Chat now with support
Chat with Support

Identity Manager 9.1.1 - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Configuration parameters for managing an Exchange Online environment

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 23: Configuration parameters for managing an Exchange Online environment
Configuration parameters Meaning

TargetSystem | AzureAD | ExchangeOnline

Preprocessor relevant configuration parameter for controlling database model components for Exchange Online target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | AzureAD | ExchangeOnline | Accounts

Allows configuration of recipient data.

TargetSystem | AzureAD | ExchangeOnline | Accounts |
MailTemplateDefaultValues

Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used.

TargetSystem | AzureAD | ExchangeOnline | DefaultAddress

Default email address of the recipient for notifications about actions in the target system.

TargetSystem | AzureAD | ExchangeOnline | MaxFullsyncDuration

Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated.

QER | ITShop | AutoPublish | O3EDL

Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | AutoPublish | O3EDL | ExcludeList

List of all Exchange Online mail-enabled distribution groups that must not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | AutoPublish | O3EUnifiedGroup

Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList

List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Default project template for Exchange Online

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

The project template uses mappings for the following schema types.

Table 24: Exchange Online schema type mapping

Schema type in Exchange Online

Table in the One Identity Manager Schema

DistributionGroup

O3EDL

DynamicDistributionGroup

O3EDynDL

Mailbox

O3EMailbox

MailContact

O3EMailContact

MailPublicFolder

O3EMailPublicFolder

MailUser

O3EMailUser

MobileDeviceMailboxPolicy

O3EMobileDeviceMBPolicy

OWAMailboxPolicy

O3EOwaMailboxPolicy

PublicFolder

O3EPublicFolder

RetentionPolicy

O3ERetentionPolicy

RoleAssignmentPolicy

O3ERoleAssignmentPolicy

SharingPolicy

O3ESharingPolicy

UnifiedGroup

O3EUnifiedGroup

Editing Exchange Online system objects

The following table describes permitted editing methods of Exchange Online schema types and names restrictions required by system object processing.

Adding and deleting user mailboxes can only be done in One Identity Manager through assignment subscriptions in Azure Active Directory. This creates a mailbox that does not appear in the database until it has been synchronized. Afterward, it can be provisioned automatically in Exchange Online.

Table 25: Methods available for editing schema types
Type Read Add Delete Refresh

Public folder (PublicFolder)

Yes

No

No

No

Mail-enabled public folder (MailPublicFolder)

Yes

No

No

No

Policy for role assignment (RoleAssignmentPolicy)

Yes

No

No

No

Mailbox policy for mobile devices (MobileDeviceMailboxPolicy)

Yes

No

No

No

Sharing policy (SharingPolicy)

Yes

No

No

No

Retention policy (RententionPolicy)

Yes

No

No

No

Outlook Web App mailbox policy (OWAMailboxPolicy)

Yes

No

No

No

Mail user (MailUser)

Yes

Yes

Yes

Yes

Mail contact (MailContact)

Yes

Yes

Yes

Yes

Mailbox: resource mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: shared mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: user mailbox (Mailbox)

Yes

No

No

Yes

Mailbox: calendar settings (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: statistics (Mailboxstatistics)

Yes

Yes

Yes

Yes

Mail-enabled distribution mailbox (DistributionGroup)

Yes

Yes

Yes

Yes

Dynamic distribution group (DynamicDistributionGroup)

Yes

No

Yes

Yes

Office 365 group (UnifiedGroup)

Yes

Yes

Yes

Yes

Exchange Online connector settings

The following settings are configured for the system connection with the Exchange Online connector.

Table 26: Exchange Online connector settings

Setting

Meaning

User name

Fully qualified name (FQDN) of the user account and password for logging in to Exchange Online.

Example:

<user>@<domain.com>

sync.user@yourorganisation.onmicrosoft.com

Variable: CP_Username

Password

The user account’s password.

Variable: CP_Password

Use local server time for the revision

Revision filtering data

If the value is True, the local server time of the server is used for revision filtering. (default) This makes it unnecessary to load target system object for determining the revision. If the value is false, the change time stamp of the underlying Azure Active Directory objects are used for revision filtering.

Variable: CP_UseLocalServerTimeAsRevision

Max. time difference (local/remote) in minutes

Revision filtering data

Defines the maximum time difference in minutes between the synchronization server and the Exchange Online server. The default value is 60 minutes. If the time difference is more than 60 minutes, alter the value.

Variable: CP_LocalServerRevisionMaxDifferenceInMinutes

Max. concurrent connections

Maximum number of connections that can be used concurrently. The value must be between 1 and 20.

Default value: 2

Variable: CP_ConnectionPoolSize

Definition of Windows PowerShell commands

You can use this setting to adjust the definition used by the connector in order to convert inputs and outputs between the Exchange Online Cmdlets and the schema of the Synchronization Engine.

IMPORTANT: You should only make changes to the connector definition with the help of support desk staff. Changes to this setting will have wide ranging effects on synchronization and must be made carefully.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating