Chat now with support
Chat with Support

Identity Manager 8.2 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange environments Synchronizing a Microsoft Exchange environment
Setting up initial synchronization with Microsoft Exchange Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Basic data for managing a Microsoft Exchange environment Microsoft Exchange structure Microsoft Exchange mailboxes Microsoft Exchange mail users and Microsoft Exchange mail contacts Microsoft Exchange mail-enabled distribution groups Microsoft Exchange dynamic distribution groups Microsoft Exchange mail-enabled public folders Extensions for supporting Exchange hybrid environments Error handling Configuration parameters for managing a Microsoft Exchange environment Default project template for Microsoft Exchange Processing methods of Microsoft Exchange system objects Microsoft Exchange connector settings

Microsoft Exchange mailbox permission: Full access

Further configuration of mailbox permissions is required in the synchronization project. For more information, see Customizing synchronization projects for mailbox permissions.

The Full Access mailbox permission allows a user to log in to a mailbox and view and edit the contents of the mailbox. Mailbox permissions for sending notifications from this mailbox must be granted separately.

To customize send permissions for mailboxes

  1. In the Manager, select the Active Directory > Mailboxes category.

  2. Select a mailbox in the result list.

  3. Select the Assign full access permissions task.

  4. Select the table which contains the user from the menu at the top of the form. You have the following options:

    • Active Directory user accounts

    • Active Directory groups

  5. In the Add assignments pane, assign users.

    TIP: In the Remove assignments pane, you can remove assigned users.

    To remove an assignment

    • Select the user and double-click .

  6. Save the changes.

Related topics

Assigning extended properties to Microsoft Exchange mailbox

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a mailbox

  1. In the Manager, select the Active Directory > Mailboxes category.

  2. Select a mailbox in the result list.

  3. Select Assign extended properties.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.

For more information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Microsoft Exchange deactivating mailboxes

How you deactivate mailboxes depends on the type of mailbox administration. When you deactivate a mailbox, the Do not display in address list option is enabled and the mailbox is no longer shown in address books.


Mailboxes are managed through account definitions.

Mailboxes managed through account definitions are disabled when the employee is temporarily or permanently disabled. The behavior depends on the mailbox's manage level. Mailboxes with the Full managed manage level are deactivated depending on the account definition settings. Use the EXOMailbox.IsLocked column to configure the behavior for mailboxes with another manage level.


Mailboxes are not managed through account definitions.

The behavior depends on the QER | Person | TemporaryDeactivation configuration parameter.

  • If the configuration parameter is set, mailboxes for an employee are disabled if the employee is temporarily or permanently disabled.

  • If the configuration parameter is not set, the employee data does not have any effect on the linked mailboxes.

To lock a mailbox when the configuration parameter is not set

  1. In the Manager, select the Active Directory > Mailboxes category.

  2. Select a mailbox in the result list.

  3. Select the Change main data task.

  4. Set the Mailbox is disabled option on the General tab.

  5. Save the changes.

Mailboxes not linked to employees.

To lock a mailbox, which is not linked to an employee

  1. In the Manager, select the Active Directory > Mailboxes category.

  2. Select a mailbox in the result list.

  3. Select the Change main data task.

  4. Set Mailbox is disabled on the General tab.

  5. Save the changes.
Related topics

Deleting and restoring Microsoft Exchange mailboxes

NOTE: As long as an account definition for an employee is valid, the employee retains the mailbox that was created by it. If the account definition assignment is removed, the mailbox created through this account definition, is deleted.

To delete a mailbox

  1. In the Manager, select the Active Directory > Mailboxes category.

  2. Select a mailbox in the result list.

  3. Click in the result list.

  4. Confirm the security prompt with Yes.

To restore a mailbox

  1. In the Manager, select the Active Directory > Mailboxes category.

  2. Select a mailbox in the result list.

  3. Click in the result list.

When you delete a mailbox, the Do not display in address lists option is enabled and the mailbox is no longer shown in address books. The settings Use default database values, Max. send size [KB], Max. receiving size [KB], Prohibit transfer above [KB], and Prohibit send at [KB] are reset, so that no email messages can be sent or received with this mailbox.

Configuring deferred deletion

By default, mailboxes are finally deleted from the database after 30 days. During this period you have the option to reactivate the mailboxes. A restore is not possible once deferred deletion has expired.

In the Designer, you can set an alternative delay on the EX0MailContact table. For more information on configuring the deferred deletion, refer to the One Identity Manager Configuration Guide.

Related topics

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating