AutoProvision
AutoProvision
The AutoProvision process creates a shadow account in the Exchange forest upon:
- Creation of a user in the accounts forest if the option to create a mailbox for that user is selected
- Execution of the Exchange task to create a mailbox for an existing user from the accounts forest
Then, the AutoProvision process creates a linked mailbox associated with that shadow account, designating the user from the accounts forest as the linked master account for that mailbox.
To maintain a link between the master account and shadow account, Exchange Resource Forest Management assigns the globally unique identifier (GUID) of the shadow account to a certain attribute of the master account (the adminDescription attribute by default).
Normally, the AutoProvision process creates a shadow account with the same name as the name of the user from the accounts forest. In case of a name conflict, a different name is used to ensure the uniqueness of the shadow account’s name.
Synchronize
Synchronize
The Synchronize process includes the following functions:
- Updating certain properties of shadow accounts based on changes to master accounts
- Substituting certain properties of master accounts with properties of shadow accounts
- Updating certain properties of master accounts based on changes to shadow accounts
Synchronized properties
Synchronized properties
When you update certain properties of a master account, Exchange Resource Forest Management updates those properties in both the master account and shadow account. These properties are referred to as synchronized properties.
Exchange Resource Forest Management performs synchronization of properties upon:
- Creation of shadow accounts
- Modification of master accounts
Thus, modifying personal or organization-related properties of a master account also results in updating those properties of the shadow account. This function ensures that changes to master accounts are properly reflected in the directory used by the Exchange messaging system. For the default list of synchronized properties, see Synchronized properties later in this document. You can configure Exchange Resource Forest Management to synchronize additional properties or remove individual properties from synchronization.
Substituted properties
Substituted properties
When you view or change certain properties of a master account in an accounts forest, Exchange Resource Forest Management redirects the retrieval or change request to the properties of the shadow account in the Exchange forest. Such properties are referred to as substituted properties.
Thus, modification of Exchange-related properties of a master account only results in updating the corresponding properties of the shadow account. This function ensures that administration of master accounts properly manipulates Exchange recipient properties in the Exchange forest.
The substituted properties behave as follows:
- When retrieving property values for a master account, Active Roles returns the property values of the shadow account linked to the master account.
- When modifying properties for a master account, Active Roles actually updates the properties of the shadow account linked to the master account.
For the default list of substituted properties, see Substituted properties later in this document. You can configure Exchange Resource Forest Management to extend that list.