4. Table of Contents
About This Course .................................................................................... Error! Bookmark not defined.
Course Contents .................................................................................................. Error! Bookmark not defined.
Document Conventions ....................................................................................... Error! Bookmark not defined.
Technical Terms, Commands, and Program Code ........................................... Error! Bookmark not defined.
Notes ............................................................................................................... Error! Bookmark not defined.
Tables and Figures ........................................................................................... Error! Bookmark not defined.
Course Document and Slide Numbering ......................................................... Error! Bookmark not defined.
Using the Keyboard and Mouse in a Virtual Machine ......................................... Error! Bookmark not defined.
Module 1: Introducing <product or technology> .................................... Error! Bookmark not defined.
Lesson 1.1: Title ....................................................................................... Error! Bookmark not defined.
Topic H2 ............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lesson 1.2: Title ....................................................................................... Error! Bookmark not defined.
Topic H2 ............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lab 1: Title ................................................................................................ Error! Bookmark not defined.
Module Review ........................................................................................ Error! Bookmark not defined.
Module 2: Installing and Configuring <product or technology> .............. Error! Bookmark not defined.
Lesson 2.1: Title ....................................................................................... Error! Bookmark not defined.
Topic H2 ............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lesson 2.2: Title ....................................................................................... Error! Bookmark not defined.
Topic H2 ............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lab 2: Title ................................................................................................ Error! Bookmark not defined.
Module Review ........................................................................................ Error! Bookmark not defined.
Module 3: Managing and Maintaining <product or technology>............ Error! Bookmark not defined.
Lesson 3.1: Title ....................................................................................... Error! Bookmark not defined.
5. Topic H2............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lesson 3.2: Title ....................................................................................... Error! Bookmark not defined.
Topic H2............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lab 3: Title ............................................................................................... Error! Bookmark not defined.
Module Review ........................................................................................ Error! Bookmark not defined.
Module 4: Troubleshooting <product or technology> ............................ Error! Bookmark not defined.
Lesson 4.1: Title ....................................................................................... Error! Bookmark not defined.
Topic H2............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lesson 4.2: Title ....................................................................................... Error! Bookmark not defined.
Topic H2............................................................................................................... Error! Bookmark not defined.
Subtopic H3 ..................................................................................................... Error! Bookmark not defined.
Lesson Review ..................................................................................................... Error! Bookmark not defined.
Lab 4: Title ............................................................................................... Error! Bookmark not defined.
Module Review ........................................................................................ Error! Bookmark not defined.
Additional Resources ............................................................................... Error! Bookmark not defined.
Course Review ......................................................................................... Error! Bookmark not defined.
Course Assessment.................................................................................. Error! Bookmark not defined.
Appendix *: Title...................................................................................... Error! Bookmark not defined.
Overview Topic H3 .......................................................................................... Error! Bookmark not defined.
Appendix Topic H3 .......................................................................................... Error! Bookmark not defined.
Topic H2............................................................................................................... Error! Bookmark not defined.
6.
7. DRAFT V1.1 Live@EDU Escalation Engineer Training
Module 6: ILM and Live@Edu
This is the final module in the Live@Edu class. It covers ILM and our different
management agents.
Before You Begin
Before starting this module, you should:
Have a working understanding of Live@Edu under both Hotmail and Exchange
Done all the previous Live@Edu modules
What You Will Learn
After completing this module, you will be able to:
Understand ILM and its complexities
Configure and Install all three editions of the @EDU Management Agents.
Troubleshoot common configuration issues with all three versions.
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 1
9. DRAFT V1.1 Live@EDU Escalation Engineer Training
Identity Lifecycle Manager
What is ILM
ILM 2007 is a metadirectory product that has a variety of uses for data synchronization
and identity management. In the case of the Live@edu program, it will be used to
facilitate the management of accounts by synchronizing data from the data source for
student information and Windows Live. To further understand the role of ILM 2007 as it
relates to Live@edu it is important to understand the fundamentals of this type of
product.
The ILM 2007 application runs on Windows 2003 or 2008 Enterprise Edition. It relies
upon Microsoft SQL Server as the application data store to retain all of the settings for
ILM 2007 as well as the identity data that is synchronized through it.
Metadirectory
A metadirectory collects information from different data sources throughout an
institution and then combines all or part of that information into an integrated unified
view. This unified view presents all the information about an object such as a student or
network resource that is contained throughout the institution. An Identity Management
system may have a metadirectory at its heart and ILM 2007 is such a system. A
metadirectory performs the following functions:
Connects to a variety of data sources, importing a desired subset of data from each one
Combines all the information about each student or resource into a single entry
Presents to the institution the unified view of all known information about each student
or resource
Enforces rules as to which sources are authoritative for a given attribute and what
precedence applies where more than one source is authoritative
Microsoft currently distributes two separate versions of ILM 2007. The Live@edu version
allows an institution to connect to one data source for account imports and to Windows
Live for account creation. The full version of Microsoft Identity Lifecycle Manager 2007 is
needed to connect to more than two data sources. The following table lists the supported
management agents for the full version of Microsoft Identity Lifecycle Manager 2007.
This table illustrates the capabilities of the full version of ILM 2007 to communicate with
some of the types of data sources that ILM 2007 includes out of the box.
System Management Agent
Network Operating Systems Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000
and Directory Services Microsoft Active Directory Application Mode Windows Server 2003
R2 and 2003
Microsoft Windows NT 4.0
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 3
11. DRAFT V1.1 Live@EDU Escalation Engineer Training
Provide a platform that can become the basis of an Identity Management (IdM) system –
it contains the authoritative identity information for objects.
Data Synchronization
Because an institution‘s student information is often contained in different data
repositories, a change made to data in one repository is not automatically made in any of
the other repositories. Making the change throughout the organization requires the
administrator(s) to make the change in each directory manually. Therefore, updating data
in each directory is costly, unreliable and may even present a security risk. Unmanaged
identity information quickly becomes disorganized which results in identity information
that is not synchronized throughout the organization. To manage changes to identity
information you can use a metadirectory to:
Identify changes to identity information from many sources.
Propagate those changes automatically to other directories as appropriate (i.e. as
defined by rules which have been configured to support company procedures).
These changes can be modifications to attributes or to whole objects. This change
detection infrastructure keeps the directories synchronized.
Data Enforcement
Data ownership issues often prevent effective coordination of an institution‘s identity
information even though it may be technically possible. Certain departments maintain a
strong ownership of their data. Although ownership of data is not an issue when
directories remain separate, retaining ownership when data is synchronized among
multiple directories becomes more challenging. To address data ownership issues you
can use a metadirectory system to:
Enable administrators to define and enforce ownership relationships at the attribute
level.
Allow, block, or reverse changes made to identity information. If a change to data is
consistent with the ownership rules it is allowed; otherwise, it is blocked (allowing local
control) or reversed.
Ensure that the departments that own the identity information in a specific directory
will maintain that ownership even when that directory is synchronized with other
directories in the organization.
Data Source
A data source for the Live@edu solution is any place where you have student information
– a directory, database, or other data repository that contains data to be integrated within
ILM 2007. Data sources can be enterprise directories (Active Directory, Novell, ADAM,
etc), databases (Oracle, SQL, etc), or even data in flat files, such as LDIF, DSML or
delimited text.
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 5
13. DRAFT V1.1 Live@EDU Escalation Engineer Training
Provisioning
When we think of objects in data sources, they will often be accounts, such as an Active
Directory® service account. The term account is often used even for groups, resources,
and so on. Provisioning is the creation of accounts in data sources (such as LDAP
directories, databases, and e-mail systems). Once provisioned, the account attributes can
be managed as those of any existing object. The manual creation (and removal or
disabling) of accounts in several systems is administratively burdensome, prone to errors
and inconsistency, and leaves potential security gaps. For Live@edu, the act of
provisioning refers to the creation of a Windows Live ID account. You can use ILM 2007
to:
Automatically create accounts (objects) in directories, based on their addition in one
(authoritative) directory.
Continue to manage those accounts, including removal (de-provisioning) and
disablement.
Provisioning will occur within ILM 2007 to create the Windows Live IDs in the Windows
Live environment. The Windows Live Management Agent is entrusted to handle this task
on behalf of ILM 2007. This management agent will take the e-mail address of the student
to be provisioned from the data source, connect to the Windows Live server, create the
account and then return the confirmation to ILM 2007. Similarly, should the user who has
an account need to have the account evicted (deleted) from the school namespace, the
management agent will again connect to the Windows Live server to evict the account.
In a simple to management agent System like the ones that are most commonly used for
Live@Edu the flow looks like.
In this example, data is being taken from a connected MA, Say ADMA, brought into the
connector space where Projection or Join rules are applied. From there the provisioning
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 7
15. DRAFT V1.1 Live@EDU Escalation Engineer Training
Running a Synchronization
During development, a management agent is executed by means of the user interface. In
production systems, it is desirable to run management agents in sequence without user
intervention, both on a scheduled basis, and occasionally in response to specific events
(for example, the submission of a new student registration). Such automated execution of
management agents is achieved using the WMI functions of ILM 2007 in conjunction with
a scheduling agent (described in detail later).
Extensible Management Agents
Management agents allow ILM 2007 to connect to a wide variety of different data sources
to manipulate data from them. While most of the management agents allow for
connectivity to a specific connected data source the extensible management agent has
expanded the ILM 2007 connectivity options by allowing developers to build any
connection they want by simply creating code within the confines of a management agent.
Information is provided in the ILM 2007 developer reference help files and on MSDN.
State Based System
ILM 2007 is a state-based system. There are advantages to this (particularly robustness)
as well as potential disadvantages (extra processing and storage) but the actual result is a
very effective and flexible compromise. ILM 2007 stores a hologram for each external
object of which it is aware; this hologram represents the current view of the data stored
in each data source. During a subsequent import of the data from the data source, the
imported object data is compared with the hologram. If any differences are detected
between the two (for example, the values for the Student Type attribute do not match, or
a new or missing object is detected), a change is inferred and the change is passed to the
ILM 2007 Sync Engine to be propagated through the metadirectory. In a deployed system,
management agent runs are invoked by scheduled scripts, which are run either on a
scheduled basis or in response to external events (perhaps a web portal could invoke a
run to ensure that accounts created through the portal are created). ILM 2007 then asks
for data -- it is a pull system, which avoids the need for a push agent on each data source.
However, ILM 2007 can work with Delta Import (i.e. imports of only those objects that
have changed; as it happens, Exports are always delta in nature). Some data sources
support this already, others may be able to with some modification, yet others simply
cannot support this feature. Where deltas can be used, there are considerable savings in
processing time (traffic and state comparisons). Depending on how many students are
being processed by the system and the frequency of the processing, designing the data
source to provide ILM 2007 with delta updates may be extremely important. ILM 2007
can work entirely with Full Imports, minimizing the intrusion on data sources;
additionally, it is sometimes necessary to use a Full Import (for example on initial import
or when recovering from a data source failure).
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 9
17. DRAFT V1.1 Live@EDU Escalation Engineer Training
Lesson 2: Live@Edu Specific Management
Agents
This lesson will explain more of the specifics of ILM with regards to Live@Edu. As you
read above ILM depends on connected Management Agents to enable data access
between the various components.
What You Will Learn
After completing this lesson, you will be able to:
Understand our MAv2 Offering
Understand our MAv3 Offering
Understand OLSync
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 11
19. DRAFT V1.1 Live@EDU Escalation Engineer Training
Inner workings
MAv2 creates accounts differently than the sequence diagram that was presented earlier.
You can see the updated flow below:
Here we see that MAv2 communicates directly with each service. Note that it has built in
error handling to overcome communication glitches like a timeout to LiveID on create
credential where it actually succeeded but we didn't get the data in time. In that instance
we automatically use another call in LiveID, GetNetIDFromSigninName, to get the NetID
for the account.
After the Credential and Profile or Passport are created then we initiate a call to Hotmail
to login to the mailbox. This is to set any specific language/region code on the mailbox
that the administrator might have defined.
Finally, we call SCG to stamp the mailbox with the Live@Edu specific offers. This enabled
them to have features like No Ads, Pop3 access, and higher levels of sending capabilities.
If the Hotmail mailbox doesn't exist then this call will automatically create the mailbox
with the data it has. If the customer has specified timezone or language it will not be
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 13
21. DRAFT V1.1 Live@EDU Escalation Engineer Training
Lab 1: Configure your own MAv2 domain
1. Create and configure an ILM Service Account
a. Assign it to the Local Admin Security Group.
2. Create and Configure a SQL service account
3. Install SQL with a default instance and use the SQL Service Account
a. Select SQL Server Database Services
b. Select the Default instance
c. Configure it for Windows Authentication
4. Install ILM using the ILM Service Account
a. Install from: DesktopILm 2k7Disk 1MIISSetupMicrosoft Identity
Integration Server
b. Backup the Encryption Key for the DB on the Desktop.
5. Create a Delimited Text File MA
a. Open Identity Manager
b. Click Management Agents
c. Under Actions Click Create
d. Select Delimited Text File and use StudentMA as the name
e. For Input Text File use the template at DesktopFilesUsers.csv
f. Click “Use First Row for Header Names” and set Comma as the delimiter.
g. Set the EmailAddress as the Anchor Attribute
h. Under Join and Projection Rules click New Projection Rule to Person. (Just click
“New Projection Rule” and click OK
i. For Attribute Flow put the Email Address in the Mail Attribute and make it an
Import flow. Put the password in comment and name in display name.
j. Create a Full Import and Full Synchronization run profile on the MA.
i. At Identity Manager under Management Agents Click Configure Run
profiles on the new MA
ii. Click New Profile
1. For the name use FIFS
2. Under the type select Full Import and Full Sync.
3. For the Input file name copy the template file we used earlier to
Program FilesMicrosoft Identity Integration ServerMA
DataStudentMA then select that file.
6. Create the Windows LiveID Management Agent
a. Install the Management Agent from DesktopFilesMAv2. Run Setup from an
elevated command prompt.
b. Set the type to Windows LiveID and name it LiveIDMA
c. Leave Configure Connection Information Blank
d. Go to Configure Attribute Flow
i. Create an export flow for Mail -> Signin Name
ii. Comment -> TempPassword
e. Click through and complete.
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 15
23. DRAFT V1.1 Live@EDU Escalation Engineer Training
Management Agent V3
The Management Agent V3 is the final evolution of the Hotmail based management agents
for ILM. It allows a much more convent interface for account provisioning and
maintenance. This management agent is titled MAv3 for convince but really it is called the
Windows Live Custom Domains Management Agent or WLCD MA. This is because it was
written by an engineering team at Microsoft called SyndC. The original name for their
project was Windows Live Custom Domains before it was renamed to Windows Live
Admin Center.
How does it work?
The account provisioning stack for MAv3 looks like:
Here we see that MAv3 calls SyndC to do most of the work. This is the primary difference
between MAv2 and MAv3. Because MAv3 leverages the SyndC platform, Admin Center,
we were able to significantly speed up the onboarding time. Infact you went through that
same onboarding process when you enrolled your Hotmail domain. The process that used
to take weeks to be configured reduced to minutes.
The other advantage about using SyndC was this brought a significant improvement to
the account provisioning process. With it as the intermediary we no longer had to worry
about transient network issues that would disrupt account provisioning. SyndC was
always intended to be a consumer API whereas LiveID was primarily built for internals.
This new found resilency eliminated a significant number of support calls.
MAv3 also ended the sole dependence on certificates. With the SCG calls now done by
SyndC we were able to offer users the choice on how they wanted to authenticate. They
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 17
25. DRAFT V1.1 Live@EDU Escalation Engineer Training
Config Files
MAv3 like Mav2 relies heavily on config files. Here the first file is the
WLCDGlobalConfig.xml. This file is effectively a merger between the
PassportMA_GlobalConfig.xml and the PassportMADomainRules.xml files. Here users can
configure a certificate for authentication and various domain settings like mentioned
above.
The second config file is the WLCDProvisioningConfig.xml. This file is virtually identical to
the one for MAv2. Its sole job is to take in configuration data for the provisioning rules
inside of ILM. It has the same required attributes as MAv2.
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 19
27. DRAFT V1.1 Live@EDU Escalation Engineer Training
c. Restart the MIIServer.exe in the Services MMC snapin.
8. Create a new User
a. Add a user to the Text File
b. Full a FIFS – See a pending Export?
c. Run an Export
9. Run the FIFS run profile you created
10. You should see Pending Exports
11. Run Export on the Windows Live Custom Domains MA.
Estimated time to complete the exercise(s): 45 minutes
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 21
29. DRAFT V1.1 Live@EDU Escalation Engineer Training
User (AD DS or Active Directory only; no mail
Microsoft Exchange installed)
Mail-enabled contact mail, targetAddress
Distribution group, dynamic distribution mail, proxyAddresses,
group, or security group mailNickName
2. Recipient objects where the adminCount attribute is set to 1 The adminCount
attribute is used to identify users in protected administrator groups, such as the
Domain Admins and Administrators. If the adminCount attribute is set to 1 on any
recipient object, it is filtered out.
3. Mailbox-enabled user objects that are specified as mailbox plans, discovery
mailboxes, or arbitration mailboxes The msExchRecipientTypeDetails attribute
is used to identify mailboxes that are specified as mailbox plans, discovery mailboxes,
or arbitration mailboxes. These mailbox-enabled users are filtered out.
4. The mail attribute on an AD DS or Active Directory-only user that doesn't match
the provisioning domain In an on-premises environment where Microsoft Exchange
hasn't been installed, OLSync filters out all user objects where the mail attribute
doesn't contain an SMTP address that matches the provisioning domain.
5. The attribute used to generate the Windows Live ID doesn't match any of the
accepted domains The final pass filters out recipient objects that are configured for
auto-provisioning but don't have an accepted domain match in the attribute that is
used to generate the Windows Live ID.
The attribute used to generate the Windows Live ID must contain a domain name that
matches one of the accepted domains that you have configured in Outlook Live. As
described in step 4, by default, OLSync looks to the user principal name (UPN) for a
match unless you have set the MVWindowsLiveIdAttributeName parameter to use a
different attribute. In this case, OLSync matches the SMTP address that is stored in the
attribute that you have specified in the MVWindowsLiveIdAttributeName parameter. In
any case, if OLSync can't find a match to an accepted domain, the recipient object is
filtered out.
Once they get past the filtering rules then they make it into the provisioning rules. They
can best be described by the scenarios below.
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 23
31. DRAFT V1.1 Live@EDU Escalation Engineer Training
paramete n
r?
ProvisioningDom Yes. The Do not remove
ain ProvisioningDom domain entries
If you
ain parameter is from the
configured
required. It must ProvisioningDom
OLSync
include at least ain parameter
with a
one accepted after you have
OLSync
domain in run a
service
Outlook Live. synchronization
account,
cycle. To change
the The
a provisioning
Provisioni ProvisioningDom
domain, add a
ngDomain ain parameter is
new domain
parameter used as a trigger
name to this
is set to to auto-provision
parameter.
the mailboxes in
domain Outlook Live. After users are
that you Only an accepted provisioned,
specified domain can be a changing the
in the provisioning value of the
Windows domain. ProvisioningDom
Live ID for ain parameter
You can add
that doesn't remove
multiple domains
account. those user
to this parameter
accounts.
If you separated by
Accounts that
configured semicolons, for
have been
OLSync to example,
created in
use contoso.edu;
Outlook Live will
certificate- fabrikam.edu.
remain and are
based
represented in
authentica
ILM by a GUID in
tion
the metaverse.
instead of
Therefore, the
a service
user accounts
account th
will continue to
e
be updated
Provisioni
according to the
ngDomain
changes on the
parameter
source object in
will be
the on-premises
empty and
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 25
33. DRAFT V1.1 Live@EDU Escalation Engineer Training
Live. to null,
OLSync uses the
By default,
mail attribute to
OLSync names
name the
new Windows
Windows Live
Live accounts
IDs for the
according to the
Outlook Live
userPrincipalNa
mailboxes that
me (UPN)
are provisioned.
attribute on the
on-premises In an
recipient object. environment
Therefore, when where Microsoft
OLSync Exchange is
provisions new installed on-
accounts in premises, and if
Outlook Live, the the
new Windows MVWindowsLiveI
Live ID matches dAttributeName
the on-premises parameter is set
UPN for the to null,
corresponding OLSync uses the
account. primary SMTP
Address in the
The
proxyAddresses
MVWindowsLiveI
attribute on-
dAttributeName
premises to name
parameter takes
the Windows
any attribute
Live IDs for the
name. For
Outlook Live
example, you can
mailboxes that
enter
are provisioned.
customAttribute
1 if you are
flowing a custom
attribute from
the on-premises
extensionAttrib
ute1 attribute.
You must only
enter attributes
that hold a single
SMTP address
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 27
35. DRAFT V1.1 Live@EDU Escalation Engineer Training
iveId Default is DisableWindowsL default behavior
False. iveId parameter is False, the
to True to disable recommended
Windows Live setting for the
accounts when DisableWindowsL
the on-premises iveId parameter
source account is is True. When it
removed. When is set to True,
the Windows after a mailbox is
Live account is deleted, the
disabled, it is owner of the
removed and the Windows Live ID
owner of the associated with
Windows Live ID that mailbox can
loses all use the Windows
Windows Live Live ID for other
services. services by
renaming the
If you leave the
Windows Live ID
DisableWindowsL
the next time
iveId parameter
they sign in. If
set to False,
this parameter is
Windows Live
set to False, after
accounts whose
the mailbox is
corresponding
deleted, the
on-premises
Windows Live ID
source account is
can't be used
removed are still
again except for
able to access
association with
Windows Live
a new mailbox.
services.
However, the
corresponding
Outlook Live
mailbox or mail-
enabled user
object is deleted.
Important Be
careful when you
move on-
premises objects
between
organizational
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 29
37. DRAFT V1.1 Live@EDU Escalation Engineer Training
account is We recommend
written to the file you specify a
that is specified secured directory
in this parameter. for the password
file.
SyncProxyAddress No By default, Set the
Protocol OLSync SyncProxyAddress
synchronizes SM Protocol
TP and X500 parameter only if
addresses in the an additional
ProxyAddresses protocol is
attribute from required by your
the on-premises Outlook Live
recipient object feature set.
to the
corresponding
Outlook Live
object. Set the
SyncProxyAddress
Protocol
parameter to
synchronize
other protocol
address types.
For example, you
can synchronize
additional
protocol address
types such as SIP
by setting the
SyncProxyAddress
Protocol
parameter to SIP.
You can add
multiple protocol
address types to
this parameter
separated by
semicolons, for
example, EUM;
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 31
39. DRAFT V1.1 Live@EDU Escalation Engineer Training
namespace. accounts.
For example, a Setting the
student at EvictLiveIdOnCre
Contoso ate parameter is
University may recommended
have created a for organizations
Windows Live ID, that are running
KwekuA@contos in a Connected
o.edu, before Federation
Contoso environment.
University
If your
enrolled in
organization isn't
Outlook Live.
running in a
After Contoso
Connected
University
Federation
establishes a
environment, you
contoso.edu
should consider
Outlook Live
importing
domain, the
existing
Windows Live ID,
Windows Live
KwekuA@contos
accounts for
o.edu, is an
users in your
unmanaged EASI
organization that
ID in the Outlook
already have a
Live contoso.edu
Windows Live ID
domain.
in your domain.
By default, when For more
OLSync tries to information, see
create a mail- Import or Evict
enabled user or a Existing
mailbox-enabled Windows Live
user in Outlook IDs.
Live where a
matching EASI ID
already exists, an
error is logged
and a recipient
object in Outlook
Live isn't created.
You can change
this behavior by
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 33
41. DRAFT V1.1 Live@EDU Escalation Engineer Training
required to manually create run profiles like they had to for the other management
agents.
Global Technical Readiness
Microsoft Confidential - For Internal Use Only 35