Chat now with support
Chat with Support

Identity Manager 9.1.2 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange environments Synchronizing a Microsoft Exchange environment
Setting up initial synchronization with Microsoft Exchange Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing a Microsoft Exchange environment Microsoft Exchange structure Microsoft Exchange mailboxes Microsoft Exchange mail users and Microsoft Exchange mail contacts Microsoft Exchange mail-enabled distribution groups Microsoft Exchange dynamic distribution groups Microsoft Exchange mail-enabled public folders Extensions for supporting Exchange hybrid environments Error handling Configuration parameters for managing a Microsoft Exchange environment Default project template for Microsoft Exchange Processing methods of Microsoft Exchange system objects Microsoft Exchange connector settings

Extensions for creating linked mailboxes in a Microsoft Exchange resource forest

To create linked mailboxes in a Microsoft Exchange resource forest, you must declare the user account with which the linked mailboxes are going to be created as well as the Active Directory domain controller for each Active Directory Client domain.

To edit main data of a domain

  1. In the Manager, select the Active Directory > Domains category.

  2. Select the domain in the result list and run the Change main data task.

  3. On the Exchange tab, enter the following information.

    Table 4: Domain main data for creating linked mailboxes
    Property Description

    User (linked mailboxes)

    User account used to create linked mailboxes.

    Password

    The user account’s password.

    Confirmation

    Repeat the password of the user account.

    DC (linked mailboxes)

    Active Directory domain controller for creating linked mailboxes.

  4. Save the changes.
Related topics

Recommendations for synchronizing Microsoft Exchange environments

The following scenarios for synchronizing Microsoft Exchange are supported.

Scenario: synchronizing Microsoft Exchange infrastructure including all Microsoft Exchange organization recipients

It is recommended on principal that you synchronize the Microsoft Exchange infrastructure including all Microsoft Exchange organization recipients.

The Microsoft Exchange infrastructure elements (server, address lists, policies, for example) and recipients (mailboxes, mail-enabled distribution groups, mail users, mail contacts) of the entire Microsoft Exchange organization are synchronized.

  • Set up a synchronization project and use the Complete organization recipient scope.

For more information, see Creating a synchronization project for initial synchronization of a Microsoft Exchange environment.

Scenario: synchronizing Microsoft Exchange infrastructure and recipients of a select Active Directory domain in the Microsoft Exchange organization.

It is possible to synchronize Microsoft Exchange infrastructure and recipients separately if synchronization of the entire Microsoft Exchange organization is not possible due to the large number of recipients.

First the Microsoft Exchange infrastructure elements (server, address lists, policies, for example) are loaded. Then recipients (mailboxes, mail-enabled distribution groups, mail users, mail contacts) are synchronized from the given Active Directory domain in the Microsoft Exchange organization.

The following synchronization project configuration is recommended in this case:

NOTE: Use the Synchronization Editor expert mode for the following configurations.

  1. Set up the synchronization project for synchronizing the entire Microsoft Exchange infrastructure.
    • Select the recipient Complete organization.

    • Customize the synchronization workflow.

      • Disable synchronization steps of all schema types representing recipients. These are:

        • Mailbox

        • MailContact

        • MailUser

        • DistributionList

        • DynamicDistributionList

        • MailPublicFolder

      • Check that all schema types, not representing recipients, are synchronized. These are:

        • AddressBookPolicy

        • ActiveSyncMailboxPolicy

        • DatabaseAvailabilityGroup

        • MailboxDatabase

        • OfflineAddressBook

        • Organization

        • PublicFolder

        • RetentionPolicy

        • RoleAssingmentPolicy

        • Server

        • SharingPolicy

        • AddressList

        • GlobalAddressList

  2. Set up the synchronization project for synchronizing recipient of an Active Directory domain.

    • Select the recipient scope Only recipients of the following domain and select a Microsoft Exchange organization domain.

    • Customize the synchronization workflow.
      • Disable synchronization steps of all schema types that do not represent recipients. These are:

        • AddressBookPolicy

        • ActiveSyncMailboxPolicy

        • DatabaseAvailabilityGroup

        • MailboxDatabase

        • OfflineAddressBook

        • Organization

        • PublicFolder

        • RetentionPolicy

        • RoleAssingmentPolicy

        • Server

        • SharingPolicy

        • AddressList

        • GlobalAddressList

      • Check that all schema types not representing recipients are synchronized. These are:

        • Mailbox

        • MailContact

        • MailUser

        • DistributionList

        • DynamicDistributionList

        • MailPublicFolder

  3. Specify more base objects for the remaining Active Directory domains.

    • In the Synchronization Editor, open the first synchronization project for the synchronization of recipients.

    • Create a new base object for every other domain. Use the wizards to attach a base object.

      • In the wizard, select the Microsoft Exchange connector and enter the connection parameters. The connection parameters are saved in a special variable set.

        NOTE: When setting up the connection, note the following:

        • If possible, select a Microsoft Exchange server that is in the domain.

        • Select the Only recipients of the following domain recipient scope.

    • Create a new start up configuration for each domain. In the start configuration, use the newly created variable sets.

    • Run a consistency check.

    • Activate the synchronization project.

  4. Customize the synchronization schedule.

    IMPORTANT: Set up the synchronization schedules such that the Microsoft Exchange infrastructure is synchronized before Microsoft Exchange recipients.

    Several synchronization runs maybe necessary before all the data is synchronized depending on references between the Microsoft Exchange organization domains.

Creating a synchronization project for initial synchronization of a Microsoft Exchange environment

Use the Synchronization Editor to configure synchronization between the One Identity Manager database and Microsoft Exchange environment. The following describes the steps for initial configuration of a synchronization project. For more information about setting up synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

After the initial configuration, you can customize and configure workflows within the synchronization project. Use the workflow wizard in the Synchronization Editor for this. The Synchronization Editor also provides different configuration options for a synchronization project.

IMPORTANT: Each Microsoft Exchange environment should have its own synchronization project.

IMPORTANT: It must be possible to reach the Microsoft Exchange server by DNS query for successful authentication. If the DNS cannot be resolved, the target system connection is refused.

NOTE: When setting up the synchronization, note the recommendations described under Recommendations for synchronizing Microsoft Exchange environments.

Synchronization prerequisites
  • Synchronization of the Active Directory system is carried out regularly.

  • The Active Directory forest is declared in One Identity Manager.

  • Explicit Active Directory domain trusts are declared in One Identity Manager

  • Implicit two-way trusts between domains in an Active Directory forest are declared in One Identity Manager

  • User account with password and domain controller on the Microsoft Exchange client domain are entered to create linked mailboxes within an Active Directory resource forest topology

Related topics

Information required to set up a synchronization project

Have the following information available for setting up a synchronization project.

Table 5: Information required for setting up a synchronization project
Data Explanation

Microsoft Exchange version

One Identity Manager supports synchronization with Microsoft Exchange 2013 with Cumulative Update 23, Microsoft Exchange 2016, and Microsoft Exchange 2019 with Cumulative Update 1.

Server (fully qualified)

Fully qualified name (FQDN) of the Microsoft Exchange server to which the synchronization server connects to access Microsoft Exchange objects.

Syntax:

<Name of servers>.<Fully qualified domain name>

IMPORTANT: It must be possible to reach the Microsoft Exchange server by DNS query for successful authentication. If the DNS cannot be resolved, the target system connection is refused.

User account and password for logging in

Fully qualified name (FQDN) of the user account and password for logging in on the Microsoft Exchange.

Example:

user@domain.com

domain.com\user

Make a user account available with sufficient permissions. For more information, see Users and permissions for synchronizing with Microsoft Exchange.

Synchronization server for Microsoft Exchange

The One Identity Manager Service with the Microsoft Exchange connector must be installed on the synchronization server.

  • Server function: Microsoft Exchange connector

  • Machine role: Server | Job Server | Active Directory | Microsoft Exchange

For more information, see Setting up the Microsoft Exchange synchronization server.

One Identity Manager database connection data
  • Database server

  • Database name

  • SQL Server login and password

  • Specifies whether integrated Windows authentication is used

    Use of the integrated Windows authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

Remote connection server

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection.

The remote connection server and the workstation must be in the same Active Directory domain.

Remote connection server configuration:

  • One Identity Manager Service is started

  • RemoteConnectPlugin is installed

  • Microsoft Exchange connector is installed

The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.

TIP: The remote connection server requires the same configuration as the synchronization server (with regard to the installed software and entitlements). Use the synchronization as remote connection server at the same time by installing the RemoteConnectPlugin as well.

For more detailed information about establishing a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating