Reports about Exchange Online objects
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for Exchange Online.
NOTE: Other sections may be available depending on the which modules are installed.
Table 22: Data quality target system report
|
Show overview |
Mailbox
Mail users
Mail contact |
This report shows an overview of the user account and the assigned permissions. |
|
Show overview including origin |
Mailbox
Mail users
Mail contact |
This report shows an overview of the user account and origin of the assigned permissions. |
|
Show overview including history |
Mailbox
Mail user
Mail contact |
This report shows an overview of the user accounts including its history.
Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report. |
|
Overview of all assignments |
Mail-enabled distribution group
Office 365 group |
This report finds all roles containing employees who have the selected system entitlement. |
|
Show overview |
Mail-enabled distribution group
Office 365 group |
This report shows an overview of the system entitlement and its assignments. |
|
Show overview including origin |
Mail-enabled distribution group
Office 365 group |
This report shows an overview of the system entitlement and origin of the assigned user accounts. |
|
Show overview including history |
Mail-enabled distribution group
Office 365 group |
This report shows an overview of the system entitlement and including its history.
Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report. |
Configuration parameters for managing an Exchange Online environment
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
Table 23: Configuration parameters for managing an Exchange Online environment
|
TargetSystem | AzureAD | ExchangeOnline |
Preprocessor relevant configuration parameter for controlling database model components for Exchange Online target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
|
TargetSystem | AzureAD | ExchangeOnline | Accounts |
Allows configuration of recipient data. |
|
TargetSystem | AzureAD | ExchangeOnline | Accounts |
MailTemplateDefaultValues |
Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used. |
|
TargetSystem | AzureAD | ExchangeOnline | DefaultAddress |
Default email address of the recipient for notifications about actions in the target system. |
|
TargetSystem | AzureAD | ExchangeOnline | MaxFullsyncDuration |
Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated. |
|
QER | ITShop | AutoPublish | O3EDL |
Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
|
QER | ITShop | AutoPublish | O3EDL | ExcludeList |
List of all Exchange Online mail-enabled distribution groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
|
QER | ITShop | AutoPublish | O3EUnifiedGroup |
Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
|
QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList |
List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
Default project template for Exchange Online
A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.
The project template uses mappings for the following schema types.
Table 24: Exchange Online schema type mapping
|
DistributionGroup |
O3EDL |
|
DynamicDistributionGroup |
O3EDynDL |
|
Mailbox |
O3EMailbox |
|
MailContact |
O3EMailContact |
|
MailPublicFolder |
O3EMailPublicFolder |
|
MailUser |
O3EMailUser |
|
MobileDeviceMailboxPolicy |
O3EMobileDeviceMBPolicy |
|
OWAMailboxPolicy |
O3EOwaMailboxPolicy |
|
PublicFolder |
O3EPublicFolder |
|
RetentionPolicy |
O3ERetentionPolicy |
|
RoleAssignmentPolicy |
O3ERoleAssignmentPolicy |
|
SharingPolicy |
O3ESharingPolicy |
|
UnifiedGroup |
O3EUnifiedGroup |
Editing Exchange Online system objects
The following table describes permitted editing methods of Exchange Online schema types and names restrictions required by system object processing.
Adding and deleting user mailboxes can only be done in One Identity Manager through assignment subscriptions in Azure Active Directory. This creates a mailbox that does not appear in the database until it has been synchronized. Afterward, it can be provisioned automatically in Exchange Online.
Table 25: Methods available for editing schema types
|
Public folder (PublicFolder) |
Yes |
No |
No |
No |
|
Mail-enabled public folder (MailPublicFolder) |
Yes |
No |
No |
No |
|
Policy for role assignment (RoleAssignmentPolicy) |
Yes |
No |
No |
No |
|
Mailbox policy for mobile devices (MobileDeviceMailboxPolicy) |
Yes |
No |
No |
No |
|
Sharing policy (SharingPolicy) |
Yes |
No |
No |
No |
|
Retention policy (RententionPolicy) |
Yes |
No |
No |
No |
|
Outlook Web App mailbox policy (OWAMailboxPolicy) |
Yes |
No |
No |
No |
|
Mail user (MailUser) |
Yes |
Yes |
Yes |
Yes |
|
Mail contact (MailContact) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: resource mailbox (Mailbox) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: shared mailbox (Mailbox) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: user mailbox (Mailbox) |
Yes |
No |
No |
Yes |
|
Mailbox: calendar settings (Mailbox) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: statistics (Mailboxstatistics) |
Yes |
Yes |
Yes |
Yes |
|
Mail-enabled distribution mailbox (DistributionGroup) |
Yes |
Yes |
Yes |
Yes |
|
Dynamic distribution group (DynamicDistributionGroup) |
Yes |
No |
Yes |
Yes |
|
Office 365 group (UnifiedGroup) |
Yes |
Yes |
Yes |
Yes |
