7.0 Understanding Identity Manager Exchange Service

Identity Manager Exchange Service is a REST-based Windows service to support Exchange Online. The Azure AD driver leverages this service to provision or deprovision user mailboxes, mail users, create or remove distribution lists and security groups on Office 365 Exchange Online. This service converts the driver REST calls to Exchange Online cmdlets to manage Exchange Online.

When the Azure AD driver starts, it initializes the service by sending information to Office 365 such as exchange domain, user name, and password. The Azure AD driver is properly initialized only if the system time is synchronized between the servers running the driver and the Exchange Online service.

The schema has been extended to include the following attributes to support Office 365 Exchange Online:

  • DirXML-AADObjectType: Contains the type for a user or a group object.

    Name

    Description

    UserMailbox

    Creates a mailbox user in Exchange Online

    MailUser

    Creates a mail user in Exchange Online

    Distribution

    Creates a distribution group in Exchange Online

    Security

    Creates a security group in Exchange Online

    For example, to add a mail user, set the DirXML-AADObjectType attribute to MailUser. To create an Exchange group, set this attribute to Distribution or Security.

  • DirXML-AADArchiveStatus: Contains the mailbox archive status for an Exchange Online user.

  • DirXML-AADLitigationHoldEnabled: Contains the mailbox litigation hold status for an Exchange Online user.

  • DirXML-AADLegacyExchangeDN: Contains the Exchange server DN for a mailbox.

If you are not using Exchange Online, these attributes are not required.

The service also supports execution of PowerShell cmdlets that are part of XDS as values of PSExecute attribute.

PowerShell is a shell-based automation framework created by Microsoft that allows users to manage the internal functions of other Microsoft products, including Active Directory and Exchange. PowerShell uses special .NET classes called cmdlets to perform various processing actions on objects in your Active Directory or Exchange environments. Identity Manager can use PowerShell cmdlets to perform post-processing on events by sending the cmdlets to the Azure AD driver using policies.

For example:

   <modify-attr attr-name="psexecute">
    <add-value>
     <value type="string">Get-Process</value>
    </add-value>
   </modify-attr>

NOTE:For PowerShell reference, use lowercase format. For example, psexecute.

For more information about PowerShell, see the following resources: