Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange Environments Setting up Microsoft Exchange Synchronization Base Data for Managing Microsoft Exchange Microsoft Exchange Structure Mailboxes E-Mail Users and E-Mail Contacts Mail-enabled Distribution Groups Dynamic Distribution Group Mail-Enabled Public Folder Extensions for Supporting Exchange hybrid Troubleshooting Appendix: Configuration Parameters for Managing a Microsoft Exchange Environment Appendix: Default Project Template for Microsoft Exchange

Assigning Account Definitions to a Target System

The following prerequisites must be fulfilled if you implement automatic assignment of user accounts and employees resulting in administered user accounts (state "Linked configured"):

  • The account definition is assigned to the target system.
  • The account definition has the default manage level.

User accounts are only linked to the employee (state "Linked") if no account definition is given. This is the case on initial synchronization, for example.

To assign the account definition to a target system

  1. Select the domain in the category Active Directory | Domains.
  2. Select Change master data in the task view.
  3. Enter the account definition on the Exchange tab.
    1. Select the account definition for mailboxes from Mailbox definition (initial).
    2. Select the account definition for contacts from E-mail contact definition (initial).
    3. Select the account definition for e-mail users from E-mail user definition (initial).
  4. Save the changes.
Related Topics

Deleting an Account Definition

You can delete account definitions if they are not assigned to target systems, employees, hierarchical roles or any other account definitions.

NOTE: If an account definition is deleted, the user accounts arising from this account definition are deleted.

To delete an account definition

  1. Remove automatic assignments of the account definition from all employees.
    1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Change master data in the task view.
    4. Disable the option Automatic assignment to employees on the General tab.
    5. Save the changes.
  2. Remove direct assignments of the account definition to employees.
    1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Assign to employees in the task view.
    4. Remove employees from Remove assignments.
    5. Save the changes.
  3. Remove the account definition's assignments to departments, cost centers and locations.
    1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Assign organizations.
    4. Remove the account definition's assignments to departments, cost centers and locations in Remove assignments.
    5. Save the changes.
  4. Remove the account definition's assignments to business roles.
    1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Assign business roles in the task view.

      Remove business roles from Remove assignments.

    4. Save the changes.
  5. If the account definition was requested through the IT Shop, it must be canceled and removed from all IT Shop shelves. For more detailed information, see the One Identity Manager IT Shop Administration Guide.
  6. Remove the account definition assignment as required account definition for another account definition. As long as the account definition is required for another account definition, it cannot be deleted. Check all the account definitions.
    1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Change master data in the task view.
    4. Remove the account definition from the Required account definition menu.
    5. Save the changes.
  7. Remove the account definition's assignments to target systems.
    1. Select the domain in the category Active Directory | Domains.
    2. Select Change master data in the task view.
    3. Remove the assigned account definitions on the General tab.
    4. Save the changes.
  8. Delete the account definition.
    1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Click , to delete the account definition.

Target system managers

For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

Implementing Application Roles for Target System Managers
  1. The One Identity Manager administrator assigns employees to be target system managers.
  2. These target system managers add employees to the default application role for target system managers.

    The default application role target system managers are entitled to edit all Microsoft Exchange organizations in One Identity Manager.

  3. Target system managers can authorize more employees as target system managers, within their scope of responsibilities and create other child application roles and assign individual Microsoft Exchange organizations.
Table 15: Default Application Roles for Target System Managers
User Task

Target SystemClosed Managers

 

Target system managers must be assigned to the application role Target systems | Exchange or a sub application role.

Users with this application role:

  • Assume administrative tasks for the target system.
  • Create, change or delete target system objects, like user accounts or groups.
  • Edit password policies for the target system.
  • Prepare for adding to the IT Shop.
  • Configure synchronization in the Synchronization EditorClosed and defines the mapping for comparing target systems and One Identity Manager.
  • Edit the synchronization's target system types and outstanding objects.
  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

To initially specify employees to be target system administrators

  1. Log in to the Manager as One Identity Manager administrator (application role Base role | Administrators)
  2. Select the category One Identity Manager Administration | Target systems | Administrators.
  3. Select Assign employees in the task view.
  4. Assign the employee you want and save the changes.

To add the first employees to the default application as target system managers.

  1. Log yourself into the Manager as target system administrator (application role Target systems | Administrator).
  2. Select the category One Identity Manager Administration | Target systems | Exchange.
  3. Select Assign employees in the task view.
  4. Assign the employees you want and save the changes.

To authorize other employees as target system managers when you are a target system manager

  1. Login to the Manager as target system manager.
  2. Select the application role in the category Active Directory | Basic configuration data | Target system managers.
  3. Select Assign employees in the task view.
  4. Assign the employees you want and save the changes.

To define target system managers for individual Microsoft Exchange organizations.

  1. Login to the Manager as target system manager.
  2. Select the category Active Directory | Exchange system administration.
  3. Select Change master data in the task view.
  4. Select the application role on the General tab in the Target system manager menu.

    - OR -

    Click next to the Target system manager menu to create a new application role.

    • Enter the application role name and assign the parent application role Target system | Exchange.
    • Click OK to add the new application role.
  5. Save the changes.
  6. Assign the application role to employees, who are authorized to edit the in One Identity Manager.
Related Topics

Microsoft Exchange Structure

Microsoft Exchange Structure

Structure elements in Microsoft Exchange that are not server dependent, are matched by each Microsoft Exchange Server. This effects the organization, global address lists, offline address lists and folders. Double entries are avoided by running a check routine immediately before entry in the One Identity Manager database. Microsoft Exchange structure objects below server level are only matched by the respective server itself. This effects mailbox databases and public folder databases.

The names and frequency of the structure objects listed below can vary depending on the version of the Microsoft Exchange server in use.

NOTE: The system information for the Microsoft Exchange structure is loaded into the One Identity Manager database during data synchronization. It is not possible to customize this system information in One Identity Manager due to the complex dependencies and far reaching effects of changes.

Detailed information about this topic
Related Documents