立即与支持人员聊天
与支持团队交流

Identity Manager 8.2 - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing a Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding a Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Ignoring data error in synchronization

By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.

To ignoring data errors during synchronization in One Identity Manager

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > One Identity Manager connection category.

  3. In the General view, click Edit connection.

    This starts the system connection wizard.

  4. On the Additional options page, enable Try to ignore data errors.

    This option is only effective if Continue on error is set in the synchronization workflow.

    Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.

  5. Save the changes.

IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.

Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.

Basic data for managing an Exchange Online environment

To manage an Exchange Online environment in One Identity Manager, the following basic data is relevant.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

    For more information, see Account definitions for Exchange Online mail users and Exchange Online mail contacts.

  • Password policies

    One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

    Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.

    Azure Active Directory configuration settings are used for implementing password policies. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

  • Initial password for new mail users.

    You can issue an initial password for mail users in the following ways: Enter a password or use a random generated initial password when you create a mail user.

    Azure Active Directory configuration settings are used for generating random passwords for new mail users. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

  • Email notifications about credentials

    When a new mail user is created, the login data are sent to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.

    Azure Active Directory configuration settings are used for sending login credentials. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.

    For more information, see Post-processing outstanding objects.

  • Target system managers

    A default application role exists for the target system manager in One Identity Manager. Assign the employees who have permission to edit all Exchange Online objects in One Identity Manager to this application role.

    Define additional application roles if you want to limit the permissions for target system managers to individual tenants with Exchange Online. The application roles must be added under the default application role.

    For more information, see Target system managers for Exchange Online.

  • Servers

    Servers must be informed of your server functionality in order to handle Exchange Online-specific processes in One Identity Manager. For example, the synchronization server.

    For more information, see Job server for Exchange Online-specific process handling.

Account definitions for Exchange Online mail users and Exchange Online mail contacts

NOTE: Exchange Online user mailboxes are create or deleted respectively by assigning and removing licenses through Azure Active Directory subscriptions. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

One Identity Manager has account definitions for automatically allocating mail users and mail contacts to employees. You can create account definitions for every target system. If an employee does not yet have a mail user or mail contact in a target system, a new mail user or mail contact is created by assigning the account definition to an employee.

For detailed information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.

The following steps are required to implement an account definition:

  • Creating account definitions

  • Configuring manage levels

  • Creating the formatting rules for IT operating data

  • Collecting IT operating data

  • Assigning account definitions to employees and target systems

Detailed information about this topic

Creating account definitions

To create a new account definition

  1. In the Manager, select the Azure Active Directory > Basic configuration data > Account definitions > Account definitions category.

  2. Click in the result list.

  3. On the main data form, enter the main data of the account definition.

  4. Save the changes.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级