Chat now with support
Chat with Support

Active Roles 7.2.1 - Exchange Resource Forest Management Administrator Guide

Applying the Policy Object

Deploying the Solution > Applying the Policy Object

Active Roles provides a built-in Policy Object containing the mailbox management policy for Exchange resource forest topology. To enable Exchange Resource Forest Management, you need to:

Link that Policy Object to the appropriate containers in the accounts forest. These are the containers that hold the user accounts you want to administer using Exchange Resource Forest Management.

Optionally, view or change policy settings.

To link the Policy Object to an organizational unit or domain

  1. In the Active Roles console tree, select Configuration | Policies | Administration | Builtin.
  2. In the details pane, right-click the Built-in Policy - ERFM - Mailbox Management Policy Object, and then click Policy Scope.
  3. In the dialog box that appears, click Add, and then select the desired organizational unit or domain in the accounts forest.

Out of the box, the Policy Object has all policy settings configured. You can use the Active Roles console to view or change policy settings as needed.

To view or change policy settings

  1. Double-click the Built-in Policy - ERFM - Mailbox Management Policy Object.
  2. In the Properties dialog box that appears, go to the Policies tab, and double-click the entry in the list of policies.
  3. In the Properties dialog box that appears, do any of the following:
    1. On the Shadow Account tab, view or change the container and default description for new shadow accounts.
    2. On the Master Account tab, view or change the attribute to store a reference to shadow account.
    3. On the Synced tab, view or change the list of synchronized properties.
    4. On the Substituted tab, configure your custom list of substituted properties in addition to the default list.
    5. On the Back-synced tab, view or change the list of back-synchronized properties.

For detailed description of the policy settings, see Policy settings earlier in this document.

Upgrade from an earlier version

Deploying the Solution > Upgrade from an earlier version

You can seamlessly upgrade from Quick Connect for Exchange Resource Forests to Exchange Resource Forest Management, as follows.

  1. Inspect your current configuration of Quick Connect for Exchange Resource Forests, and note down the existing policy settings such as:
    • The container for new shadow accounts, identified by the Default Mailbox OU policy parameter.
    • The default description for new shadow accounts, identified by the Shadow account description policy parameter.
    • The attribute to store a reference to shadow account, identified by the Attribute to store back link policy parameter.
    • The list of synchronized properties, identified by the Synchronized Attributes List policy parameter.
    • The custom list of substituted properties (if any)), identified by the Substituted Attributes List policy parameter.
    • The list of back-synchronized properties, identified by the Back-synchronized attributes list policy parameter.

For instructions on how to access policy parameters, see the “Set Up and Apply the Policy Objects” topic in the Quick Connect for Exchange Resource Forests Administrator Guide.

  1. Uninstall the earlier version of the ERFM add-on from the system.

NOTE: If ERFM (Exchange Resource Forest Management) is installed on the Active Roles 6.x version, it must be uninstalled before installing Active Roles 7.1, as ERFM is now part of the product. Failure to uninstall ERFM may result in conflicts and issueseplace this text with a description of a feature that is noteworthy.
  1. Upgrade to Active Roles version 7.2. For upgrade instructions, see the Active Roles 7.2 Quick Start Guide.
  2. Adjust the policy settings in the Exchange Resource Forest Management Policy Object to match the settings you noted down in Step 1, and then link that Policy Object to the containers that hold the master accounts you managed using Quick Connect for Exchange Resource Forests. For instructions on how to configure and link that Policy Object, see Applying the Policy Object earlier in this document.

After you have performed these steps, Exchange Resource Forest Management recognizes the existing master accounts, enabling Active Roles to manage their linked mailboxes in the same way as when using Quick Connect for Exchange Resource Forests.

To expedite the recognition of the existing master accounts, you might execute the Exchange Resource Forest Management scheduled task without waiting for its scheduled run: In the Active Roles console, navigate to the Configuration/Server Configuration/Scheduled Tasks/Builtin container, right-click the task ERFM - Mailbox Management in that container, point to All Tasks, and then click Execute.

Examples of Use

Examples of Use

Configuration

Examples of Use > Configuration

The examples in this chapter assume the following configuration of Exchange Resource Forest Management:

  • Accounts is the name of an organizational unit in a managed domain of an accounts forest.
  • Mailboxes is the name of an organizational unit in a managed domain of the Exchange forest.
  • The the Built-in Policy - ERFM - Mailbox Management Policy Object is linked to the Accounts OU.
  • In the policy settings, the Mailboxes OU is selected as the container for new shadow accounts. Other policy settings are not modified so they have the default values.

In other words, the Accounts OU holds user accounts that are under the control of Exchange Resource Forest Management; the Mailboxes OU is intended to hold new shadow user accounts. Once a user account in the Accounts OU is mailbox-enabled, a shadow account along with a linked mailbox is created in the Mailboxes OU and associated with the user account from the Accounts OU, to provide access to the mailbox.

Under these assumptions, the following examples are considered:

  • Creating a user account in the Accounts OU, with the option to create a mailbox for that user
  • Creating a mailbox for an existing account from the Accounts OU
  • Making changes to a mailbox-enabled user account in the Accounts OU, with the changes automatically applied to the shadow account in the Mailboxes OU
  • Deprovisioning a mailbox-enabled user account in the Accounts OU, with the shadow account automatically deprovisioned in the Mailboxes OU
Related Documents