Chat now with support
Chat mit Support

Identity Manager 9.2.1 - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Creating an initial synchronization project for Exchange Online

IMPORTANT: Each Exchange Online environment should have its own synchronization project.

NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:

  • Run in default mode

  • Started from the Launchpad

If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.

To set up initial synchronization project for Exchange Online

  1. Start the Launchpad and log in on the One Identity Manager database.

    NOTE: If synchronization is run by an application server, connect the database through the application server.

  2. Select the Target system type Exchange Online entry and click Start.

    This starts the Synchronization Editor's project wizard.

  1. On the wizard's start page, click Next.

  2. On the System access page, specify how One Identity Manager can access the target system.

    • If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.

    • If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.

      Select the Connect using remote connection server and enter the remote connection properties.

  1. On the Deployment/organization domain page, you record the following information.

    • Deployment: Select the cloud deployment where your Exchange Online environment will run. Your options include Microsoft 365 global service and Microsoft 365 GCC High.

    • Organization domain: Enter the Azure Active Directory name of the domain.

      Example:

      <yourorganization>.onmicrosoft.com

  2. On the Connection parameters page, enter the login data for connecting to Exchange Online.

    • If you want to authenticate with a specific user account, enter the following information.

      • User name: Enter the fully qualified name (FQDN) of the user account for logging in.

        Example:

        <user>@<domain.com>

        sync.user@<yourorganization>.onmicrosoft.com

      • Password: Enter the pass word of the user account.

    • If you want to authenticate with a self-signed certificate (the app-only authentication), enter the following information.

      • Application ID: Application ID created when the application is registered for Exchange Online PowerShell in the Azure Active Directory tenant.

      • Certificate thumbprint: Self-signed certificate thumbprint.

    Click to test the connection parameters.

    NOTE:

    • Use the Add set button to enter more connection parameters. These connection parameters are queried cyclically by the Exchange Online connector when queries are sent to Exchange Online. By using multiple connection sets, it takes longer to reach the throttling limit.

      For more detailed information about throttling limits in Exchange Online, see the Microsoft documentation.

    • If you authenticate with a self-signed certificate, you must ensure that each connection set has its own application registration. The same certificate cannot be used more than once for different application registrations.

    • Click Check all sets to perform a one-off test of all the connection parameter sets.

  1. On the last page of the system connection wizard, click Finish to return to the project wizard.

  1. On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.

    NOTE:

    • If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.

    • This page is not shown if a synchronization project already exists.

  2. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

  1. On the Restrict target system access page, specify how system access should work. You have the following options: Read-only access to target system.
    Table 5: Specify target system access
    Option Meaning

    Specifies that a synchronization workflow is only to be set up for the initial loading of the target system into the One Identity Manager database.

    The synchronization workflow has the following characteristics:

    • Synchronization is in the direction of One Identity Manager.

    • Processing methods in the synchronization steps are only defined for synchronization in the direction of One Identity Manager.

    Read/write access to target system. Provisioning available.

    Specifies whether a provisioning workflow is set up in addition to the synchronization workflow for the initial loading of the target system.

    The provisioning workflow displays the following characteristics:

    • Synchronization is in the direction of the Target system.

    • Processing methods are only defined in the synchronization steps for synchronization in the direction of the Target system.

    • Synchronization steps are only created for such schema classes whose schema types have write access.

  1. On the Synchronization server page, select the synchronization server to run the synchronization.

    If the synchronization server is not declared as a Job server for this target system in the One Identity Manager database yet, you can add a new Job server.

    1. Click to add a new Job server.

    2. Enter a name for the Job server and the full server name conforming to DNS syntax.

      TIP: You can also implement an existing Job server as the synchronization server for this target system.

      • To select a Job server, click .

      This automatically assigns the server function matching this Job server.

    3. Click OK.

      The synchronization server is declared as Job server for the target system in the One Identity Manager database.

    4. NOTE: After you save the synchronization project, ensure that this server is set up as a synchronization server.

  1. To close the project wizard, click Finish.

    This creates and allocates a default schedule for regular synchronization. Enable the schedule for regular synchronization.

    This sets up, saves and immediately activates the synchronization project.

    NOTE:

    • If enabled, a consistency check is carried out. If errors occur, a message appears. You can decide whether the synchronization project can remain activated or not.

      Check the errors before you use the synchronization project. To do this, in the General view on the Synchronization Editor‘s start page, click Verify project.

    • If you do not want the synchronization project to be activated immediately, disable the Activate and save the new synchronization project automatically option. In this case, save the synchronization project manually before closing the Synchronization Editor.

    • The connection data for the target system is saved in a variable set and can be modified in the Synchronization Editor in the Configuration > Variables category.

Related topics

Exchange Online synchronization features

There are a number of features for synchronizing Exchange Online environments, which are described here.

Dependency resolution

By default, automatic dependency resolution for synchronization steps is not set in the synchronization workflow. This reduces the number of calls required to Exchange Online. This can lead to unresolved references during synchronization that are handled in the maintenance phase at the end of synchronization.

Multiple organizations are not supported

Due to the dynamic number of used login accounts, variable sets cannot be used to parametrize the connection. For this reason, creating more base objects in one synchronization project is not supported.

Changing mailbox types in the Exchange Online portal

The default project template for Exchange Online support the conversion of mailbox types as follows:

  • Shared mailbox to user mailbox

  • User mailbox to share mailbox

  • Equipment mailbox to room mailbox

  • Room mailbox to equipment mailbox

NOTE: In performing an unsupported change, for example, a room mailbox to a shared mailbox, the synchronization will mark the room mailbox as "missing" and fail to create the shared mailbox due to naming violations. This scenario can only be resolved manually.

NOTE: One Identity Manager does not support handling of mailbox types.

Synchronization of mailbox statistic data

Synchronization of mailbox statistic data is done in its own synchronization step. Loading this information from Exchange Online is potentially very time consuming. Therefore, it make sense to create a separate workflow that includes a synchronization step for loading this data. You can run this workflow at longer intervals than the workflow without usage data.

The following usage information is synchronized:

Schema property in the Target System Description

AssociatedItemCount

Number of elements associated with this mailbox.

DeletedItemCount

Number of deleted elements.

DumpsterMessagesPerFolderCountReceiveQuota

Maximum number of messages allowed in a folder in the Recoverable items folder.

DumpsterMessagesPerFolderCountWarningQuota

Number of items a folder in the Recoverable items folder can contain before a warning is sent to the user.

ItemCount

Number of messages in a mailbox (for example, email, calendar, or contacts) that are visible to the user.

LastLoggedOnUserAccount

Name of the last logged on user.

LastLogOffTime

Last log off time

LastLogonTime

Last log on time

StorageLimitStatus

Information about the current storage state with respect to the specified limits.

TotalDeletedItemSize

Size of items in the Recoverable Items mailbox.

TotalItemSize

Size of items in mailbox in KB.

NOTE: The mailbox usage information is only available for users or shared mailboxes.

Number of external slots for the Job server configuration

Since the number of concurrent connections for Exchange Online is limited to three, you should use a dedicated Job server with a reduced number of external slots (not more then two). You will get an error message if to many connections are open at the same time.

You can set the number of connections for each connection parameter set and customize the connector definition. For more information, see Advanced settings for the Exchange Online connector.

Configuring the synchronization log

All the information, tips, warnings, and errors that occur during synchronization are recorded in the synchronization log. You can configure the type of information to record separately for each system connection and synchronization workflow.

To configure the content of the synchronization log for a system connection

  1. To configure the synchronization log for target system connection, in the Synchronization Editor, select the Configuration > Target system category.

    - OR -

    To configure the synchronization log for the database connection, in the Synchronization Editor, select the Configuration > One Identity Manager connection category.

  2. In the General section, click Setup.

  3. In the Synchronization log section, set Create synchronization log.

  4. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  5. Click OK.

To configure the content of the synchronization log for a synchronization workflow

  1. In the Synchronization Editor, select the Workflows category.

  2. Select a workflow in the navigation view.

  3. In the General section, click Edit.

  4. Select the Synchronization log tab.

  5. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  6. Click OK.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

  • In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Related topics

Customizing the synchronization configuration

Having used the Synchronization Editor to set up a synchronization project for initial synchronization of Exchange Online, you can use the synchronization project to load Exchange Online objects into the One Identity Manager database. When you manage mailboxes, mail users, mail contacts, mail-enabled distribution groups, and Office 365 groups with One Identity Manager, modifications are provisioned in the Exchange Online system.

You must customize the synchronization configuration in order to compare the One Identity Manager database with the Exchange Online regularly and to synchronize changes.

  • To use One Identity Manager as the primary system during synchronization, create a workflow with synchronization in the direction of the Target system.

  • You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.

  • To specify which Exchange Online objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.

  • Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

For more information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen