain” until at least Q2
• Build-out of the Oracle Infrastructure for the
Software Product called “Oracle Identity
Manager 11.1.2” that is set to replace ILM
• Scheduled to build a new Oracle platform for
other Middleware components to be on the
latest release of R2 that doesn’t include OIM MIIS
2006
ILM
2008
OIM
2015
7. REVIEWING THE ENVIRONMENTS
• Cohesion with all environments shall remain in place until platform sunset
• Physical Servers running Windows 2003 with SQL 2005 installed locally on each server
• Development
• 1 environment exists and performs the same functions and capability as QA and Production
• QA
• 3 environments exist
• The QA Testing Environment
• The QA Staging Environment
• The QA Virtual Environment
• Production
• 1 environment exists with a warm-standby Physical Server integrated with PeopleSoft
8. INDIVIDUAL DATA SOURCES
Authoritative Sources
• PeopleSoft – The primary source of record for
Employee ID and employee job data. Roles are
also consumed and associated with each
Employee ID
• Microsoft SQL – The primary source for Custom
Application Role Access that authorizes users
• Active Directory – The primary source of record
for email and phone number come from Active
Directory for user and contact objects
• Oracle – The primary source of record for
Timesheet Role Access that authorizes users
Data Consumers
• PeopleSoft – ILM currently exports email and phone
number back to PeopleSoft
• Microsoft SQL – ILM currently provisions records to
a Remedy User Staging SQL
• Active Directory –
• ILM Provisions NOS accounts for all business units
• Provisions NOS with Default Groups, Home Drives,
and Exchange eMail
• Provisions Employee ID accounts to Active Directory
• Manages “otherMailbox” for Yammer provisioning
• Manages Contractor Accounts to NOS
9. GENERALCONCEPTSOFILM
What is the big deal with Connector Space & Metaverse?
Each Management Agent “MA” connects the metaverse through a
unique connector space “CS” that mirrors the data elements of the
Connected Directory . Data is then moved to or from the CS to the
metaverse based on the import and export rules
The metaverse (MV) is simply a database. ILM uses the MV to store the
configuration of all the connected directories (CDs) that import data
into or export data out from the MV. Be warned—do not dig into the
MV database
What are Management Agents?
Management Agents (MAs) are the tools you use to define Connected Directories “CDs”. You create a rule for
importing and exporting data into the metaverse “MV” from a CD using the MA import and export rules. This rule also
defines which MA contributes which attribute and how data is purged from the MV once it disappears from all CDs
What is the purpose of ILM?
ILM is simply a data synchronization engine driven by sets
of rules in a state-based system
Uses ILM for syncing Employee ID’s & Roles from PeopleSoft
and joining them to other data sources based on business
rules
CEI-NOS Search MA
NOS- Active Directory
Bring in all LDAP SamAccounts. The service
account must have read access to entire directory
for this attribute in order to not create duplicates
CEI NOS Search
Connector Space
ILM Server
NOS
Provisioning
Connector
Space
AD
Connector
Space
Metaverse
PeopleSoft
Connector
Space
HomeDrives
Connector
Space
DefaultGroups
Connector
Space
Deprovision
DefaultGroups
Connector
Space
NOS Search
Connector
Space
Start
Badging
Connector
Space
10. THE JOB ENGINE AND
DEPENDENCIES
• Within the ILM Servers, in a directory called “C:ILMMARuns”, exists command
files used to run ILM jobs in unattended mode and managed by Control-M
• The Windows Service “Microsoft Identity Integration Server”, must be run by a
service account that has specific rights to the server and Active Directory Objects
11. “DISASTER RECOVERY” EXERCISES
• Current back strategy
• ILM currently stores it’s data locally on SQL 2005 and a backup is performed nightly (I:Microsoft SQL
ServerMSSQL.1MSSQLBackupsMicrosoftIdentityIntegrationServer )
• The Enterprise back-up software currently captures those local backups and stores on off-site tape storage
• A manual Configuration export is performed prior and after each environment change to the stand-by server
• Keep this directory in sync with source control: C:ILMExtensions
• Procedures for exporting current ILM configuration
• The GUI has 3 areas for exporting configuration
• Export server configuration
• Export metaverse schema
• Export Management Agent configuration
12. ILM CONFIGURATION REVIEW
• Understanding the ILM Configuration is important since that controls the custom behavior of the environment and is
routinely updated to support business change
• File: C:ILMExtensionsILMConfig.xml
• Below is a sample XML snippet that displays how Employee Status codes from PeopleSoft control the behavior of how an
Identity is treated
A: Active T: Terminated D: Deceased R: Retired U: Terminated with Pay P: Leave with Pay L: Leave of Absence
<StatusRule="A" DisableAD="false" DisableAD="false" BreakAssociation="false" DeprovisionContactObject="false" />
13. EXPORTING HTML DOCUMENTATION
• Using the “Management Agent Configuration Viewer” tool to create HTML reports of the Management
Agents (Located: C:ILMResKit) which is an additional download aside from ILM
14. DAY 2: OBJECTIVES
At the end of the day you should be able to:
• Understand the Use Cases and resolve the ones that require manual intervention
• To execute test log syncs
• Review the Team’s Questions
15. REVIEW BUSINESS USE CASES
• Hire
• Rehire
• Leave of Absence
• Return from Leave
• Termination
• Retirement
• Severance
• Transfer out of Business Unit
• Transfer Into Business Unit
• Deceased Employee
• Data Changes
• Misc. Data Corrections
• Contractor Being Hired as Employee
16. BUSINESS USE CASE - HIRE
Actions
1. Normal Hire – Normal Process
Data entry performed 1 or more days
before employee’s first day
2. New Hire Special handling
Network ID Aka ”NID” being requested
immediately and before PS data entry
has occurred
3. Multiple accounts created
Timing issues and lack of awareness,
require the ILM admin to intervene after
a second NID/email is automatically
created
Business Process Steps
Auto provisioning is based on PeopleSoft Data Entry date
A. Mgr completes EE Data Request Form
B. Mgr initiates badge application process (form)
C. HR enters data from EE Data Request Form
D. Nightly PeopleSoft jobs are executed by Control-M
E. Control-M invokes ILM processing creates email, Home
Drive, Default Groups, Remedy Staging
F. Corporate Security processes badge application request
form to activate badge; Staging table data is available as
input to the manual Badge Application process
17. BUSINESS USE CASE
NEW HIRE SPECIAL HANDLING
Scenario Information
• These process steps occur to prevent the creation of a
second NID/email
• This scenario occurs when a manual request is performed
to create a NID/email BEFORE the PS New Hire Data Entry
triggers the creation of a second NID/email
• Proper handling of this scenario requires the Control M
scheduling jobs (which control ILM) be paused before the
automated ILM jobs are triggered by the PS data entry
• This process requires timing coordination between Help
Desk, HR, and the ILM administrator
Mgr contacts help
desk to request
immediate creation of
NID/ Email
Can mgr can wait for
the automated
creation of NID?
Has initiated EE Data
Request Form?
YES
NOMgr must go back
and submit
Request Form
NO
Allow Auto provision
to occur on PSEntry
Date
YES
Sys Admin works queue and
responds to ticket and
creates NID, email, Home
Drive, and Default Groups;
updates ticket
The help desk creates
ticket and assigns to Sys
Admin for manual creation
of NOS ID
Help desk
notifies Mgr that
rush creation of
NID and Email
are complete
Help desk re-assigns
ticket to HRAdministrator
to request notification of
when PS data entry is or
will be completed
HRAdministrator
performs PS data entry
and asks the help desk to
update the ticket with the
information regarding
when the PS data entry
was complete
The help desk updates
the ticket with the date
and time PS data entry
was complete and re-
routes the ticket to the
ILM administrator
ILM administrator
requests that the
Control-M scheduling
jobs that control ILM are
paused for the
processing cycle
following when the PS
New Hire data entry
occurred (usually
overnight)
The ILM administrator
manually runs the jobs
to prevent ILM from
provisioning an account.
This is a 45 minute
process
ILM Admin closes
ticket
18. BUSINESS USE CASE – HIRE OR
REHIRE W/ MULTIPLE ACCOUNTS
CREATED
Scenario Information
• BEFORE the PS New Hire Data Entry triggers the
creation of a second NID/email AND the ILM
administrator was not notified to intervene; as a
result, a second NID/Email was created.
• Help Desk re-assigns ticket to IDM Administrator to
reconcile manual set-up with automated procedure
• IDM Administrator works queue and IDM
Administrator works queue and responds to ticket to
reconcile manual set-up with automated procedure
Help desk gets a
ticket about wrong
NID or Email
Mgr contacts help
desk to request
immediate creation of
NID/ Email
IDM Administrator works queue
and responds to ticket to
reconcile manual set-up with
automated procedure
Go to the ILM Joiner and search
the disconnectors against the
NOSProvisioning MA
Does the NID
exists?
Since the new Empl IDwill have a
new NOS ID created, you will
need to add that IDto the search
filter on the bottom pane to
prepare for the join
YES
This meansthe
NOSID either
doesn’t exist in
coxinc or is a
connector against
another Identity
NO
Search ILM for the
networkIDyou need to
join and disconnect it.
Note what it was
connected to and put
info in ticket
Once you have your returned record go to it’sproperties
then go to the “Connectors” , you will need to
disconnect anyNOS MA objects
While highlighting the disconnected NOS IDin the top
pane and the new Employee IDin the bottom pane, you
will see the “Join” button become available. Click Join
Go to the Employee ID
propertiesthen go to the
“Connectors” , you will need to
disconnect the incorrect NOS
Provisioning MAobject
The next options is to either
allow the jobsto auto run or
to perform a “Commit”
previewof the data to force
the sync into the MV
The ILM .NETlogic has both
joined your selected NOSID and
has also provisioned an
additional NOSProvisioning MA
ID
ILM Admin
closes ticket
19. BUSINESS USE CASE - REHIRE
Actions
1. Normal processing
Data entry performed 1 or more days
before employee’s first day
2. Re-hire Special handling
Data entry performed on or after
employee’s first day AND NID/email
required immediately
Business Process Steps
• Same business process steps as the new Hire but the
manager designates the transaction as a re-hire.
• ILM processing will either activate or create email,
Home Drive, and Default Groups
20. BUSINESS USE CASE – REHIRE SPECIAL HANDLING
• Generally used when PeopleSoft data entry is delayed until start date or later – in other words, the
employee is already here and needs a NID to get to work but there data is not yet in PeopleSoft
• The reconciliation process performed by the IDM Administrator will result in the deletion of the auto
generated NID and Email accounts and join the manually created account to the employee identity in
ILM
• To resolve this, simple follow the same Hire Special Handling steps
21. BUSINESS USE CASE – LEAVE OF ABSENCE
Scenarios
• Employee placed on any type of Leave within
PeopleSoft
• ILM and the portal is configured to distinguish
this type as EmployeeStatus=“L” and will treat
this type as a Valid/Active user
Business Process Steps
• Change initiated through manager on Employee
Data Change Form
• HR enters data from EE Data Request Form
• ILM takes no action with NOS components as
LEAVE does not result in de-activation of
accounts
• ILM checks for records in the Badging system
passes the status update to Badging
22. BUSINESS USE CASE – RETURN FROM ABSENCE
Actions
• Employee returned to Active Status from any
type of Leave
Business Process Steps
• Change initiated through manager on Employee
Data Change Form
• HR enters data from EE Data Request Form
• ILM checks for records in the Badging system
passes the status update to Badging
• ILM takes no action with NOS components as
LEAVE does not result in de-activation of
accounts therefore Return from Leave requires
no action
23. BUSINESS USE CASE - TERMINATION
Scenarios
• Normal Termination processing
Data entry on or before term date
• Terminations for cause requiring immediate action
• Terminations with special building access
arrangements
• Terminations with special network access
arrangements
• Active or Leave EE changed to Term long after
effective date
Business Process Steps - Normal
Termination
• Manger initiates termination through Employee Data Change Form
• HR enters termination from EE Data Request Form
• ILM passes status change to Badging Staging Table on Effective
Date (or on action date if Effective Date is passed)
• ILM NOS processing :
• AD Account disabled on Effective Date (or on action date if Effective
Date is in the past)
• AD Account disabled on Effective Date on Effective Date (or on action
date if Effective Date is passed)
• Access to email discontinued due to de-activation of AD account
• Access to network resources discontinued due to de-activation of
AD account
24. BUSINESS USE CASE –
TERMINATION REQUIRING IMMEDIATE ACTION
Scenarios
• Terminations for cause
requiring immediate action
Business Process Steps
• Manager contacts HR directly to initiate termination
• Manager contacts Help Desk requesting immediate removal of Network access
• Manager contacts Security Watch Center requesting immediate badge
revocation
• Sys Admin works queue, picks up ticket, and de-activates NID in AD via the
“immediate termination” procedure which results in de-activation of NID,
discontinued access to email, and, discontinued access to network resources
• ILM NOS processing :
• If not already done so by the help desk, the AD Account is disabled on Effective
Date (or on action date if Effective Date is passed)
• If the account is disabled before the Effective date then ILM will try to re-enable the
account. Will need to put the accounts in the Un-Managed OU within AD
• ILM processing passes status changes to Badging Staging Table
25. BUSINESS USE CASE –
TERMINATION WITH SPECIAL BUILDING ACCESS
ARRANGEMENTS
Scenarios
• Terminations for cause requiring immediate
action
Business Process Steps
• Manager follows normal termination process
• Manager notifies Security to authorize post-
employment access
• Security authorizes badge for post-employment access
• ILM processing is the same as for Normal Termination
26. BUSINESS USE CASE –
TERMINATION WITH SPECIAL NETWORK ACCESS
ARRANGEMENTS
Scenarios
• Normal termination processing;
However, sys admin will re-
activate NID in AD
Business Process Steps
• Manager follows normal termination process
• Manager notifies help desk to authorize special post-
employment network or email access
• ILM processing is the same as for Normal Termination resulting
in deactivation of NID, and loss of access to email and network
resources; help desk then must restore this access:
• Help desk creates an axiom ticket and assigns to Sys Admin
• Sys Admin works queue, picks up ticket, and changes performs the
“re-activate network ID after termination” procedure which re-
activates the NID providing access to network resources and
Exchange mailbox
• ILM will try to disable the account after help desk enables it. Will need to
put the accounts in the UnManaged OU within and AD to prevent account
from being disabled
27. BUSINESS USE CASE –
TERMINATION LONG AFTER EFFECTIVE DATE
Scenarios
• Active or Leave EE changed to Term long after
effective date
Business Process Steps
• PS Data Entry performed
• ILM recognizes status change based on Action
Date (vs. based on Effective Date)
• ILM processes exactly the same as Normal
Termination
28. BUSINESS USE CASE – RETIREMENT
Scenarios
• Normal processing for Retirees
Business Process Steps
• Same as normal termination EXCEPT Badging will
change badge access to M-F; 8-5 vs. de-activating
access for normal termination
• The existing record is updated and will remain on
the Badging table with an Employee status of "R";
however badge access will be allowed M-F; 8-5 vs.
de-activating access for normal termination
• Employees who are considered retired could will
have their “Config” value populated and will remain
on the normal database view from PeopleSoft.
These could have a status of “T” but will be treated
as Active users
29. BUSINESS USE CASE – SEVERANCE
Scenarios
• "Normal" severance; building and network
access disabled
w/ or w/out pay and/or
w/ or w/out benefits
• Special building or network access arrangements
Business Process Steps
• Same as normal termination process
• The existing record is updated and will remain
on the Badging table with an Employee status of
"U" (Terminated), until a new status is received
• For Special building or network access
arrangements, see: “Termination with special
arrangements”
30. BUSINESS USE CASE – TRANSFER OUT OF CORPT
BUSINESS UNIT
Scenarios
• Normal Transfer out processing
• Transfer out of Business Unit with special
building access requirements
• Transfer out of with special network or email
access arrangements
Business Process Steps - Normal
• Manger initiates Transfer Out through Employee Data Change
Form
• HR enters Transfer Out from EE Data Request Form
• ILM Badging processing passes record to Badging staging table
• ILM NOS processing :
• AD Account disabled on Effective Date (or on action date if
Effective Date is passed)
• Access to email discontinued due to de-activation of AD account
• Access to network resources discontinued due to de-
activation of AD account
31. BUSINESS USE CASE –
TRANSFER OUT OF CORPT SPECIAL BUILDING ACCESS
REQUIREMENT
Scenarios
• Transfer out of Business Unit with special
building access requirements
Business Process Steps
• Manager follows normal Business Unit Transfer
Out process
• Same ILM processing as Normal Termination;
Trigger on Effective Date (or Action Date if
effective date is in the past)
• Manager notifies Security to authorize post-
employment access
• Security authorizes badge for post-employment
access
32. BUSINESS USE CASE –
TRANSFER OUT OF CORPT SPECIAL NETWORK ACCESS
REQUIREMENT
Scenarios
• Transfer out with special network or email
access arrangements
Business Process Steps
• Manager follows normal Transfer Out process
• Manager notifies help desk to authorize special
post-employment network or email access
• Help desk creates an axiom ticket and assigns to
Sys Admin
• Sys Admin works queue, picks up ticket, and
modifies access via the “transfer out with
special access” procedure to allow access to
former Exchange mailbox
• Sys Admin will need to place the users in the
UnManaged OU within AD since ILM will try to
disable the user
33. BUSINESS USE CASE – TRANSFER INTO CORPT
Scenarios
• Normal processing; PS data entry drives
NID/email creation
• Special handling; NID/email required
immediately
Business Process Steps
• Mgr completes EE Data Request Form
• Mgr initiates badge application process (form)
• HR enters data from EE Data Request Form
• ILM processing creates or re-activates NID,
email, Home Drive, and Default Groups
• ILM Badging processing passes record to
Badging staging table
• For Special handling, use the same process as
“New Hire Special handling”
34. BUSINESS USE CASE – DECEASED EMPLOYEE
Scenarios
• Normal processing
Business Process Steps
• Same process as normal termination
• ILM will set the Employee Status to “D” and the
Portal will not sync the user
35. BUSINESS USE CASE – DATA CHANGES
Name Change, Department change, Division
change, Business/Job Title Change, Company
change, Department Change
• Change initiated through manager or Admin on
Employee Data Change Form
• HR enters data from EE Data Request Form
• ILM updates the existing record in the target
systems - See Note
• No Provisioning or Deprovisioning will be triggered
since these are only triggered by changes to
Employee Status or by a change in Business Unit
(Transfer to/from)
Note: Email addresses and NID’s are NOT updated based
on name changes. Employees must contact the help desk
to have their name changed (ILM only sets the first name
/ last name attributes on the NOS account once when the
NOS account is created. The help desk can change these
attributes at any time)
Employee requests email change due to
name change
• No change to current process
• Employee contacts help desk to request
email address change
• Help desk creates an axiom ticket and
assigns to Sys Admin
• Sys Admin works queue, picks up ticket,
and changes email address in Exchange
36. BUSINESS USE CASE – MISC. DATA CORRECTIONS
Scenarios
• ID Delete - Employee was hired and then either
didn't show up or a mistake was made in the
hire process; ID Delete process is invoked
• Incorrect EE Terminated - Incorrect termination
fixed the same day
• Incorrect EE Terminated - Terminated EE
changed to Active in subsequent days
Business Process Steps – ID Delete
• Deletion of Employee ID in PeopleSoft triggers ID
delete processing in ILM
• AD Global ID is disabled.
• AD Network ID is disabled
• Exchange Mailbox access is disabled
• Home Drive access is disabled
• Notice sent to Badging of ID Delete (user record
on Badging staging table is set to status of T)
37. BUSINESS USE CASE – MISC. DATA CORRECTIONS
INCORRECT EE TERMINATED
Scenarios Business Process Steps
Incorrect EE Terminated - Incorrect
termination fixed the same day
No action - employee would stay active in all systems; the
overnight batch processing would not initiate in time to
recognize this change
Incorrect EE Terminated - Terminated EE
changed to Active in subsequent days
• LBC or CBA changes EE status to active
• ILM will recognize a status change to A and trigger the
same steps as re-hire processing
38. BUSINESS USE CASE –
CONTRACTOR CONVERTS TO EMPLOYEE
Scenario
• Contractor already has a NID/email – we
want to prevent ILM from creating a second
one
• This scenario occurs when a manual request
is performed to create a NID/email BEFORE
the PS New Hire Data Entry triggers the
creation of a second NID/email.
• Proper handling of this scenario requires the
Control M scheduling jobs (which control
ILM) be paused before the automated ILM
jobs are triggered by the PS data entry.
