サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.1.5 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange environments Setting up Microsoft Exchange synchronization Basic data for managing a Microsoft Exchange environment Microsoft Exchange structure Microsoft Exchange mailboxes Email users and email contacts Mail-enabled distribution groups Dynamic distribution groups Mail-enabled public folders Extensions for supporting Exchange hybrid environments Error handling Configuration parameters for managing a Microsoft Exchange environment Default project template for Microsoft Exchange

Advice for migrating mailboxes

You cannot move mailboxes between local One Identity Manager and Microsoft Exchange with Exchange Online. Microsoft offers migration scenarios for moving mailboxes. For detailed information, see your Microsoft documentation.

Synchronizing Microsoft Exchange after moving a mailbox from local Exchange Online to Microsoft Exchange in One Identity Manager results in:

  • A remote mailbox being created
  • The local mailbox being marked as outstanding.

After successful migration, delete outstanding mailboxes in One Identity Manager.

  1. Check whether the mailbox was migrated and whether the Active Directory user account is connected with the local mailbox and a remote mailbox.

    Migrated mailboxes are displayed in the Manager in the Active Directory | Troubleshooting | Mailboxes migrated to Exchange Online category.

    • Select the mailbox and switch to the Active Directory user account overview. Here you can see whether the user account is connected with a local mailbox and a remote mailbox.

  2. Delete the outstanding mailbox.

If you apply an account definition to local mailboxes, create a new account definition for remote mailboxes.

  • If the mailbox account definition currently in use, expects an account definition for Active Directory user accounts, enter this account definition as prerequisite for the remote mailbox account definition.

    IMPORTANT: The remote mailbox account definition may not be distributed automatically to everybody. Otherwise One Identity Manager creates new remote mailboxes.

Example of exchanging account definitions for migrated mailboxes

The following is an example explaining how you can replace account definitions with migrated mailboxes

NOTE: The workflows described here are only for orientation. Always take your customized workflows into account while replacing.

You always required a custom migration scenario if the account definitions are requested through the IT Shop.

Example 1

Local mailboxes are managed through an account definition. This account definition requires an account definition for Active Directory user accounts.

The account definition is directly assigned to employees.

After migration, remote mailboxes are also managed through account definitions.

  1. Create an account definition for remote mailboxes. Enter the Active Directory user account's account definition as prerequisite.

  2. After migrating a local mailbox.
    1. Ensure that the remote mailbox exists in One Identity Manager and is connected to the Active Directory user account.

    2. Delete the outstanding local mailbox in One Identity Manager.

    3. Assign the account definition for remote mailboxes to the employee.

    4. Delete the account definition for local mailboxes belonging to the employee.

Example 2

Local mailboxes are managed through an account definition. This account definition requires an account definition for Active Directory user accounts.

The account definition is inherited by the employees through it's department relation.

After migration, remote mailboxes are also managed through account definitions.

  1. Create a parallel structure to the department and assign the account definition for local mailboxes to this parallel structure.

    The purpose of this parallel structure is to retain the local mailboxes' account definition assignment to an employee until the mailbox has been successfully migrated.

    • Configure a dynamic role for this parallel structure, to include all employees who:

      • Belong to the department and do not have a remote mailbox.

        or

      • Belong to the department and own a remote mailbox and an outstanding local mailbox.

  2. After completing DBQueue Processor processing, you can remove the account definition for local mailboxes from the department.

  3. Create an account definition for remote mailboxes. Enter the Active Directory user account's account definition as prerequisite.

  4. Create another parallel structure and assign the account definition for remote mailboxes to it..

    The purpose of this parallel structure is to assign the remote mailboxes' account definition to employees after mailbox migration and to retain the assignment of the required account definition for Active Directory.

    • Configure a dynamic role for this parallel structure, to include all employees who:

      • Belong to the department and own a remote mailbox.

  5. Delete the outstanding mailbox after migrating the local mailbox successfully.

  6. After migrating all the department's local mailboxes, you can:

    1. Assign a department to the remote mailboxes' account definition.

    2. Remove the parallel structure.

Creating remote mailboxes

To create a remote mailbox

  1. In the Manager, select the Active Directory | Remote mailboxes category.

  2. Click in the result list.

  3. On the master data form, enter the master data for the mailbox.

  4. Save the changes.

To create a mailbox for an Active Directory user account manually

  1. In the Manager, select the Active Directory | User accounts category.

  2. In the result list, select the user account then select the Change master data task.

  3. Select the Create remote mailbox task.

  4. Enter the following information:

    • Active Directory user account: The user account is already selected.

    • Exchange organization: The exchange organization is already selected. Check the setting.

    • Alias: Unique alias for further identification of the mailbox.

  5. Click OK.

NOTE: After creation of a new remote mailbox, it takes until the next synchronization of your Azure Active Directory tenant in Azure Active Directory Connect until a corresponding mailbox is created in the Exchange Online environment. Up to this point, the mailbox is acknowledged in the local Microsoft Exchange environment but is not yet available for use.

NOTE: After new remote mailboxes of Remote user type have been created by Azure Active Directory or Exchange Online internal processes, an appropriate Exchange license must be assigned for the resulting Azure Active Directory user account.

To display remote mailboxes without Exchange licenses

  • In the Manager, select the Active Directory| Exchange system administration | <organization> | Recipient configuration | Remote mailboxes | Remote user | Without assigned licenses category.

Related topics

Editing remote mailboxes

To edit a mailbox

  1. In the Manager in the Active Directory | Remote mailboxes category.
  2. In the result list, select the remote mailbox then select the Change master data task.
  3. Edit the remote mailbox's master data.
  4. Save the changes.
Related topics

General master data of a remote mailbox

Enter the following data on the General tab.

Table 40: General master data of a remote mailbox
Property Description
Employee Employee using the mailbox. An employee is already entered if the mailbox was generated by an account definition. If you create the mailbox manually, you can select an employee in the menu.
Account definition

Account definition through which the mailbox was created.

Use the account definition to automatically populate mailbox master data and to specify a manage level for the mailbox. One Identity Manager finds the IT operating data of the assigned employee and uses it to populate the corresponding fields in the mailbox.

NOTE: The account definition cannot be changed once the mailbox has been saved.

Manage level

 Manage level with which the mailbox is created. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.
Active Directory user account Active Directory user account for which this mailbox is created.
Exchange organization

Name of the Microsoft Exchange organization.

Canonical name Mailbox's canonical name. The canonical name is generated automatically.
Recipient type (detail) Type of recipient. The mailbox type is specified when a mailbox is added and cannot be changed afterward. You can choose from the following options: Remote user, Remote room, Remote equipment and Remote shared.
Alias Unique alias for further identification of the mailbox.

User login name

User account login name. The user's login name is made up of the alias and the domain. User login names that are formatted like this correspond to the User Principal Name (UPN) in Active Directory.

Do not display in address list Specifies whether the mailbox is visible in address books. Set this option if you want to prevent the mailbox from being displayed in address books. This option applies to all address books.
Moderation enabled Specifies whether the mailbox is moderated. Enable this option if the mailbox is meant to be moderated. Use the task Assign moderators to specify moderators.
Sender authentication required Specifies whether authentication data is requested from senders. Set this option to prevent anonymous senders mailing to the mailbox.
Automatically update based on recipient policy Specifies whether changes to recipient's email addresses are automatically updated based on incoming settings.
Proxy addresses

Email addresses for the mailbox. You can also add other mail connectors (for example, CCMail, MS) in addition to the standard address type (SMTP, X400).

Use the following syntax to set up other proxy addresses:

Address type: new email address

Sending message to

Specifies how senders are notified when they send messages to moderated mailbox. Permitted values are:

  • Do not notify: the sender is not notified.

  • Only notify senders in your exchange organization: Only internal senders receive a notification.

  • Notify all senders: Internal and external senders receive notification.

Distinguished name

Mailbox's distinguished name.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択