Overview of Microsoft Metadirectory Services (MMS)

Summary

This article describes the basic concepts of and terminology used with Microsoft Metadirectory Services (MMS). The metadirectory server is an enterprise metadirectory you can use to integrate all directories in an organization into one central repository. It can also be used for migration purposes and consolidation of directories. The following topics are included in this article:

  • Description of a Metadirectory
  • Microsoft Metadirectory Overview
  • MMS Client Access
  • MMS Security
  • MMS Distributed Directory

More Information

Description of a Metadirectory

A metadirectory is a dedicated enterprise directory solution that joins (or merges) information between the various existing directory systems and programs used within an enterprise, and then provides access to the consolidated information for Lightweight Directory Access Protocol (LDAP) clients, Web browsers, and possibly other computers.

Microsoft Metadirectory Overview

In the MMS model, the enterprise metadirectory structure is comprised of one or more servers, management agents, and connected directories:

Management Agents

Management agents are responsible for importing connected directory information into the connector namespace, and where desired, merging it with entries in the metaverse. It keeps the directory information synchronized by allowing attributes to flow bi-directionally. There is one management agent for each connected directory.

Connected Directory

A connected directory is essentially any directory that you want to integrate into the metadirectory. The only requirement is that the directory contents must be organized into some minimal hierarchical structure, and that there a method for extracting the directory information in it exists. The information extracted from the connected directory is imported into the metadirectory. Optionally you may want to export information from the metadirectory into the connected directory.

Metadirectory Namespace

While the metadirectory contents can be presented as a single tree structure, it can also be thought of as consisting of two logical namespaces.

Connector Space

The area into which connected directory entries are first imported. This area links each connected namespace with the metadirectory.

Metaverse

That portion of the directory that presents the global view of the union of entries from multiple connected directories.

MMS Client Access

The MMS client access consists of four primary client access methods:

Compass Client

A stand-alone client with the most complete features and most efficient interface of the MMS clients. Can be used to manage the directory.

Active Compass Client

An ActiveX implementation of the Compass client that runs within any browser that supports ActiveX technology. Can be used to manage the directory. This client must be installed to run.

LDAP-Compliant User Agent

E-mail, programs.

Web Access

Windows Explorer, Netscape Navigator.

MMS Security

MMS security is comprised of three key features:

Login and Authentication

There are two kind of logins, anonymous and authenticated logins. Authenticated logins (or named logins), require a password. The password may be a "simple" password or a "strong" password.

Access Controls

Access controls are used to evaluate the level of access to entries in the directory.

MMS Distributed Directory

MMS has two methods to scale the product to your organization. The Distributed Directory is required for the following uses or conditions:

  • Distant geographical locations.
  • Load balancing and/or redundancy.
  • Servers to manage connected directories.
  • Other servers to service end users.
  • Servers to support programs.
We have two ways to distribute the directory, referrals and replication:

Referrals

Used to set a pointer within the directory to point to another location on a different server. Note that this is transparent (not visible) to the user. This is useful when there are space requirements that need to be distributed to other servers but the users still can obtain access one central location.

NOTE: Referrals are accurate but the performance penalty may be quite high as you cannot guarantee the capabilities of the authoritative server.

Replication

Used to replication part of the tree structure on one server to another. This places a read-only copy of the tree on one server and the original location will reside on another location. This is useful for redundency of data as well as distributing the load from another heavily-used computer.

NOTE: Replication involves a "snapshot" view which is never guaranteed to be accurate.
Eigenschaften

Artikelnummer: 246312 – Letzte Überarbeitung: 19.06.2014 – Revision: 1

Feedback