The policy allows you to specify a text to use as the default description for new shadow accounts that Active Roles creates when creating linked mailboxes managed by Exchange Resource Forest Management. Active Roles writes that text to the Description property of every new shadow account.
By default, the policy designates the adminDescription attribute of the master account for storing the GUID of the shadow account, and allows you to choose a different attribute for that purpose. Exchange Resource Forest Management uses this attribute to identify the shadow account (and, consequently, the linked mailbox) when managing a given master account. The policy causes Active Roles to set this attribute on the master account when creating the linked mailbox.
The policy defines a list of properties to copy from the master account to the shadow account. These properties are referred to as synchronized properties. When you use Active Roles to set or change a synchronized property of a master account, the policy causes Active Roles to set or change the value of that property on both the master account and shadow account.
In addition, Exchange Resource Forest Management provides a scheduled task that copies synchronized properties from every managed master account to the corresponding shadow account. The task runs on a scheduled basis to ensure that each of the synchronized properties of the shadow account has the same value as the corresponding property of the master account. If a synchronized property of the shadow account has changed for whatever reason, Active Roles changes that property back to the value found on the master account. For further details, see Scheduled Task later in this document. The following table provides the default list of synchronized properties. You can configure the policy to synchronize additional properties or remove individual properties from synchronization.
|
c (Country Abbreviation) co (Country) company (Company) countryCode (Country-Code) department (Department) displayName (Display Name) givenName (First Name) homePhone (Home Phone) initials (Initials) l (City) mobile (Mobile Number) otherTelephone (Phone Number (Others)) |
physicalDeliveryOfficeName (Office Location) postalCode (ZIP/Postal Code) postOfficeBox (Post Office Box) sAMAccountName (Logon Name (pre-Windows 2000)) sn (Last Name) st (State/Province) streetAddress (Street Address) telephoneNumber (Telephone Number) title (Job Title) url (Web Page Address (Others)) wWWHomePage (Web Page Address)
|
The policy defines a list of properties that appear on the master account but reflect the properties of the linked mailbox or shadow account. These properties are referred to as substituted properties. When you use Active Roles to view properties of a master account, the policy causes Active Roles to retrieve the values of the master account’s substituted properties from the shadow account. When you use Active Roles to set or change a substituted property of a master account, the policy causes Active Roles to set or change the value of that property on the shadow account.
The policy adds all the Exchange recipient properties to the default list of substituted properties, which causes Active Roles to operate as if master accounts have those properties although the accounts forest does not have Exchange Server installed (and, therefore, does not have the Active Directory schema extended with Exchange recipient properties).
The policy does not allow you to narrow down the list of substituted properties. However, you can specify your custom list of substituted properties in addition to the default list. If you do so, the resulting list of substituted properties includes all properties from both the default list and your custom list.
|
adminDisplayName altRecipient altRecipientBL authOrig authOrigBL autoReply autoReplyMessage deletedItemFlags delivContLength deliverAndRedirect deliveryMechanism delivExtContTypes displayNamePrintable dLMemDefault dLMemRejectPerms dLMemSubmitPerms dnQualifier edsaAdminGroup edsaAllExchangeTasks edsaCreateMsExchMailbox edsaDeleteEmail edsaDeleteMailbox edsaEstablishEmail edsaEstablishGroupEmail edsaExchangeTasksAvailable edsaHideMembership edsaHomeMDB edsaHomeMTA edsaMailboxSecurityDescriptor edsaMoveMailbox edsaMsExchMixedMode edsaRemoveAllMsExchAttributes edsaUnhideMembership edsvaExchOrgVersion edsvaExchServerVersion edsva-MsExch-AcceptMessagesOnlyFrom edsva-MsExch-ActiveMailboxServerName edsva-MsExch-AddAdditionalResponse edsva-MsExch-AdditionalResponse edsva-MsExch-AddNewRequestsTentatively edsva-MsExch-AddOrganizerToSubject edsva-MsExch-AddressBookPolicyDN edsva-MsExch-AllBookInPolicy edsva-MsExch-AllowConflicts edsva-MsExch-ProtocolSettings-IMAP4-Enable edsva-MsExch-ProtocolSettings-MAPI-Enable edsva-MsExch-ProtocolSettings-OMA-Enable edsva-MsExch-ProtocolSettings-OWA-Enable edsva-MsExch-ProtocolSettings-POP3-Config edsva-MsExch-ProtocolSettings-POP3-Enable edsva-MsExch-ProtocolSettings-UpToDateNotifications-Enable edsva-MsExch-RejectMessagesFrom