8.2 Setting Up Exchange Server Permissions

The homeMDB attribute is set during initial configuration, but you can change the setting by modifying the driver policy.

To configure the driver to synchronize an Exchange Server account:

Verify that the authentication account for the domain has enough rights to create, delete, or move Exchange accounts.
Specify the configuration parameters to provision the Exchange mailboxes, when you are creating a driver object. See Table 8-1 for a list of Exchange parameters. See Section 4.0, Creating a New Driver for information on how to create the driver object.

Table 8-1 Exchange Provisioning Configuration Parameters

Parameter	Description
Exchange Policy	Exchange provisioning can be handled by a driver policy, Entitlements, or skipped entirely. A user can be assigned a mailbox in Exchange (the user is mailbox enabled) or have information about a foreign mailbox stored in the Identity Vault record (the user is mail enabled). When you are using entitlements, an external service such as the Workflow service or roles makes these decisions and the driver policy simply applies them. Implement in policy uses the policies in the driver instead of entitlements to assign Exchange mailboxes. When you are using the driver policy, the decision to mailbox-enable or mail-enable a user, plus the Exchange message database where the account will reside, is controlled completely in the policy. When None is selected, the default configuration does not create Exchange mailboxes but does synchronize the Identity Vault Internet E-Mail Address with the Active Directory mail attribute.
Allow Exchange mailbox move (yes/no)	When this option is enabled, the driver shim intercepts modifications to the Active Directory homeMDB attribute to move the mailbox to the new message data store. Yes moves the Exchange mailbox. No does not move the Exchange mailbox.
Allow Exchange mailbox delete (yes/no)	When this option is enabled, the driver shim intercepts removal for the Active Directory homeMDB attribute to delete the mailbox. Yes allows the Exchange mailbox to be deleted. No does not allow the Exchange mailbox to be deleted.

Parameter

Description

Exchange Policy

Exchange provisioning can be handled by a driver policy, Entitlements, or skipped entirely. A user can be assigned a mailbox in Exchange (the user is mailbox enabled) or have information about a foreign mailbox stored in the Identity Vault record (the user is mail enabled).

When you are using entitlements, an external service such as the Workflow service or roles makes these decisions and the driver policy simply applies them.

Implement in policy uses the policies in the driver instead of entitlements to assign Exchange mailboxes. When you are using the driver policy, the decision to mailbox-enable or mail-enable a user, plus the Exchange message database where the account will reside, is controlled completely in the policy.

When None is selected, the default configuration does not create Exchange mailboxes but does synchronize the Identity Vault Internet E-Mail Address with the Active Directory mail attribute.

Allow Exchange mailbox move (yes/no)

When this option is enabled, the driver shim intercepts modifications to the Active Directory homeMDB attribute to move the mailbox to the new message data store.

Yes moves the Exchange mailbox.

No does not move the Exchange mailbox.

Allow Exchange mailbox delete (yes/no)

When this option is enabled, the driver shim intercepts removal for the Active Directory homeMDB attribute to delete the mailbox.

Yes allows the Exchange mailbox to be deleted.

No does not allow the Exchange mailbox to be deleted.