To create linked mailboxes in a Microsoft Exchange resource forest, you must declare the user account with which the linked mailboxes are going to be created as well as the Active Directory domain controller for each Active Directory client domain.
To edit master data for a domain
Property | Description |
---|---|
User (linked mailbox) | User account used to create linked mailboxes. |
Password |
User account password. |
Password confirmation | Confirmation of the user account password. |
DC (linked mailbox) | Active Directory Domain controller for create linked mailboxes. |
Use the Synchronization EditorOne Identity Manager tool for configuring target system synchronization. to configure synchronization between the One Identity Manager database and Microsoft Exchange. The following describes the steps for initial configuration of a synchronization project.
|
NOTE: Refer to the recommendations for setting up synchronization described in Recommendations for Synchronizing Microsoft Exchange. |
|
IMPORTANT: Each Microsoft Exchange environment should have its own synchronization project. |
After the initial configuration, you can customize and configure workflows within the synchronization project. Use the workflow wizard in the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor for this. The Synchronization Editor also provides different configuration options for a synchronization project.
|
IMPORTANT: It must be possible to reach Microsoft Exchange servers by DNS query for successful authentication. If the DNS cannot be resolved, the target system connection is refused. |
Have the following information available for setting up a synchronization project.
Data | Explanation | ||||||
---|---|---|---|---|---|---|---|
Microsoft Exchange version | One Identity Manager supports synchronization with Microsoft Exchange 2010, Service Pack 3 or later, Microsoft Exchange 2013, Service Pack 1 or later and Microsoft Exchange 2016. | ||||||
Server (fully qualified) |
Fully qualified name (FQDN) of the Microsoft Exchange server against which the synchronization server connects to access Microsoft Exchange objects. Example: Server.Doku.Testlab.dd | ||||||
User account and password for logging in |
Fully qualified name (FQDN) of the user account and password for logging in on the Microsoft Exchange. Example: user@domain.com domain.com\user Make a user account available with sufficient permissions. For more information, see Users and Permissions for Synchronizing with Microsoft Exchange. | ||||||
Synchronization server |
The One Identity Manager Service with the Microsoft Exchange connector must be installed on the synchronization server.
For more information, see Setting Up the Synchronization Server. | ||||||
One Identity Manager Database Connection |
SQL Server:
Oracle:
| ||||||
Remote connection server |
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. The remote connection server and the workstation must be in the same Active Directory domain. Remote connection server configuration:
The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.
For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide. |
|
NOTE: The following sequence describes how you configure a synchronization project if the Synchronization Editor is both:
Additional settings can be made if the project wizard is run in expert mode or is started directly from the Synchronization Editor. Follow the project wizard instructions through these steps. |
To set up initial synchronization project for Microsoft Exchange
|
NOTE: If synchronization is executed by an application server, connect the database through the application server. |
This starts the Synchronization Editor's project wizard.
In this case, set the option Connect using remote connection server and select, under Job server, the server you want to use for the connection.
|
NOTE: If you only know the IP address of the server, enter the IP address in Server and click DNS query. The server's fully qualified name is found and entered. |
A maximum 4 simultaneous connection are recommended. Synchronization tries to use this many connections. The number may not always be reached depending on the load. Warnings are given respectively.
A default timeout is defined for connecting. The timeout is 5 minutes long for the first connection and 30 seconds for all following connections. The connections are closed if the connection is idle for the duration.
To utilize HTTPS for establishing the connection, set Use SSL.
|
NOTE: Microsoft Exchange does not support this type of connection by default. You must configure support for HTTPS in your Microsoft Exchange. |
Property | Description |
---|---|
User name (user@domain) |
Fully qualified name (FQDN) of the user account for logging in. Example: user@domain.com domain.com\user |
Password | User account password. |
|
NOTE: Reenter all the connection data if you are not working with an encrypted One Identity Manager database and no synchronization project has been saved yet in the database. This page is not shown if a synchronization project already exists. |
Option | Meaning |
---|---|
Read-only access to target system. |
Specifies whether a synchronization workflow should be set up to initially load the target system into the One Identity Manager database. The synchronization workflow has the following characteristics:
|
Changes are also made to the target system. |
Specifies whether a provisioning workflow should be set up in addition to the synchronization workflow to initially load the target system. The provisioning workflow displays the following characteristics:
|
If the synchronization server is not declare as a job server in the One Identity Manager database yet, you can add a new job server.
The synchronization server is declared as job server for the target system in the One Identity Manager database.
|
NOTE: Ensure that this server is set up as the synchronization server after saving the synchronization project. |
This creates and allocates a default schedule for regular synchronization. Enable the schedule for regular synchronization.
The synchronization project is created, saved and enabled immediately.
|
NOTE: If the synchronization project is not going to be executed immediately, disable the option Activate and save the new synchronization project automatically.
In this case, save the synchronization project manually before closing the Synchronization Editor. |
|
NOTE: The target system connection data is saved in a variable set, which you can change in the Synchronization Editor under Configuration | Variables if necessary. |
To configure the content of the synchronization log
|
NOTE: Certain content create a lot of log data. The synchronization log should only contain the data necessary for error analysis and other evaluations. |
To synchronize on a regular basis
To start initial synchronization manually
SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.
To display a synchronization log
Logs for all completed synchronization runs are displayed in the navigation view.
An analysis of the synchronization is shown as a report. You can save the report.
To display a provisioning log.
Logs for all completed provisioning processes are displayed in the navigation view.
Select a log by double-clicking on it.
An analysis of the provisioning is show as a report. You can save the report.
The log is marked in color in the navigation view. This mark shows you the execution status of the synchronization/provisioning.
Synchronization logs are stored for a fixed length of time. The retention period is set in the configuration parameter "DPR\Journal\LifeTime" and its sub parameters.
To modify the retention period for synchronization logs
The following scenarios for synchronizing Microsoft Exchange are supported.
It is recommended on principal that you synchronize the Microsoft Exchange infrastructure including all Microsoft Exchange organization recipients.
The Microsoft Exchange infrastructure elements (server, address lists, policies, for example) and recipients (mailboxes, mail-enabled distribution groups, e-mail users, e-mail contacts) of the entire Microsoft Exchange organization are synchronized.
It is possible to synchronize Microsoft Exchange infrastructure and recipients separately if synchronization of the entire Microsoft Exchange organization is not possible due to the large number of recipients.
First the Microsoft Exchange infrastructure elements (server, address lists, policies, for example) are loaded. Then recipients (mailboxes, mail-enabled distribution groups, e-mail users, e-mail contacts) are synchronized from the given Active Directory domain in the Microsoft Exchange organization.
The following synchronization project configuration is recommended in this case:
|
NOTE: Use the Synchronization Editor |
Mailbox |
MailContact |
MailUser |
DistributionList |
DynamicDistributionList |
MailPublicFolder |
ActiveSyncMailboxPolicy |
DatabaseAvailabilityGroup |
MailboxDatabase |
ManagedFolderMailboxPolicy (Microsoft Exchange 2010) |
OfflineAddressBook |
Organization |
PublicFolder |
PublicFolderDatabase (Microsoft Exchange 2010) |
RetentionPolicy |
RoleAssingmentPolicy |
Server |
SharingPolicy |
AddressList |
GlobalAddressList |
ActiveSyncMailboxPolicy |
DatabaseAvailabilityGroup |
MailboxDatabase |
ManagedFolderMailboxPolicy (Microsoft Exchange 2010) |
OfflineAddressBook |
Organization |
PublicFolder |
PublicFolderDatabase (Microsoft Exchange 2010) |
RetentionPolicy |
RoleAssingmentPolicy |
Server |
SharingPolicy |
AddressList |
GlobalAddressList |
Mailbox |
MailContact |
MailUser |
DistributionList |
DynamicDistributionList |
MailPublicFolder |
|
NOTE: Take note of the following when setting up the connection:
|
Run a consistency check.
Activate the synchronization project.
|
IMPORTANT: Set up the synchronization schedules such that the Microsoft Exchange infrastructure is synchronized before Microsoft Exchange recipients. Several synchronization runs maybe necessary before all the data is synchronized depending on references between the Microsoft Exchange organization domains. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy