Configuration parameters for managing an Exchange Online environment
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
Table 23: Configuration parameters for managing an Exchange Online environment
|
TargetSystem | AzureAD | ExchangeOnline |
Preprocessor relevant configuration parameter for controlling database model components for Exchange Online target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
|
TargetSystem | AzureAD | ExchangeOnline | Accounts |
Allows configuration of recipient data. |
|
TargetSystem | AzureAD | ExchangeOnline | Accounts |
MailTemplateDefaultValues |
Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used. |
|
TargetSystem | AzureAD | ExchangeOnline | DefaultAddress |
Default email address of the recipient for notifications about actions in the target system. |
|
TargetSystem | AzureAD | ExchangeOnline | MaxFullsyncDuration |
Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated. |
|
QER | ITShop | AutoPublish | O3EDL |
Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
|
QER | ITShop | AutoPublish | O3EDL | ExcludeList |
List of all Exchange Online mail-enabled distribution groups that must not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
|
QER | ITShop | AutoPublish | O3EUnifiedGroup |
Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
|
QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList |
List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
Default project template for Exchange Online
A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.
The project template uses mappings for the following schema types.
Table 24: Exchange Online schema type mapping
|
DistributionGroup |
O3EDL |
|
DynamicDistributionGroup |
O3EDynDL |
|
Mailbox |
O3EMailbox |
|
MailContact |
O3EMailContact |
|
MailPublicFolder |
O3EMailPublicFolder |
|
MailUser |
O3EMailUser |
|
MobileDeviceMailboxPolicy |
O3EMobileDeviceMBPolicy |
|
OWAMailboxPolicy |
O3EOwaMailboxPolicy |
|
PublicFolder |
O3EPublicFolder |
|
RetentionPolicy |
O3ERetentionPolicy |
|
RoleAssignmentPolicy |
O3ERoleAssignmentPolicy |
|
SharingPolicy |
O3ESharingPolicy |
|
UnifiedGroup |
O3EUnifiedGroup |
Editing Exchange Online system objects
The following table describes permitted editing methods of Exchange Online schema types and names restrictions required by system object processing.
Adding and deleting user mailboxes can only be done in One Identity Manager through assignment subscriptions in Azure Active Directory. This creates a mailbox that does not appear in the database until it has been synchronized. Afterward, it can be provisioned automatically in Exchange Online.
Table 25: Methods available for editing schema types
|
Public folder (PublicFolder) |
Yes |
No |
No |
No |
|
Mail-enabled public folder (MailPublicFolder) |
Yes |
No |
No |
No |
|
Policy for role assignment (RoleAssignmentPolicy) |
Yes |
No |
No |
No |
|
Mailbox policy for mobile devices (MobileDeviceMailboxPolicy) |
Yes |
No |
No |
No |
|
Sharing policy (SharingPolicy) |
Yes |
No |
No |
No |
|
Retention policy (RententionPolicy) |
Yes |
No |
No |
No |
|
Outlook Web App mailbox policy (OWAMailboxPolicy) |
Yes |
No |
No |
No |
|
Mail user (MailUser) |
Yes |
Yes |
Yes |
Yes |
|
Mail contact (MailContact) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: resource mailbox (Mailbox) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: shared mailbox (Mailbox) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: user mailbox (Mailbox) |
Yes |
No |
No |
Yes |
|
Mailbox: calendar settings (Mailbox) |
Yes |
Yes |
Yes |
Yes |
|
Mailbox: statistics (Mailboxstatistics) |
Yes |
Yes |
Yes |
Yes |
|
Mail-enabled distribution mailbox (DistributionGroup) |
Yes |
Yes |
Yes |
Yes |
|
Dynamic distribution group (DynamicDistributionGroup) |
Yes |
No |
Yes |
Yes |
|
Office 365 group (UnifiedGroup) |
Yes |
Yes |
Yes |
Yes |
Exchange Online connector settings
The following settings are configured for the system connection with the Exchange Online connector.
Table 26: Exchange Online connector settings
| User name |
Fully qualified name (FQDN) of the user account and password for logging in to Exchange Online.
Example:
<user>@<domain.com>
sync.user@yourorganisation.onmicrosoft.com
Variable: CP_Username |
| Password |
The user account’s password.
Variable: CP_Password |
| Use local server time for the revision |
Revision filtering data
If the value is True, the local server time of the server is used for revision filtering. (default) This makes it unnecessary to load target system object for determining the revision. If the value is false, the change time stamp of the underlying Azure Active Directory objects are used for revision filtering.
Variable: CP_UseLocalServerTimeAsRevision |
| Max. time difference (local/remote) in minutes |
Revision filtering data
Defines the maximum time difference in minutes between the synchronization server and the Exchange Online server. The default value is 60 minutes. If the time difference is more than 60 minutes, alter the value.
Variable: CP_LocalServerRevisionMaxDifferenceInMinutes |
|
Max. concurrent connections |
Maximum number of connections that can be used concurrently. The value must be between 1 and 20.
Default value: 2
Variable: CP_ConnectionPoolSize |
| Definition of Windows PowerShell commands |
You can use this setting to adjust the definition used by the connector in order to convert inputs and outputs between the Exchange Online Cmdlets and the schema of the Synchronization Engine.
IMPORTANT: You should only make changes to the connector definition with the help of support desk staff. Changes to this setting will have wide ranging effects on synchronization and must be made carefully. |
