Chat now with support
Chat with Support

Identity Manager 8.0.2 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange Environments Setting up Microsoft Exchange Synchronization Base Data for Managing Microsoft Exchange Microsoft Exchange Structure Mailboxes E-Mail Users and E-Mail Contacts Mail-enabled Distribution Groups Dynamic Distribution Group Mail-Enabled Public Folder Extensions for Supporting Exchange hybrid Troubleshooting Appendix: Configuration Parameters for Managing a Microsoft Exchange Environment Appendix: Default Project Template for Microsoft Exchange

Advice for Migrating Mailboxes

You cannot move mailboxes between local Microsoft Exchange and Exchange Online with One Identity Manager. Microsoft offers migration scenarios for moving mailboxes. For detailed information, see your Microsoft documentation.

Synchronizing Microsoft Exchange after moving a mailbox from local Microsoft Exchange to Exchange Online in One Identity Manager results in:

  • A remote mailbox being created
  • The local mailbox being marked as 'outstanding'

After successful migration, delete outstanding mailboxes in One Identity Manager.

  1. Check whether the mailbox was migrated and whether the Active Directory user account is connected with the local mailbox and a remote mailbox.

    Migrated mailboxes are displayed in the category Active Directory | Troubleshooting | Mailboxes migrated to Exchange Online.

    • Select the mailbox and switch to the Active Directory user account overview. Here you can see whether the user account is connected with a local mailbox and a remote mailbox.

  2. Delete the outstanding mailbox.

If you apply an account definition to local mailboxes, create a new account definition for remote mailboxes.

  • If the mailbox account definition currently in use, expects an account definition for Active Directory user accounts, enter this account definition as prerequisite for the remote mailbox account definition.

    IMPORTANT: The remote mailbox account definition may not be distributed automatically to everybody. Otherwise One Identity Manager creates new remote mailboxes.

Example of Exchanging Account Definitions for Migrated Mailboxes

The following is an example explaining how you can replace account definitions with migrated mailboxes

NOTE: The workflows described here are only for orientation. Always take your customized workflows into account while replacing.

You always required a custom migration scenario if the account definitions are requested through the IT Shop.

Example 1

Local mailboxes are managed through an account definition. This account definition requires an account definition for Active Directory user accounts.

The account definition is directly assigned to employees.

After migration, remote mailboxes are also managed through account definitions.

  1. Create an account definition for remote mailboxes. Enter the Active Directory user account's account definition as prerequisite.

  2. After migrating a local mailbox.
    1. Ensure that the remote mailbox in One Identity Manager exists and is connected to the Active Directory user account.
    2. Delete the outstanding local mailbox in One Identity Manager.

    3. Assign the account definition for remote mailboxes to the employee.

    4. Remove the account definition for local mailboxes from the employee.

Example 2

Local mailboxes are managed through an account definition. This account definition requires an account definition for Active Directory user accounts.

The account definition is inherited by the employees through it's department relation.

After migration, remote mailboxes are also managed through account definitions.

  1. Create a parallel structure to the department and assign the account definition for local mailboxes to this parallel structure.

    The purpose of this parallel structure is to retain the local mailboxes' account definition assignment to an employee until the mailbox has been successfully migrated.

    • Configure a dynamic role for this parallel structure, to include all employees who:

      • Belong to the department and do not have a remote mailbox.

        or

      • Belong to the department and own a remote mailbox and an outstanding local mailbox.

  2. After completing DBQueue Processor processing, you can remove the account definition for local mailboxes from the department.

  3. Create an account definition for remote mailboxes. Enter the Active Directory user account's account definition as prerequisite.

  4. Create another parallel structure and assign the account definition for remote mailboxes to it..

    The purpose of this parallel structure is to assign the remote mailboxes' account definition to employees after mailbox migration and to retain the assignment of the required account definition for Active Directory.

    • Configure a dynamic role for this parallel structure, to include all employees who:

      • Belong to the department and own a remote mailbox.

  5. Delete the outstanding mailbox after migrating the local mailbox successfully.

  6. After migrating all the department's local mailboxes, you can:

    1. Assign a department to the remote mailboxes' account definition.

    2. Remove the parallel structure.

Editing Remote Mailboxes

To edit a mailbox

  1. Select the category Active Directory | Remote mailboxes in the Manager.
  2. Select the remote mailbox in the result list and run the task Change master data.
  3. Edit the remote mailbox's master data.
  4. Save the changes.

NOTE: After creating a remote mailbox, a corresponding mailbox is not added in Exchange Online until the next time you synchronize your Azure Active Directory tenant in Azure Active Directory Connect. Up to this point, the mailbox is acknowledged in the local Microsoft Exchange environment but is not yet available for use.

NOTE: After new remote mailboxes of type "Remote user mailbox" have been created by Azure Active Directory or Exchange Online internal processes, an appropriate Exchange license must be assigned for resulting the Azure Active Directory user account,

To display remote mailboxes without Exchange licenses

  • Select the category Active Directory | Exchange system administrators | <organization> | Recipient configuration | Remote mailboxes | Remote user | Without assigned license in the Manager.

Related Topics

General Master Data of a Remote Mailbox

Enter the following data on the General tab:

Table 49: General Master Data of a Remote Mailbox
Property Description
Employee Employee using the mailbox. An employee is already entered if the mailbox was generated by an account definition. If you create the mailbox manually, you can select an employee in the menu.
Account definition

Account definition through which the mailbox was created.

Use the account definition to automatically populate mailbox master data and to specify a manage level for the mailbox. One Identity Manager finds the IT operating data of the assigned employee and uses it to populate the corresponding fields in the mailbox.

Note: The account definition cannot be changed once the mailbox has been saved.

Manage level

Manage level with which the mailbox is created. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.
Active Directory user account Active Directory user account for which this mailbox is created.
Exchange organization

Name of the Microsoft Exchange organization.

Canonical name Mailbox's canonical name. The canonical name is generated automatically.
Recipient type (detail) Type of recipient. The mailbox type is specified when a mailbox is added and cannot be changed afterward. The following are available: remote user mailbox, remote room mailbox and remote equipment mailbox.
Alias Unique alias for further identification of the mailbox.

User login name

User account login name. The user's login name is made up of the alias and the domain. User login names that are formatted like this correspond to the User Principal Name (UPN) in Active Directory.

Do not display in address list Specifies whether the mailbox is visible in address books. Set this option if you want to prevent the mailbox from being displayed in address books. This option applies to all address books.
Moderation enabled Specifies whether the mailbox is moderated. Enable this option if the mailbox is meant to be moderated. Use the task Assign moderators to specify moderators.
Sender authentication required Specifies whether authentication data is requested from senders. Set this option to prevent anonymous senders mailing to the mailbox.
Sending message to

Specifies how senders are notified when they send messages to moderated mailbox.

Table 50: Permitted Value
Value Meaning
Do not notify No message is sent.
Only notify senders in your exchange organization Only internal sender receive notification.
Notify all senders Internal and external sender receive notification.

Distinguished name

Mailbox's distinguished name.

Information about Remote Configuration

The following information about remote configuration is mapped on the Remote tab.

Property

Description

Azure Active Directory user account

Azure Active Directory user account identifier.

Exchange Online mailbox

Exchange Online mailbox identifier.

Recipient type

Type of recipient.

SMTP address

SMTP address of the mailbox assigned to this user.

Related Documents