When you pass an XML request containing specified procedures into Microsoft Provisioning System (MPS), the non-provider namespaces, Provisioning Engine, provider namespaces, and providers all work together to complete provisioning tasks. This section provides an overview of procedures and namespaces, and how they interact with providers to accomplish the provisioning actions initiated by a request.
A procedure is a blueprint for executing the steps of a provisioning request. A procedure can be one of the following:
- A declaration of a provisioning action executed by a provider.
This type of procedure must be defined in the namespace for that
- A sequence of calls to other MPS procedures.
Every request contains a single procedure that can, in turn, contain calls to other procedures. MPS executes each step of a procedure in the order in which it appears. The actual steps in the XML structure of a called procedure are defined in a provider namespace or they are derived from a combination of lower-level procedures. For specialized needs, you can write a custom procedure that chains together calls to other procedures, which usually involve multiple providers.
Procedures are grouped together within namespaces, such as provider, non-provider, or custom namespaces. In order for procedures to be available to incoming requests, their namespace must be registered in the Configuration database. Because procedures must always exist within the context of a namespace, they are sometimes referred to as namespace procedures.
By default, namespace procedures are set with a Public access configuration, which is adequate for testing purposes. However, when deploying namespace procedures into a production environment, you should set the access configuration to Private for security purposes. However, if you mark a namespace procedure as Private, it can only be called by a Public procedure.
Namespaces are XML-based mechanisms that MPS uses to link procedures and providers with the Provisioning Engine. Namespaces are used to group procedure calls and each namespace must be registered in the Configuration database. A namespace can encompass the procedures of multiple providers to perform a provisioning transaction. Providers and the procedures used to implement the functionality of providers must also belong to a namespace.
You can think of managed namespaces as wrappers for code that carries out a particular procedure. For example, the Managed Active Directory namespace can call procedures (exposed by the Active Directory provider) that:
- Create and delete organizations, user accounts, groups, and
- Set user passwords.
- Configure users in appropriate security groups.
For more information about namespaces, see Understand the Benefits of Namespaces.