edsva-MsExch-RemoveForwardedMeetingNotifications edsva-MsExch-RemoveMoveRequest edsva-MsExch-RemoveOldMeetingMessages edsva-MsExch-RemovePrivateProperty edsva-MsExch-RequestInPolicy-DN edsva-MsExch-RequestOutOfPolicy-DN edsva-MsExch-RequireSenderAuthentication edsva-MsExch-ResourceCapacity edsva-MsExch-ResourceCapacity edsva-MsExch-ResourceCustomProperties edsva-MsExch-ResourceDelegates-DN edsva-MsExch-RetentionComment edsva-MsExch-RetentionHoldEnabled edsva-MsExch-RetentionPolicy-DN edsva-MsExch-RetentionUrl edsva-MsExch-RoleAssignmentPolicyDN edsva-MsExch-ScheduleOnlyDuringWorkHours edsva-MsExch-SharedMailboxUsers edsva-MsExch-SharingPolicyDN edsva-MsExch-StartDateForRetentionHold edsva-MsExch-TentativePendingApproval edsva-MsExch-UMAnonymousCallersCanLeaveMessages edsva-MsExch-UMAutomaticSpeechRecognitionEnabled edsva-MsExch-UM-CallAnsweringRulesEnabled edsva-MsExch-UM-CallsFromNonUsersAllowed edsva-MsExch-UM-DialPlanDN edsva-MsExch-UM-ExtensionNumbers edsva-MsExch-UM-FaxEnabled edsva-MsExch-UM-IsEnabled edsva-MsExch-UM-LockedOut edsva-MsExch-UM-MailboxPolicyDN edsva-MsExch-UM-OperatorExtensionNumber edsva-MsExch-UM-PIN edsva-MsExch-UM-PINResetOnFirstLogon edsva-MsExch-UM-SIPAddress edsvaSendAsTrustees extensionAttribute10 extensionAttribute11 extensionAttribute12 msExchHideFromAddressLists msExchHomeServerName msExchIMACL msExchIMAddress msExchIMAPOWAURLPrefixOverride msExchIMMetaPhysicalURL msExchIMPhysicalURL msExchIMVirtualServer msExchInconsistentState msExchMailboxFolderSet msExchMailboxGuid msExchMailboxSecurityDescript or msExchMailboxUrl msExchMasterAccountSid msExchMobileMailboxPolicyLink msExchOmaAdminExtendedSettings msExchOmaAdminWirelessEnable msExchOriginatingForest msExchPfRootUrl msExchPoliciesExcluded msExchPoliciesIncluded msExchPolicyEnabled msExchPolicyOptionList msExchPreviousAccountSid msExchProxyCustomProxy msExchQueryBaseDN msExchRecipLimit msExchRequireAuthToSendTo msExchResourceGUID msExchResourceProperties |
edsva-MsExch-AllowRecurringMeetings edsva-MsExch-AllRequestInPolicy edsva-MsExch-AllRequestOutOfPolicy edsva-MsExch-ApplyEmailAddressPolicy edsva-MsExch-ArchiveMailboxDatabase edsva-MsExch-ArchiveMailboxEnabled edsva-MsExch-ArchiveMailboxName edsva-MsExch-ArchiveMailboxQuota edsva-MsExch-ArchiveMailboxWarningQuota edsva-MsExch-AutoReplyExternalAudience edsva-MsExch-AutoReplyExternalMessage edsva-MsExch-AutoReplyInternalMessage edsva-MsExch-AutoReplyState edsva-MsExch-BookingWindowInDays edsva-MsExch-BookInPolicy-DN edsva-MsExch-BypassModerationFor edsva-MsExch-ConflictPercentageAllowed edsva-MsExch-DeleteAttachments edsva-MsExch-DeleteComments edsva-MsExch-DeleteNonCalendarItems edsva-MsExch-DeleteSubject edsva-MsExch-EnableArchiveMailbox edsva-MsExch-EnableCalendarAttendant edsva-MsExch-EnableResourceBookingAttendant edsva-MsExch-EndDateForRetentionHold edsva-MsExch-EnforceSchedulingHorizon edsva-MsExch-ForwardRequestsToDelegates edsva-MsExch-LitigationHoldEnabled edsva-MsExch-MailboxItemsTotal edsva-MsExch-MailboxLastLoggedOnBy edsva-MsExch-MailboxSize edsva-MsExch-MaximumConflictInstances edsva-MsExch-MaximumDurationInMinutes edsva-MsExch-MemberDepartRestriction edsva-MsExch-MemberJoinRestriction edsva-MsExch-ModeratedBy edsva-MsExch-ModerationEnabled edsva-MsExch-ModerationNotificationSending edsva-MsExch-MoveRequestStatus edsva-MsExch-OrganizerInfo edsva-MsExch-ProcessExternalMeetingMessages edsva-MsExch-ProtocolSettings-ActiveSync-Enable edsva-MsExch-ProtocolSettings-ActiveSync-PolicyDN edsva-MsExch-ProtocolSettings-IMAP4-Config enabledProtocols expirationTime extensionAttribute1 extensionAttribute13 extensionAttribute14 extensionAttribute15 extensionAttribute2 extensionAttribute3 extensionAttribute4 extensionAttribute5 extensionAttribute6 extensionAttribute7 extensionAttribute8 extensionAttribute9 extensionData folderPathname formData forwardingAddress garbageCollPeriod heuristics homeMDB homeMTA importedFrom internetEncoding language languageCode legacyExchangeDN mailNickname mAPIRecipient mDBOverHardQuotaLimit mDBOverQuotaLimit mDBStorageQuota mDBUseDefaults msExchADCGlobalNames msExchALObjectVersion msExchConferenceMailboxBL msExchControllingZone msExchCustomProxyAddresses msExchExpansionServerName msExchFBURL msExchTUIPassword msExchTUISpeed msExchTUIVolume msExchUnmergedAttsPt msExchUseOAB msExchUserAccountControl msExchVoiceMailboxID oOFReplyToOriginator pOPCharacterSet pOPContentFormat preferredDeliveryMethod protocolSettings proxyAddresses publicDelegates publicDelegatesBL queryPolicyBL replicatedObjectVersion replicationSensitivity replicationSignature reportToOriginator reportToOwner securityProtocol serverReferenceBL showInAddressBook submissionContLength targetAddress textEncodedORAddress unauthOrig unmergedAtts |
NOTE:
function onPostCreate($Request)
{
$userDN=$Request.DN
$userObject=Get-QADObject $userDN -IncludeAllProperties
Set-QADObject $userDN -ObjectAttributes @{mail=$userObject.edsaUPNPrefix+"@<domain>"} -proxy
}
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
