7.0 Understanding Identity Manager Exchange Service

Identity Manager Exchange Service is a REST-based Windows service to support Exchange Online. The Azure AD driver leverages this service to provision or deprovision user mailboxes, mail users, create or remove distribution lists and security groups on Office 365 Exchange Online. This service converts the driver REST calls to Exchange Online cmdlets to manage Exchange Online.

When the Azure AD driver starts, it initializes the service by sending information to Office 365 such as exchange domain, user name, and password. The Azure AD driver is properly initialized only if the system time is synchronized between the servers running the driver and the Exchange Online service.

The schema includes the following attributes to support Office 365 Exchange Online:

  • DirXML-AADObjectType: Contains the type for a user or a group object.




    Creates a mailbox user in Exchange Online


    Creates a mail user in Exchange Online


    Creates a distribution group in Exchange Online


    Creates a security group in Exchange Online


    Creates a Office 365 group in Exchange Online

    For example, to add a mail user, set the DirXML-AADObjectType attribute to MailUser. To create an Exchange group, set this attribute to Distribution or Security.

  • DirXML-AADArchiveStatus: Contains the mailbox archive status for an Exchange Online user.

  • DirXML-AADLitigationHoldEnabled: Contains the mailbox litigation hold status for an Exchange Online user.

  • DirXML-AADLegacyExchangeDN: Contains the Exchange server DN for a mailbox.

If you are not using Exchange Online, these attributes are not required.

The service also supports execution of PowerShell cmdlets that are part of XDS as values of psexecute attribute.

PowerShell is a shell-based automation framework created by Microsoft that allows users to manage the internal functions of other Microsoft products, including Active Directory and Exchange. PowerShell uses special .NET classes called cmdlets to perform various processing actions on objects in your Active Directory or Exchange environments. Identity Manager can use PowerShell cmdlets to perform post-processing on events by sending the cmdlets to the Azure AD driver using policies.

IMPORTANT:The PowerShell commands should be wrapped in double quotes to pass a value to psexecute. Identity Manager uses double quotes, however PowerShell prefers single quotes.

For example:

   <modify-attr attr-name="psexecute">
     <value type="string">Get-Process</value>

NOTE:For PowerShell reference, use lowercase format. For example, psexecute.

For more information about PowerShell, see the following resources: