Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange environments Synchronizing a Microsoft Exchange environment
Setting up initial synchronization with Microsoft Exchange Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing a Microsoft Exchange environment Microsoft Exchange structure Microsoft Exchange mailboxes Microsoft Exchange mail users and Microsoft Exchange mail contacts Microsoft Exchange mail-enabled distribution groups Microsoft Exchange dynamic distribution groups Microsoft Exchange mail-enabled public folders Extensions for supporting Exchange hybrid environments Error handling Configuration parameters for managing a Microsoft Exchange environment Default project template for Microsoft Exchange Processing methods of Microsoft Exchange system objects Microsoft Exchange connector settings

Synchronizing a Microsoft Exchange environment

One Identity Manager supports synchronization with:

  • Microsoft Exchange 2013 with cumulative update 23

  • Microsoft Exchange 2016

  • Microsoft Exchange 2019 with cumulative Update 1

The One Identity Manager Service is responsible for synchronizing data between the One Identity Manager database and Microsoft Exchange.

Synchronization prerequisites
  • Synchronization of the Active Directory system is carried out regularly.

  • The Active Directory forest is declared in One Identity Manager.

  • Explicit Active Directory domain trusts are declared in One Identity Manager

  • Implicit two-way trusts between domains in an Active Directory forest are declared in One Identity Manager

  • User account with password and domain controller on the Microsoft Exchange client domain are entered to create linked mailboxes within an Active Directory resource forest topology

This sections explains how to:

  • Set up synchronization to import initial data from Microsoft Exchange domains in to the One Identity Manager database.

  • Adjust a synchronization configuration

  • Start and deactivate the synchronization.

  • Evaluate the synchronization results.

TIP: Before you set up synchronization with a Microsoft Exchange domain, familiarize yourself with the Synchronization Editor. For more information about this tool, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Setting up initial synchronization with Microsoft Exchange

The Synchronization Editor provides project templates that can be used to set up synchronization of Microsoft Exchange objects. You use these project templates to create synchronization projects with which you import the data from Microsoft Exchange into your One Identity Manager database. In addition, the required processes are created that are used for the provisioning of changes to target system objects from the One Identity Manager database into the target system.

To load Microsoft Exchange objects into the One Identity Manager database for the first time

  1. Prepare a user account with sufficient permissions for synchronization.

  2. One Identity Manager parts for managing Microsoft Exchange systems are available if the TargetSystem | ADS | Exchange2000 configuration parameter is set.

    • In the Designer, check if the configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

      NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.

  3. Install and configure a synchronization server and declare the server as a Job server in One Identity Manager.
  4. Check whether the domain trusts are entered correctly.

  5. Enter the data for creating linked mailboxes within a resource forest.

  6. Create a synchronization project with the Synchronization Editor.
Detailed information about this topic

Users and permissions for synchronizing with Microsoft Exchange

The following users are involved in synchronizing One Identity Manager with Microsoft Exchange.

Table 2: Users for synchronization
User Permissions

User for accessing Microsoft Exchange

You must provide a user account with at least the following authorizations for full synchronization of Microsoft Exchange objects with the supplied One Identity Manager default configuration.

  • Member of the View-only organization management role group

  • Member of the Public folder management role group

  • Member of the Recipient management role group

  • Security Group Creation and Membership role

    Create a new role group in Microsoft Exchange and assign the role and user account to this role group.

For more information about managing permissions in Microsoft Exchange, see the Microsoft documentation.

User for creating linked mailboxes

The user account is required for adding linked mailboxes. The user account requires read access in Active Directory.

One Identity Manager Service user account

The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files).

The user account must belong to the Domain users group.

The user account must have the Login as a service extended user permissions.

The user account requires permissions for the internal web service.

NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

In the default installation, One Identity Manager is installed under:

  • %ProgramFiles(x86)%\One Identity (on 32-bit operating systems)

  • %ProgramFiles%\One Identity (on 64-bit operating systems)

User for accessing the One Identity Manager database

The Synchronization default system user is provided to run synchronization using an application server.

Setting up the Microsoft Exchange synchronization server

All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

The One Identity Manager Service with the Microsoft Exchange connector must be installed on the synchronization server.

IMPORTANT: The Microsoft Exchange One Identity Manager connector uses Windows PowerShell to communicate with the Microsoft Exchange server. For communication, extra configuration is required on the synchronization server and the Microsoft Exchange server.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating