Contents
Overview 1
Introduction to Active Directory Interforest
Synchronization 2
Using the Active Directory MA and TAMA in
Interforest Synchronization 4
Implementing an Active Directory
Interforest Synchronization Scenario 8
Lab A: Implementing Active Directory
Interforest Synchronization 13
Best Practices 14
Review 15

Module 9: Performing
Active Directory
Interforest
Synchronization

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only

means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product
names or titles. The publications specialist replaces this example list with the list of trademarks
provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks
in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation
in the U.S.A. and/or other countries.

<The publications specialist inserts mention of specific, contractually obligated to, third-party
trademarks, provided by the copy editor>

Other product and company names mentioned herein may be the trademarks of their respective
owners.


Module 9: Performing Active Directory Interforest Synchronization i

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Instructor Notes
Instructor_notes.doc

Presentation:

xx Minutes

Lab:
xx Minutes

Module 9: Performing Active Directory Interforest Synchronization 1

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Overview
!
Introduction to Active Directory Interforest
Synchronization
!
Using the Active Directory MA and TAMA in Interforest
Synchronization
!
Implementing an Active Directory Interforest
Synchronization Scenario
!
Best Practices


The Microsoft
®
Active Directory
™
management agent integrates
Active Directory into a distributed network environment and manages
Active Directory in multiple forests. The Together Administration management

agent (TAMA) is a tool that automates and extends the ability of an MMS
administrator to automate the addition of new entries in the metaverse
namespace to all the other specified connector namespaces in the metadirectory.
Microsoft Metadirectory Services (MMS) version 2.2 allows administrators to
use the Active Directory management agent and TAMA together to integrate
and synchronize entries in multiple Active Directory forests.
At the end of this module, you will be able to:
!
Describe the purpose of Active Directory interforest synchronization.
!
Describe the role that the Active Directory management agent and TAMA
play in Active Directory interforest synchronization.
!
Use the Active Directory management agent and TAMA to implement an
Active Directory interforest synchronization scenario.
!
Identify best practices for implementing the Active Directory management
agent and TAMA to support interforest synchronization.

Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
about managing enterprise
data by using an Active
Directory management
agent and TAMA to
synchronize data between

multiple Active Directory
forests.
2 Module 9: Performing Active Directory Interforest Synchronization

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Introduction to Active Directory Interforest
Synchronization
DomainDomain
Domain
DomainDomain
Domain
Forest A
DomainDomain
Domain
DomainDomain
Domain
Forest B
Interforest
Synchronization
MMS
MMS
!
Integrate Active Directory with Older Applications
!
Reduce Time Spent on Setting Up User Accounts
!
Reduce Effort of Deploying Active Directory
!
Provide Microsoft Exchange 2000 Integration

!
Support Microsoft Exchange GAL Synchronization
!
Synchronize Site and Subnet Information


An Active Directory forest is a group of one or more trees that contain one or
more domains. All domains in a forest share a common schema, configuration
partition, and global catalog. A forest acts as a boundary, such that two or more
forests do not share any information. Not being able to share information
between forests can present some difficulties in the following situations:
!
Acquisitions. If one organization acquires another organization, and both
organizations have their own forests, there is no simple way to retain both
forests and have them interoperate.
!
Active Directory Enabled Applications. Applications, such as Microsoft
Exchange 2000, that are Active Directory-enabled, are restricted by the
forest boundary. For example, an Active Directory forest can only contain a
single Exchange 2000 organization.
!
Business Requirements. There may be business requirements, or rules, that
require an organization to maintain separate forests while still requiring
some level of interaction between the forests.

Topic Objective
To identify the purpose of
Active Directory interforest
synchronization.
Lead-in

Module 9: Performing Active Directory Interforest Synchronization 3

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

By implementing MMS in a multiple forest environment, you can achieve a
level of interoperation between discrete forests that previously was unavailable.
This interoperability can include the following:
!
Integrating Active Directory with older applications that are critical to the
business.
!
Reducing the amount of time spent in setting up user accounts.
!
Reducing the effort of deploying Active Directory.
!
Providing Microsoft Exchange 2000 integration.
!
Supporting Microsoft Exchange Server global address list (GAL)
synchronization.
!
Synchronizing site and subnet information.

4 Module 9: Performing Active Directory Interforest Synchronization

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

#
##
#


Using the Active Directory MA and TAMA in
Interforest Synchronization
!
Active Directory MA Controls Which Type of Object Is
Created in Active Directory
!
TAMA Controls Which Objects and Where Those
Objects Are Created in Active Directory
Metadirectory
TAMA
TAMA
TAMA
User
Computer
Contact
User
Computer
Contact
Active
Active
Directory
Directory
Domain
Domain
Active Directory MAs
User
User
Computer
Computer
Contact

Contact
Active Directory MAs


The two key components of MMS in an Active Directory interforest
synchronization scenario are the Active Directory management agent and
TAMA.
The Active Directory management agent controls the type of object that is
created, users or contacts, while TAMA controls which objects are created and
where those objects are created.

Topic Objective
To introduce the roles of the
Active Directory
management agent and
TAMA in Active Directory
interforest synchronization.
Lead-in