Chat now with support
Chat with Support

Identity Manager 9.1.2 - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Post-processing outstanding objects

Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.

Outstanding objects:

  • Cannot be edited in One Identity Manager.

  • Are ignored by subsequent synchronizations.

  • Are ignored by inheritance calculations.

This means, all memberships and assignments remain intact until the outstanding objects have been processed.

Start target system synchronization to do this.

To post-process outstanding objects

  1. In the Manager, select the Azure Active Directory > Target system synchronization: Exchange Online category.

    The navigation view lists all the synchronization tables assigned to the Exchange Online target system type.

  2. On the Target system synchronization form, in the Table / object column, open the node of the table for which you want to post-process outstanding objects.

    All objects that are marked as outstanding are shown. The Last log entry and Last method run columns display the time at which the last entry was made in the synchronization log and which processing method was run. The No log available entry can mean the following:

    • The synchronization log has already been deleted.

      - OR -

    • An assignment from a member list has been deleted from the target system.

      The base object of the assignment was updated during the synchronization. A corresponding entry appears in the synchronization log. The entry in the assignment table is marked as outstanding, but there is no entry in the synchronization log.

    • An object that contains a member list has been deleted from the target system.

      During synchronization, the object and all corresponding entries in the assignment tables are marked as outstanding. However, an entry in the synchronization log appears only for the deleted object.

    TIP:

    To display object properties of an outstanding object

    1. Select the object on the target system synchronization form.

    2. Open the context menu and click Show object.

  1. Select the objects you want to rework. Multi-select is possible.

  2. Click on one of the following icons in the form toolbar to run the respective method.

    Table 6: Methods for handling outstanding objects

    Icon

    Method

    Description

    Delete

    The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account.

    Indirect memberships cannot be deleted.

    Publish

    The object is added to the target system. The Outstanding label is removed from the object.

    This runs a target system specific process that triggers the provisioning process for the object.

    Prerequisites:

    • The table containing the object can be published.

    • The target system connector has write access to the target system.

    Reset

    The Outstanding label is removed for the object.

  3. Confirm the security prompt with Yes.

NOTE: By default, the selected objects are processed in parallel, which speeds up the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.

Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.

To disable bulk processing

  • Disable the icon in the form's toolbar.

NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed. That means, the Connection is read-only option must not be set for the target system connection.

Adding custom tables to the target system synchronization

You must customize your target system synchronization to synchronize custom tables.

To add custom tables to target system synchronization

  1. In the Manager, select the Azure Active Directory > Basic configuration data > Target system types category.

  2. In the result list, select the Exchange Online target system type.

  3. Select the Assign synchronization tables task.

  4. In the Add assignments pane, assign custom tables to the outstanding objects you want to handle.

  5. Save the changes.
  6. Select the Configure tables for publishing task.

  7. Select the custom tables that contain the outstanding objects that can be published in the target system and set the Publishable option.

  8. Save the changes.
Related topics

Managing Exchange Online mail users and Exchange Online mail contacts through account definitions

In the default installation, after synchronizing, employees are automatically created for Exchange Online mail users and Exchange Online mail contacts. If an account definition for the Exchange Online organization is not known at the time of synchronization, mail users and mail contacts are linked to the employees. However, account definitions are not assigned. The mail users and mail contacts are therefore in a Linked state.

To manage mail users and mail contacts through account definitions, assign an account definition and a manage level.

To manage Exchange Online mail users and mail contacts through account definitions

  1. Create an account definition.

  2. Assign an account definition to the Azure Active Directory tenant.

  3. Assign the account definition and manage level to user accounts in linked status.

    1. In the Manager, select the Azure Active Directory > Mail users > Linked but not configured > <Azure Active Directory tenant> category.

      - OR -

      In the Manager, select the Azure Active Directory > Mail contacts > Linked but not configured > <Azure Active Directory tenant> category.

    2. Select the Assign account definition to linked accounts task.

Related topics

Troubleshooting

Synchronization Editor helps you to analyze and eliminate synchronization errors.

  • Simulating synchronization

    The simulation allows you to estimate the result of synchronization. This means you can, for example, recognize potential errors in the synchronization configuration.

  • Analyzing synchronization

    You can generate the synchronization analysis report for analyzing problems which occur during synchronization, for example, insufficient performance.

  • Logging messages

    One Identity Manager offers different options for logging errors. These include the synchronization log, the log file for One Identity Manager Service, the logging of messages with NLOG, and similar.

  • Reset start information

    If synchronization stopped unexpectedly, for example, because a server was not available, the start information must be reset manually. Only then can the synchronization be restarted.

For more information about these topics, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating