Chat now with support
Chat mit Support

Identity Manager 9.2.1 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange environments Synchronizing a Microsoft Exchange environment
Setting up initial synchronization with Microsoft Exchange Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing a Microsoft Exchange environment Microsoft Exchange structure Microsoft Exchange mailboxes Microsoft Exchange mail users and Microsoft Exchange mail contacts Microsoft Exchange mail-enabled distribution groups Microsoft Exchange dynamic distribution groups Microsoft Exchange mail-enabled public folders Extensions for supporting Exchange Hybrid environments Error handling Configuration parameters for managing a Microsoft Exchange environment Default project template for Microsoft Exchange Processing methods of Microsoft Exchange system objects Microsoft Exchange connector settings

Default project template for Microsoft Exchange

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Detailed information about this topic

Default project template for Microsoft Exchange 2013, Microsoft Exchange 2016, and Microsoft Exchange 2019

The project template uses mappings for the following schema types.

Table 44: Mapping Microsoft Exchange 2013, Microsoft Exchange 2016, and Microsoft Exchange 2019 schema types to tables in the One Identity Manager schema.

Schema type in Microsoft Exchange

Table in the One Identity Manager schema

AddressbookPolicy

EX0AddrBookPolicy

CalendarProcessing

EX0Mailbox

DatabaseAvailabilityGroup

EX0DAG

DistributionGroup

EX0DL

DynamicDistributionGroup

EX0DynDL

ExchangeServer

EX0Server

GlobalAdressList

EX0AddrList

LocalAddressList

EX0AddrList

Mailbox

EX0Mailbox

MailboxDatabase

EX0MailboxDatabase

Mailboxstatistics

EX0Mailbox

MailContact

EX0MailContact

MailPublicFolder

EX0MailPublicFolder

MailUser

EX0MailUser

MobileDeviceMailboxPolicy

EX0ActiveSyncMBPolicy

OfflineAddressBook

EX0OfflAddrBook

Organization

EX0Organization

OwaMailboxPolicy

EX0OwaMailboxPolicy

PublicFolder

EX0PublicFolder

PublicFolderDatabase

EX0PublicFolderDatabase

RemoteMailbox

EXHRemoteMailbox

NOTE: This table only exists if the Exchange Hybrid Module is installed.

RetentionPolicy

EX0RetentionPolicy

RoleAssignmentPolicy

EX0RoleAssignPolicy

SharingPolicy

EX0SharingPolicy

Mailbox Permissions

EX0Mailbox

Processing methods of Microsoft Exchange system objects

The following table describes permitted editing methods for Microsoft Exchange schema types and the necessary restrictions for processing the system objects.

Table 45: Methods available for processing Microsoft Exchange schema types
Type Read Add Delete Refresh

Organization (Organization)

Yes

No

No

No

Microsoft Exchange server (ExchangeServer)

Yes

No

No

No

Data availability group (DatabaseAvailabilityGroup)

Yes

No

No

No

Public folder (PublicFolder)

Yes

No

No

No

Mailbox database (MailboxDatabase)

Yes

No

No

No

Mail-enabled public folder (MailPublicFolder)

Yes

No

No

No

Global address list (EX0AddrList)

Yes

No

No

No

Local address list (EX0AddrList)

Yes

No

No

No

Offline address list (OfflineAddressBook)

Yes

No

No

No

Outlook Web App mailbox policy (OwaMailboxPolicy)

Yes

No

No

No

Address book policy (AddressBookPolicy)

Yes

No

No

No

Retention policy (RententionPolicy)

Yes

No

No

No

Sharing policy (SharingPolicy)

Yes

No

No

No

Mailbox policy for mobile devices (MobileDeviceMailboxPolicy)

Yes

No

No

No

Policy for role assignment (RoleAssignmentPolicy)

Yes

No

No

No

Mail user (MailUser)

Yes

Yes

Yes

Yes

Mail contact (MailContact)

Yes

Yes

Yes

Yes

Mailbox: user mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: resource mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: shared mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: linked mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: legacy mailbox (Mailbox)

Yes

No

No

No

Mailbox: discovery mailbox (Mailbox)

Yes

No

No

No

Mailbox: calendar settings (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: statistics (Mailboxstatistics)

Yes

Yes

Yes

Yes

Mailbox: remote mailbox (RemoteMailbox)

Yes

Yes

Yes

Yes

Mailbox: mailbox permissions (MailboxPermissions)

Yes

Yes

Yes

Yes

Dynamic distribution group (DynamicDistributionGroup)

Yes

No

Yes

Yes

Distribution group (DistributionGroup)

Yes

Yes

Yes

Yes

Microsoft Exchange connector settings

The following settings are configured for the system connection with the Microsoft Exchange connector.

Table 46: Microsoft Exchange connector settings

Setting

Meaning

Servers

Fully qualified name (FQDN) of the Microsoft Exchange server.

Variable: CP_ExchangeServerFqdn

Basic authentication (requires SSL)

Specifies whether to use the Basic authentication method.

Default: False

Variable: CP_UseSSL

NOTE: Microsoft Exchange does not support this authentication type by default. You must configure support for this method in Microsoft Exchange. In addition, an SSL connection is used to authenticate using the Basic method. By default, authentication uses Kerberos.

Max. concurrent connections

Maximum number of connections that can be used concurrently. The value must be between 1 and 20.

Variable: CP_ConnectionPoolSize

User name (user@domain)

Fully qualified name (FQDN) of the user account and password for logging in to Microsoft Exchange.

Variable: CP_Username

Password

The user account’s password.

Variable: CP_Password

Use the One Identity Manager Service account

Specifies whether to use the credentials of the currently logged in user.

Default: False

Variable: CP_UseServiceCredential

The user account running under the One Identity Manager Service requires the permissions described in Users and permissions for synchronizing with Microsoft Exchange.

NOTE: If this setting is used, the current user account is also used in the Synchronization Editor during configuration. This user account may be different to the One Identity Manager Service's user account

In this case, it is recommended you use the RemoteConnectPlugin. This ensures that the same user account is used during configuration with the Synchronization Editor as is used in the service context.

Recipient: Complete organization

If this setting is set to True, the recipients will be available to the entire organization for reading/writing. If the setting is set to False, only the recipients of the specified domain (CP_RecipientDomain) are available.

Default: True

Variable: CP_SynchronizeEntireOrganization

Recipient: Only recipients of the following domain

Domain whose recipients will be synchronized if the complete organization is not synchronized (CP_SynchronizeEntireOrganization = False).

Variable: CP_RecipientDomain

Use local server time for the revision

Revision filtering data

If the value is True, the local server time of the server is used for revision filtering. This makes it unnecessary to load target system object for determining the revision. If the value is false, the change time stamp of the underlying Active Directory objects are used for revision filtering.

Default: True

Variable: CP_UseLocalServerTimeAsRevision

Max. time difference (local/remote) in minutes

Revision filtering data

Maximum time difference in minutes between the synchronization server and the Microsoft Exchange server. If the time difference is more than 60 minutes, alter the value.

Default: 60

Variable: CP_LocalServerRevisionMaxDifferenceInMinutes

Retry count

Maximum number of reconnection attempts after an interrupted connection has been identified.

Default: 30

Variable: CP_MaxReconnectRetries

Delay between retries

Time delay between retry attempts in seconds.

Default: 20

Variable: CP_ReconnectIntervalInSeconds

ConfigurationDomainController

FQDN of the configuration domain controller to be used for reading Microsoft Exchange configuration information. For auto discovery, leave the value blank.

NOTE: If you enter a configuration domain controller, ensure that it is available. Otherwise, an error occurs.

Variable: CP_ConfigurationDomainController

PreferredGlobalCatalog

FQDN of the global catalog server for reading recipient information. For auto discovery, leave the value blank.

NOTE: If you enter a catalog server, ensure that it is available. Otherwise, an error occurs.

Variable: CP_PreferredGlobalCatalog

SetPreferredDomainControllers

Comma-delimtied list of domain controllers (FQDN) for reading information from Active Directory. For auto discovery, leave the value blank.

NOTE: If you enter domain controllers, ensure that they are available. Otherwise, an error occurs.

Variable: CP_SetPreferredDomainControllers

PreferredServer

FQDN of the domain controller to be used for writing data. For auto discovery, leave the value blank.

NOTE: If you enter a domain controller, ensure that it is available. Otherwise, an error occurs.

Variable: CP_PreferredServer

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen