After the synchronization of data from the target system into the One Identity Manager database, rework may be necessary. Check the following tasks:
About this guide
Managing Exchange Online environments
Architecture overview
One Identity Manager users for managing Exchange Online
Configuration parameters for managing Exchange Online environments
Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization
Basic data for managing an Exchange Online environment
Users and permissions for synchronizing with Exchange Online
Installing the Exchange Online PowerShell V3 module
Setting up the Exchange Online synchronization server
Customizing the synchronization configuration
System requirements for the Exchange Online synchronization server
Installing One Identity Manager Service with an Exchange Online connector
Preparing the administrative workstation for access to Exchange Online
Preparing a remote connection server for access to Exchange Online
Creating a synchronization project for initial synchronization of an Exchange Online environment
Information required for Exchange Online synchronization projects
Creating an initial synchronization project for Exchange Online
Exchange Online synchronization features
Configuring the synchronization log
How to configure Exchange Online synchronization
Changing system connection settings of Exchange Online
Running synchronization
Editing connection parameters in the variable set
Editing target system connection properties
Advanced settings for the Exchange Online connector
Updating schemas
Speeding up Exchange Online synchronization with revision filtering
Configuring the provisioning of memberships
Configuring single object synchronization
Accelerating provisioning and single object synchronization
Exchange Online mailbox permissions
Starting synchronization
Deactivating synchronization
Displaying synchronization results
Synchronizing single objects
Tasks following synchronization
Post-processing outstanding objects
Adding custom tables to the target system synchronization
Managing Exchange Online mail users and Exchange Online mail contacts through account definitions
Troubleshooting
Ignoring data error in synchronization
Pausing handling of target system specific processes (Offline mode)
Account definitions for Exchange Online mail users and Exchange Online mail contacts
Exchange Online organization configuration
Creating account definitions
Editing account definitions
Main data for account definitions
Editing manage levels
Creating manage levels
Assigning manage levels to account definitions
Main data for manage levels
Creating mapping rules for IT operating data
Entering IT operating data
Modify IT operating data
Assigning account definitions to identities
Target system managers for Exchange Online
Job server for Exchange Online-specific process handling
Assigning account definitions to departments, cost centers, and locations
Assigning account definitions to business roles
Assigning account definitions to all identities
Assigning account definitions directly to identities
Assigning account definitions to system roles
Adding account definitions in the IT Shop
Assigning account definitions to Microsoft Entra ID tenants
Deleting account definitions
Extensions for Microsoft Entra ID tenants
Displaying hierarchical address books
Exchange Online public folders
Exchange Online policies
Exchange Online mailboxes
Creating Exchange Online mailboxes
Editing main data of Exchange Online mailboxes
General main data for Exchange Online mailboxes
Limits and usage of Exchange Online mailboxes
Policies and features of Exchange Online mailboxes
Booking resources for Exchange Online equipment mailboxes and Exchange Online room mailboxes
Adjusting receive restrictions for Exchange Online mailboxes
Exchange Online mailbox permission: Send on behalf
Exchange Online mailbox permission: Send as
Exchange Online mailbox permission: Full access
Specifying moderators for Exchange Online mailboxes
Assigning extended properties to Exchange Online mailbox
Deleting Exchange Online mailboxes
Exchange Online mail users
Creating Exchange Online mail users
Editing main data of Exchange Online mail users
Main data for Exchange Online mail users
Receive restrictions for Exchange Online mail users
Customizing send permissions for Exchange Online mail users
Specifying moderators for Exchange Online mail users
Assigning extended properties to Exchange Online mail users
Deleting Exchange Online mail users
Exchange Online mail contacts
Creating Exchange Online mail contacts
Editing main data of Exchange Online mail contacts
Main data for Exchange Online mail contacts
Receive restrictions for Exchange Online mail contacts
Customizing send permissions for Exchange Online mail contacts
Specifying moderators for Exchange Online mail contacts
Assigning extended properties to Exchange Online mail contacts
Deleting Exchange Online mail contacts
Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups
Editing main data for Exchange Online mail-enabled distribution groups
Main data for Exchange Online mail-enabled distribution groups
Receive restrictions for Exchange Online mail-enabled distribution groups
Customizing send permissions for Exchange Online mail-enabled distribution groups
Specifying moderators for Exchange Online mail-enabled distribution groups
Specifying Exchange Online mail-enabled distribution groups
Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients
Exchange Online Microsoft 365 groups
Prerequisites for indirect assignment of Exchange Online mail-enabled distribution groups
Assigning Exchange Online mail-enabled distribution groups to departments, cost centers, and locations
Assigning Exchange Online mail-enabled distribution groups to business roles
Adding Exchange Online mail-enabled distribution groups to system roles
Assigning Exchange Online mail-enabled distribution groups to the IT Shop
Adding Exchange Online mail-enabled distribution groups automatically to the IT Shop
Assigning Exchange Online recipients to Exchange Online mail-enabled distribution groups
Assigning Exchange Online mail-enabled distribution groups directly to Exchange Online mailboxes
Assigning Exchange Online mail-enabled distribution groups directly to Exchange Online mail users
Assigning Exchange Online mail-enabled distribution groups directly to Exchange Online mail contacts
Exchange Online mail-enabled distribution group inheritance based on categories
Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups
Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups
Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups
Assigning extended properties to Exchange Online mail-enabled distribution groups
Deleting Exchange Online mail-enabled distribution groups
Creating Exchange Online Microsoft 365 groups
Editing main data of Exchange Online Microsoft 365 groups
Exchange Online Microsoft 365 group main data
Customizing receive restrictions for Exchange Online Microsoft 365 groups
