Chat now with support
Chat mit Support

Identity Manager 9.0 LTS - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Ignoring data error in synchronization

By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.

To ignoring data errors during synchronization in One Identity Manager

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > One Identity Manager connection category.

  3. In the General view, click Edit connection.

    This starts the system connection wizard.

  4. On the Additional options page, enable Try to ignore data errors.

    This option is only effective if Continue on error is set in the synchronization workflow.

    Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.

  5. Save the changes.

IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.

Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.

Pausing handling of target system specific processes (Offline mode)

If a target system connector is not able to reach the target system temporarily, you can enable offline mode for the target system. This stops target system specific processes from being frozen and having to be manually re-enabled later.

Whether offline mode is generally available for a target system connection is set in the base object of the respective synchronization project. Once a target system is truly unavailable, the target system connection can be switched offline and online again with the Launchpad.

In offline mode, all Job servers assigned to the base object are stopped. This includes the synchronization server and all Job servers involved in load balancing. If one of the Job servers also handles other tasks, these are not processed either.

Prerequisites

Offline mode can only be specified for a base object if certain prerequisites are fulfilled.

  • The synchronization server is not used for any other base object as a synchronization server.

  • If a server function is assigned to the base object, none of the Job servers with this server function may have any other server function (for example, update server).

  • A dedicated synchronization server must be set up to exclusively process the Job queue for this base object. The same applies to all Job servers that are determined by the server function.

To allow offline mode for a base object

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Base objects category.

  3. Select a base object in the document view and click .

  4. Enable Offline mode available.

  5. Click OK.
  6. Save the changes.

IMPORTANT: To prevent data inconsistencies, the offline phase should be kept as short as possible.

The number of processes to handle depends on the extent of the changes in the One Identity Manager database and their effect on the target system during the offline phase. To establish data consistency between the One Identity Manager database and the target system, all pending processes must be handled before synchronization can start.

Only use offline mode, if possible, for short system downtimes such as maintenance windows.

To flag a target system as offline

  1. Start the Launchpad and log in on the One Identity Manager database.

  2. Select Manage > System monitoring > Flag target systems as offline.

  3. Click Run.

    This opens the Manage offline systems dialog. The Base objects section displays the base objects of target system connections that can be switched to offline.

  4. Select the base object whose target system connection is not available.

  5. Click Switch offline.

  6. Confirm the security prompt with OK.

    This stops all the Job servers assigned to the base object. No more synchronization or provisioning Jobs are performed. The Job Queue Info program shows when a Job server has been switched offline and the corresponding tasks are not being processed.

For more information about offline mode, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

Basic data for managing an Exchange Online environment

To manage an Exchange Online environment in One Identity Manager, the following basic data is relevant.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

    For more information, see Account definitions for Exchange Online mail users and Exchange Online mail contacts.

  • Password policies

    One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

    Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.

    Azure Active Directory configuration settings are used for implementing password policies. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

  • Initial password for new mail users.

    You can issue an initial password for mail users in the following ways: Enter a password or use a random generated initial password when you create a mail user.

    Azure Active Directory configuration settings are used for generating random passwords for new mail users. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

  • Email notifications about credentials

    When a new mail user is created, the login data are sent to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.

    Azure Active Directory configuration settings are used for sending login credentials. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.

    For more information, see Post-processing outstanding objects.

  • Target system managers

    A default application role exists for the target system manager in One Identity Manager. Assign employees to this application role who have permission to edit all Exchange Online objects in One Identity Manager.

    Define additional application roles if you want to limit the permissions for target system managers to individual tenants with Exchange Online. The application roles must be added under the default application role.

    For more information, see Target system managers for Exchange Online.

  • Servers

    Servers must be informed of your server functionality in order to handle Exchange Online-specific processes in One Identity Manager. For example, the synchronization server.

    For more information, see Job server for Exchange Online-specific process handling.

Account definitions for Exchange Online mail users and Exchange Online mail contacts

NOTE: Exchange Online user mailboxes are create or deleted respectively by assigning and removing licenses through Azure Active Directory subscriptions. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

One Identity Manager has account definitions for automatically allocating mail users and mail contacts to employees. You can create account definitions for every target system. If an employee does not yet have a mail user or mail contact in a target system, a new mail user or mail contact is created by assigning the account definition to an employee.

For more information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.

The following steps are required to implement an account definition:

  • Creating account definitions

  • Configuring manage levels

  • Creating the formatting rules for IT operating data

  • Collecting IT operating data

  • Assigning account definitions to employees and target systems

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen