ICC Home / Members / Meetings / Peer Support / Documentation / Projects
Managing NMBReturn to IT/SA Services Documentation: Active Directory |
UFAD and Network Managed By (NMB) – How it works(from UFAD documentation)"NMB is set by a department directory coordinator from the ‘Admin Menu’, launched within the portal. It is what places a user in a particular OU within UFAD. Regardless of what a person’s ‘Employee’ relationship is set to, NMB should be set to place them in an OU which is managed by their regular IT support group. For most this will match their ‘Employee’ relationship, but not all. When NMB is set, it is stored in a DB2 table in the campus registry. UFAD manages a MS-SQL server that runs a DTS job every 15 minutes. This job reads in any NMB values that have changed and processes them, incorporating Microsoft Identity Integration Server (MIIS) in the process. NMB values are then compared against a SQL table that is maintained by UFAD. This table ‘maps’ each possible NMB value to a particular OU within the UFAD structure, then MIIS accomplishes the actual movement within UFAD. When we request submission of any desired OU changes, what we are doing behind the scenes is altering our mapping table. If any NMB’s need to map to a different OU we simply change their mapping and re-harvest the user accounts to move them to the new OU. If an OU needs to be renamed, we programmatically create the new OU using the new name, change the NMB mapping to point to the new OU so that any future NMB changes go to the new location, re-harvest existing users and *manually* delete the old OU. This part of the process is done manually to ensure that all users have been moved to the new OU before the old OU is deleted from the UFAD tree. Nothing is ever deleted from UFAD without manual verification, although with CommVault now in place recovery from a mistake would be fairly simple." See also:Problem:Gatorlink user is not in UFAD or is in wrong OU. The symptom of this may be that they cannot login to UFAD, but they can in other Gatorlink services. You can confirm by doing a right clicking on ad.ufl.edu in ADUC (see Setting up an Admin workstation if you are lost already) and selecting find. Type in the Gatorlink name in the find box and click find. If the user does not display, this is likely the problem. If the user does display, the problem is likely a password synchronization issue. They should change their Gatorlink password to correct that. Cause:The Network Managed By Relationship is not there or correct. Solution:Please note that Directory Coordinators can perform the following function. DSAs can request this ability for OU Admins...
Problem:You have users in your OU who no longer work for your department. Cause:The Network Managed By Relationship is still set to your department for those users. Solution:First follow proper exit procedures. Then your Directory Coordinator may...
|
last edited 22 August 2007 by Steve Lasley