Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Reports about Exchange Online objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for Exchange Online.

NOTE: Other sections may be available depending on the which modules are installed.

Table 22: Data quality target system report

Report

Published for

Description

Show overview

Mailbox

Mail users

Mail contact

This report shows an overview of the user account and the assigned permissions.

Show overview including origin

Mailbox

Mail users

Mail contact

This report shows an overview of the user account and origin of the assigned permissions.

Show overview including history

Mailbox

Mail user

Mail contact

This report shows an overview of the user accounts including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Mail-enabled distribution group

Office 365 group

This report finds all roles containing identities who have the selected system entitlement.

Show overview

Mail-enabled distribution group

Office 365 group

This report shows an overview of the system entitlement and its assignments.

Show overview including origin

Mail-enabled distribution group

Office 365 group

This report shows an overview of the system entitlement and origin of the assigned user accounts.

Show overview including history

Mail-enabled distribution group

Office 365 group

This report shows an overview of the system entitlement and including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Configuration parameters for managing an Exchange Online environment

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 23: Configuration parameters for managing an Exchange Online environment
Configuration parameters Meaning

TargetSystem | AzureAD | ExchangeOnline

Preprocessor relevant configuration parameter for controlling database model components for Exchange Online target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | AzureAD | ExchangeOnline | Accounts

Allows configuration of recipient data.

TargetSystem | AzureAD | ExchangeOnline | Accounts |
MailTemplateDefaultValues

Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Identity - new user account with default properties created mail template is used.

TargetSystem | AzureAD | ExchangeOnline | DefaultAddress

Default email address of the recipient for notifications about actions in the target system.

TargetSystem | AzureAD | ExchangeOnline | MaxFullsyncDuration

Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated.

QER | ITShop | AutoPublish | O3EDL

Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | AutoPublish | O3EDL | ExcludeList

List of all Exchange Online mail-enabled distribution groups that must not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | AutoPublish | O3EUnifiedGroup

Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList

List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Default project template for Exchange Online

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

The project template uses mappings for the following schema types.

Table 24: Exchange Online schema type mapping

Schema type in Exchange Online

Table in the One Identity Manager Schema

DistributionGroup

O3EDL

DynamicDistributionGroup

O3EDynDL

Mailbox

O3EMailbox

MailContact

O3EMailContact

MailPublicFolder

O3EMailPublicFolder

MailUser

O3EMailUser

MobileDeviceMailboxPolicy

O3EMobileDeviceMBPolicy

OWAMailboxPolicy

O3EOwaMailboxPolicy

PublicFolder

O3EPublicFolder

RetentionPolicy

O3ERetentionPolicy

RoleAssignmentPolicy

O3ERoleAssignmentPolicy

SharingPolicy

O3ESharingPolicy

UnifiedGroup

O3EUnifiedGroup

Editing Exchange Online system objects

The following table describes permitted editing methods of Exchange Online schema types and names restrictions required by system object processing.

Adding and deleting user mailboxes can only be done in One Identity Manager through assignment subscriptions in Azure Active Directory. This creates a mailbox that does not appear in the database until it has been synchronized. Afterward, it can be provisioned automatically in Exchange Online.

Table 25: Methods available for editing schema types
Type Read Add Delete Refresh

Public folder (PublicFolder)

Yes

No

No

No

Mail-enabled public folder (MailPublicFolder)

Yes

No

No

No

Policy for role assignment (RoleAssignmentPolicy)

Yes

No

No

No

Mailbox policy for mobile devices (MobileDeviceMailboxPolicy)

Yes

No

No

No

Sharing policy (SharingPolicy)

Yes

No

No

No

Retention policy (RententionPolicy)

Yes

No

No

No

Outlook Web App mailbox policy (OWAMailboxPolicy)

Yes

No

No

No

Mail user (MailUser)

Yes

Yes

Yes

Yes

Mail contact (MailContact)

Yes

Yes

Yes

Yes

Mailbox: resource mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: shared mailbox (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: user mailbox (Mailbox)

Yes

No

No

Yes

Mailbox: calendar settings (Mailbox)

Yes

Yes

Yes

Yes

Mailbox: statistics (Mailboxstatistics)

Yes

Yes

Yes

Yes

Mail-enabled distribution mailbox (DistributionGroup)

Yes

Yes

Yes

Yes

Dynamic distribution group (DynamicDistributionGroup)

Yes

No

Yes

Yes

Office 365 group (UnifiedGroup)

Yes

Yes

Yes

Yes

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating