In this planning step, you review your tree and add or update the containers you want to use to hold student and users, add containers for incomplete or disabled user objects, and make sure you have the eDirectory template objects you need.
We recommend that your eDirectory tree have a hierarchal structure for holding User objects.
This part of the tree should begin at least one level down from the root container, so that the root container can contain the Admin user and other objects you don't want the driver to manage. We recommend that students and staff be kept in separate eDirectory containers.
As part of your planning, you need to decide how you want to group your student users.
The container names don't need to be identical to the school code or grade code used in the student information system.
In this section:
The tree structure can be created according to your needs; the only thing that's required by the driver is that you specify which containers students and staff are placed in. In the examples in this manual, separate school containers are shown, and sometimes grade or graduation year containers as well, but this is not required.
One example tree structure would be to create a single district container below the root container. Below the district container you could create containers representing each school. Below each school container could be containers representing the grade levels or graduation years in the school.
} 2 illustrates this example hierarchy, with the District container, the Highland High school container, and the 12th grade container.
} 2} 3 illustrates using the same kind of structure with graduation year containers instead of grade level containers.
} 3Another way you could organize the tree is to eliminate the optional grade or graduation year level, and use only school containers, as shown in } 4.
} 4In this planning step, you review your tree and identify or create the container you want to use to hold staff users.
This container should be at least one level down from the root container, so that the root container can contain the Admin user and other objects you don't want the driver to change.
Each Zone that you configure specifies a Staff container.
For this part of your planning, it's helpful to know how many Zones you have, as discussed in Planning Driver and Replica Placement on Your Servers.
If you have a single Zone, you could place your staff users in a container below the district-level container, as illustrated in the following figure.
} 5If you have multiple zones, you have two choices for placing staff users:
You need to identify a container to be used as the Incomplete container, so the driver has a place to put students that it can't place correctly in the tree. This container is needed when a student's information is incomplete or a User object has a duplicate ID. If desired, you can specify an existing container to be used for this purpose instead of creating a new one.
If you have only one Zone, we recommend that you create one Incomplete container below the district container, as illustrated in } 7.
If you have multiple Zones, we recommend that you create an Incomplete container below each school container, as illustrated in } 9. This way, the users who are not yet placed correctly or who require administrator intervention are grouped by school.
Here are three examples of situations in which the driver would place students in the Incomplete container:
When the grade level or graduation year is entered into the student information system, Identity Manager automatically creates the user in the correct container, using the correct template.
If the eDirectory administrator wants to resolve duplicate IDs manually instead of choosing a rule for Identity Manager to use to resolve duplicates (this choice is specified when creating the Driver object), then the duplicate user is placed in the Incomplete container awaiting intervention by the eDirectory administrator. The duplicate user ID begins with a pound sign (#) to identify it as a duplicate. No template is used when creating a user in the Incomplete container.
In this case, the eDirectory administrator must manually delete the duplicate user from the Incomplete container, then create the student's User object, in the correct container, using the correct template, and with a unique ID.
For example, if the driver were set up for students in grades K-6 at Canyon Elementary, but the eDirectory admin setting up the driver mistakenly left out a rule for the 5th grade, then Identity Manager would not know where to place students with the school of Canyon Elementary and the grade level of 05. Identity Manager would place them in the Incomplete container awaiting intervention by the eDirectory administrator.
The administrator needs to fix the rules and then place the students in the right container using the right template. If no template is desired, the User objects could simply be manually moved to the correct container. If the User objects need to be created using a template, first the administrator would need to deleted them from the Incomplete container. Then, they would need to be re-created with the correct template in the correct container either manually or by using the Migrate into NDS command to cause the driver to re-create them. (See Using Migrate into eDirectory to Populate or Update eDirectory.)
You will need to specify the DN of the Incomplete container when you configure the Driver object.
The driver configuration gives you the option to automatically move a student user to a different container if the user's login is disabled. This option makes it easy for the administrator to identify all disabled accounts.
If you want to use this option, you must specify which container or containers you want the user objects to be placed in. If desired, you can use an existing container for this purpose instead of creating a new one.
If you have only one Zone, we recommend that you create one Disabled container below the district container, as illustrated in } 7.
If you have multiple Zones, we recommend that you create a Disabled container below each school container, as illustrated in } 8. This way, the users who have login disabled are grouped by school.
A student account is disabled when an exit date is set in the student information system. For example, this could happen when a student withdraws from school. If the student returns to school, a new entry date is set in the student information system. The student's account is then enabled and moved to the appropriate student container.
Decide what eDirectory Template objects you want the DirXML Driver for SIF to use when creating new users. An eDirectory Template object is not required for the driver, but it helps automate User object creation by allowing you to specify standard properties that can then be applied to new User objects.
For example, you might decide to have one Template object corresponding with each container where student users are grouped, such as one per school or grade, and a different Template object for staff users.
To prepare for configuring the driver, review the Template objects you have and update or add new ones if necessary. The Template objects that the driver needs access to must be on the server where the driver is running.