• This process requires timing coordination
between CSC, HR, and the ILM administrator
Business Process Steps
These process steps occur to prevent the creation of a second NID/email.
Steps
• HR Admin becomes aware that a contractor is being hired; HR requests
the help desk to create a Contractor to Employee conversion ticket and
assign it to the ILM administrator – include the action date
• Sys Admin works queue and responds to ticket and either creates NID,
email, Home Drive, and Default Groups or will move the existing
contractor account to the users OU; updates ticket
• The help desk updates the ticket with the date and time PS data entry
was or will be complete and routes the ticket to the ILM administrator
• ILM administrator requests that the Control-M scheduling jobs that
control ILM are paused for the processing cycle following when the PS
New Hire data entry occurred or will occur (usually overnight).
• The ILM administrator manually runs the jobs to prevent ILM from
provisioning an account. This is a 45 minute process. ILM badging
processing passes record to badging staging table
39. BUSINESS USE CASE –
CONTRACTOR CONVERTS TO
EMPLOYEE
Contractor already has a NID/email – we want to
prevent ILM from creating a second one
HRSubmits a ticket
HRAdmin becomes aware that a contractor is
being hired; HRrequests the help desk to create a
Contractor to Employee conversion ticket and
assign it to the ILM administrator – include the
action date
Go to the ILM Server and run the Manual Job
for Employee Morning Run 1. The Search MA
Delta Import and Delta Sync run then the
PeopleSoft Full Import and Delta Sync need to
complete
The help desk updates the
ticket with the date and
time PS data entry was or
will be complete and routes
the ticket to the ILM
administrator
Sys Admin works queue and
responds to ticket and either
creates NID, email, Home
Drive, and Default Groups or
will move the existing
contractor account to the
users OU; updates ticket
ILM administrator requests that the
Control-M schedulingjobs that
control ILM are paused for the
processing cycle following when the
PS New Hire data entry occurred or
will occur (usually overnight).
Also requeststhat the NOS ID is moved to
the Enterprise UsersOUor ILM cannot join
it the employee ID
Go to the ILM console and search the
Metaverse for the current contractor account
then disconnect the NOSEmployee MA
connector
Go to AD and delete the Contractor
account
Go to the ILM Joiner and search the
disconnectors against the NOS Provisioning
MA
Does the NID
exists?
YES
NO
Search ILM for the networkID you need
to join and disconnect it. Note what it
wasconnected to and put info in ticket
you will need to add that ID to the search filter on the
bottom pane to prepare for the join. Once you have your
returned record go to it’s propertiesthen go to the
“Connectors” , you will need to disconnect any NOS MA
objects
While highlighting the
disconnected NOSID in the top
pane and the new Employee IDin
the bottom pane, you will see the
“Join” button become available.
Click Join
Go to the Employee ID
propertiesthen go to the
“Connectors” , you will need to
disconnect the incorrect NOS
Provisioning MAobject
The next options is to either
allow the jobsto auto run or
to perform a “Commit”
previewof the data to force
the sync into the MV
The ILM .NETlogic has both
joined your selected NOSID
and has also provisioned an
additional NOSProvisioning MA
ID
ILM Admin
closes ticket
40. DAY 2: TEST LOCAL DATA FILES
• ILM has a capability to import data from a perimeter data source and then store into a “log” file
in a directory called “C:ILMMaDataPeopleSoft Employee MA”
• Within ILM for the Run Profiles, you can setup a profile to import data from a “log” file instead of
the actual data source. This allows for testing changes without the need of the data source
42. FUN TEST EXERCISE FOR “SELF-EVALUATION”
If time Exists Only
One person leaves the room while we break something and the other must fix it to win the round
The use cases will be the top 3 most common that increase the volume of calls to the help desk
2 out of 3 is the winner
Notas do Editor
Lesson descriptions should be brief.
Example objectives
At the end of this lesson, you will be able to:
Save files to the team Web server.
Move files to different locations on the team Web server.
Share files on the team Web server.
QA currently shares QAF4.COM and only the QRAC environment performs auto provisioning
ILM 2007 combines Identity Management and Certificate Management that together provide key elements of the Identity and Access Management (IDA) model. The identity management part of ILM was previously known as MIIS (Microsoft Identity Integration Server) and, before that, MMS (Microsoft Meta-Directory Server).