There are a number of features for synchronizing Exchange Online environments, which are described here.
Dependency resolution
By default, automatic synchronization step dependency resolution is turned off in the synchronization workflow. This reduces the number of calls required to Exchange Online. This can lead to unresolved references during synchronization that are handled in the maintenance phase at the end of synchronization.
Multiple organizations are not supported
Due to the dynamic number of used login accounts, variable sets cannot be used to parametrize the connection. For this reason, creating more base objects in one synchronization project is not supported.
Changing mailbox types in the Exchange Online portal
The default template for Exchange Online supports conversion of mailbox types as follows:
NOTE: In performing an unsupported change, for example, a room mailbox to a shared mailbox, the synchronization will mark the room mailbox as "missing" and fail to create the shared mailbox due to naming violations. This scenario can only be resolved manually.
NOTE: One Identity Manager does not support handling of mailbox types.
Synchronization of mailbox usage information
Synchronization of mailbox usage information is done in a separate synchronization step. Loading this information from Exchange Online is potentially very time consuming. Therefore, it make sense to create a separate workflow that includes a synchronization step for loading this data. You can run this workflow at longer intervals than the workflow without usage data.
The following usage information is synchronized:
| AssociatedItemCount |
Number of elements assigned to this mailbox. |
| DeletedItemCount |
Number of deleted elements. |
| DumpsterMessagesPerFolderCountReceiveQuota |
Maximum number of messages allowed in a folder in the "Recoverable items" folder. |
| DumpsterMessagesPerFolderCountWarningQuota |
Number of item a folder in the "Recoverable items" folder can contain before a warning is sent to the user. |
| ItemCount |
Number of messages in this mailbox (for example, email, calendar, or contacts) that are visible to the user. |
| LastLoggedOnUserAccount |
Name of the last logged on user. |
| LastLogOffTime |
Last log off time |
| LastLogonTime |
Last log on time |
| StorageLimitStatus |
Information about the current storage state with respect to the specified limits. |
| TotalDeletedItemSize |
Size of items in the "Recoverable Items" mailbox. |
| TotalItemSize |
Size of items in mailbox in KB. |
NOTE: The mailbox usage information is only available for users or shared mailboxes.
Number of external slots for the Job server configuration
Since the number of concurrent connections for Exchange Online is limited to three, you should use a dedicated Job server with a reduced number of external execution slots (not more then two). You will get an error message if to many connections are open at the same time.
You can set the number of connections for each connection parameter set and customize the connector definition. For more information, see Advanced settings for the Exchange Online connector.
Having used the Synchronization Editor to set up a synchronization project for initial synchronization of Exchange Online, you can use the synchronization project to load Exchange Online objects into the One Identity Manager database. When you manage mailboxes, email users, email contacts, mail-enabled distribution groups, and Office 365 groups with One Identity Manager, modifications are provisioned in the Exchange Online system.
You must customize the synchronization configuration in order to compare the One Identity Manager database with the Exchange Online regularly and to synchronize changes.
- You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.
- To specify which Exchange Online objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.
- Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.
IMPORTANT: As long as a synchronization process is running, you must not start another synchronization process for the same target system. This especially applies, if the same synchronization objects would be processed.
-
If another synchronization process is started with the same start up configuration, the process is stopped and is assigned Frozen status. An error message is written to the One Identity Manager Service log file.
-
Starting another synchronization process with different start up configuration that addresses same target system may lead to synchronization errors or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration.
For more detailed information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.
Detailed information about this topic
The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the master system during synchronization, you also require a workflow with synchronization in the direction of the Target system.
To create a synchronization configuration for synchronizing Exchange Online
-
Open the synchronization project in the Synchronization Editor.
- Check whether existing mappings can be used for synchronizing the target system. Create new maps if required.
- Create a new workflow with the workflow wizard.
This creates a workflow with Target system as its synchronization direction.
- Create a new start up configuration. Use the new workflow to do this.
- Save the changes.
-
Run a consistency check.
All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
-
Open the synchronization project in the Synchronization Editor.
-
Select the Configuration | Target system category.
- OR -
Select the Configuration | One Identity Manager connection category.
-
Select the General view and click Update schema.
- Confirm the security prompt with Yes.
This reloads the schema data.
To edit a mapping
-
Open the synchronization project in the Synchronization Editor.
-
Select the Mappings category.
-
Select a mapping in the navigation view.
Opens the Mapping Editor. For more detailed information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.