Assigning owners to Exchange Online Microsoft 365 groups
Assigning subscribers to Exchange Online Microsoft 365 groups
Assigning Exchange Online Microsoft 365 groups to Microsoft Entra ID user accounts
Exchange Online dynamic distribution groups
Prerequisites for indirect assignment of Microsoft 365 groups to Microsoft Entra ID user accounts
Assigning Exchange Online Microsoft 365 groups to departments, cost centers, and locations
Assigning Exchange Online Microsoft 365 groups to business roles
Adding Exchange Online Microsoft 365 groups to system roles
Adding Exchange Online Microsoft 365 groups to the IT Shop
Adding Exchange Online Microsoft 365 groups automatically to the IT Shop
Assigning Exchange Online Microsoft 365 groups directly to Microsoft Entra ID user accounts
Assigning Microsoft Entra ID user accounts directly to Exchange Online Microsoft 365 groups
Exchange Online Microsoft 365 group inheritance based on categories
Assigning extended properties to Exchange Online Microsoft 365 groups
Deleting Exchange Online Microsoft 365 groups
Editing main data of Exchange Online dynamic distribution groups
Main data for Exchange Online dynamic distribution groups
Customizing receive restrictions for Exchange Online dynamic distribution groups
Customizing send permissions for Exchange Online dynamic distribution groups
Specifying moderators for Exchange Online dynamic distribution groups
Adding Exchange Online mail-enabled distribution groups to Exchange Online dynamic distribution groups
Deleting Exchange Online dynamic distribution groups
Exchange Online mail-enabled public folders
Displaying information about Exchange Online mail-enabled public folders
Assigning Exchange Online mail-enabled distribution groups to Exchange Online mail-enabled public folders
Reports about Exchange Online objects
Configuration parameters for managing an Exchange Online environment
Default project template for Exchange Online
Editing Exchange Online system objects
Exchange Online connector settings
Tasks following synchronization
Post-processing outstanding objects
Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Outstanding objects:
-
Cannot be edited in One Identity Manager.
-
Are ignored by subsequent synchronizations.
-
Are ignored by inheritance calculations.
This means, all memberships and assignments remain intact until the outstanding objects have been processed.
Start target system synchronization to do this.
To post-process outstanding objects
-
In the Manager, select the Microsoft Entra ID > Target system synchronization: Exchange Online category.
The navigation view lists all the synchronization tables assigned to the Exchange Online target system type.
-
On the Target system synchronization form, in the Table/object column, open the node of the table for which you want to post-process outstanding objects.
All objects that are marked as outstanding are shown. The Last log entry and Last method run columns display the time at which the last entry was made in the synchronization log and which processing method was run. The No log available entry can mean the following:
-
The synchronization log has already been deleted.
- OR -
-
An assignment from a member list has been deleted from the target system.
The base object of the assignment was updated during the synchronization. A corresponding entry appears in the synchronization log. The entry in the assignment table is marked as outstanding, but there is no entry in the synchronization log.
-
An object that contains a member list has been deleted from the target system.
During synchronization, the object and all corresponding entries in the assignment tables are marked as outstanding. However, an entry in the synchronization log appears only for the deleted object.
TIP:
To display the properties of an outstanding object
-
Select the object on the target system synchronization form.
-
Open the context menu and click Show object.
-
For memberships, select the object whose properties you want to display.
-
-
Select the objects you want to rework. Multi-select is possible.
-
Click on one of the following icons in the form toolbar to run the respective method.
Table 6: Methods for handling outstanding objects Icon
Method
Description
Delete
The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account.
Indirect memberships cannot be deleted.
Publish
The object is added to the target system. The Outstanding label is removed from the object.
This runs a target system specific process that triggers the provisioning process for the object.
Prerequisites:
-
The table containing the object can be published.
-
The target system connector has write access to the target system.
Reset
The Outstanding label is removed for the object.
TIP: If a method cannot be run due to certain restrictions, the respective icon is disabled.
-
To display the constraint's details, click the Show button in the Constraints column.
-
- Confirm the security prompt with Yes.
NOTE: By default, the selected objects are processed in parallel, which speeds up the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.
Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.
To disable bulk processing
-
Disable the
icon in the form's toolbar.
NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed.
Adding custom tables to the target system synchronization
You must customize your target system synchronization to synchronize custom tables.
To add
-
In the Manager, select the Microsoft Entra ID > Basic configuration data > Target system types category.
-
In the result list, select the Exchange Online target system type.
-
Select the Assign synchronization tables task.
-
In the
- Save the changes.
-
Select the Configure tables for publishing task.
-
Select the
- Save the changes.
Related topics
Managing Exchange Online mail users and Exchange Online mail contacts through account definitions
In the default installation, after synchronizing, identities are automatically created for Exchange Online mail users and Exchange Online mail contacts. If an account definition for the Exchange Online organization is not known at the time of synchronization, mail users and mail contacts are linked to the identities. However, account definitions are not assigned. The mail users and mail contacts are therefore in a Linked state.
To manage mail users and mail contacts through account definitions, assign an account definition and a manage level.
To manage Exchange Online mail users and mail contacts through account definitions
-
Create an account definition.
-
Assign an account definition to the Microsoft Entra ID tenant.
-
Assign the account definition and manage level to user accounts in linked status.
-
In the Manager, select the Microsoft Entra ID > Mail users > Linked but not configured > <Microsoft Entra ID tenant> category.
- OR -
In the Manager, select the Microsoft Entra ID > Mail contacts > Linked but not configured > <Microsoft Entra ID tenant> category.
-
Select the Assign account definition to linked accounts task.
-