A.1 Driver Configuration

In iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit:

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, then click the upper right corner of the driver icon to display the Actions menu.

  4. Click Edit Properties to display the driver’s properties page.

    By default, the Driver Configuration page is displayed.

In Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select click Properties > Driver Configuration.

The Driver Configuration options are divided into the following sections:

A.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

Java: This option is not used with the Office 365 driver.

Native: This option is not used with the Office 365 driver.

Connect to Remote Loader: This option is always used with the Office 365 driver to connect to Office 365.

The driver .dll is: DXMLMSOnlineDriver.dll.

A.1.2 Driver Object Password

Driver Object Password: Use this option to set a password for the driver object. If you are using the Remote Loader, you must enter a password on this page, or the remote driver does not run. This password is used by the Remote Loader to authenticate itself to the remote driver shim.

A.1.3 Authentication

The Authentication section stores the information required to authenticate to the connected system. For the Office 365 driver, it stores the information required to authenticate to the Office 365 server with which the driver is associated.

Remote Loader Connection Parameters: This option is always used with the Office 365 driver. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, where the hostname is the IP address of the application server running the Remote Loader server and the port is the port the Remote Loader is listening on. The default port for the Remote Loader is 8090.

The kmo is used because the driver uses an SSL connection between the Remote Loader and the Identity Manager engine. For example, hostname=10.0.0.1 port=8090 kmo=IDMCertificate.

Driver Cache Limit (KB): Specify the maximum event cache file size (in KB). If the value is set to zero, the file size is unlimited. In Designer, click Unlimited to set the file size to unlimited in Designer.

Application Password: Specify the password for the user object listed in the Authentication ID option.

Remote Loader Password: Specify the password for the driver when it is connecting to the application through the Remote Loader. The password is used to control access to the Remote Loader instance. It must be the same password specified during the configuration of the Remote Loader on the connected system.

A.1.4 Startup Option

The Startup Option section enables you to set the driver state when the Identity Manager server is started.

Auto start: The driver starts every time the Identity Manager server is started.

Manual: The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.

Disabled: The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted, and no new events are stored in the file until the driver state is changed to Manual or Auto Start.

If the driver is Disabled and then changed to Auto start or Manual, you can select the Do Not Automatically Synchronize the Driver check box. This prevents the driver from synchronizing objects automatically when it loads. To synchronize objects manually, use the Synchronize button on the Driver Overview page.

A.1.5 Driver Parameters

The Driver Parameters section lets you configure the driver-specific parameters. When you change driver parameters, you tune driver behavior to align with your network environment.

The parameters are divided into the following categories:

Driver Settings

  • User Name: Specify the name of the Office 365 user. The driver shim requires this name to access the Office 365 site using the username@domain.onmicrosoft.com format.

  • User Password: Specify the password of the Office 365 user. The driver shim requires this password to access the Office 365 site collection.

Subscriber Settings

  • Office 365 Domain Name: Specify the Office 365 site context. For example, stidm.onmicrosoft.com (Domain-name.onmicrosoft.com).

  • Office 365 Custom Licenses: Click the icon to create custom Office 365 licenses by disabling specific services. You must use the License Entitlements to assign licenses to the Office 365 users.

    • Custom License Name: Specify the name for the custom license. This will appear as [domainname]:[license name (service to be disabled)] in the License Entitlements.

      NOTE:Ensure that there are no whitespace characters in the custom license name. An example for the custom license name is NOOFFICE_NOLYNC.

    • Service Name to be Disabled: Specify the service names to be disabled. To disable more than one service, use a comma to separate the service names. For example, to disable services, such as Office 365 ProPlus and Lync Online services in your enterprise plan, use this string: OFFICESUBSCRIPTION,MCOSTANDARD.

      NOTE:

      • To add licenses, run the Get-MSolAccountSkurun PowerShell command. To set up exclusions, go to Driver Configuration > Subscriber Options and add a custom license. For example, you can add the license name as NoSharepointNoOffice with a value of SHAREPOINTWAC_EDU,SHAREPOINTSTANDARD_EDU. When the driver connects to the Remote Loader and the PowerShell session starts, the driver shim reads all the licenses from Office 365 and creates a custom license for each of the Subscriber option licenses. For example, if you have four different licenses installed in Office 365 and one custom license configured in the driver, the driver returns eight licenses when you query for the License entitlement in the User Application, which includes four Office 365 licenses and additional four custom licenses.

      • To discover service names for your respective subscription, run the Get-MsolAccountSku command. The command returns the list of available service names. You can select a desired service name and run the Get-MsolAccountSku Where-Object <servicename> command to return the service plan and provisioning status. Table A-1 lists an example of Service Plans and Provisioning Status.

      Table A-1 Service Plans and Status

      ServicePlan

      ProvisioningStatus

      INTUNE_0365

      PendingActivation

      OFFICESUBSCRIPTION

      Success

      MCOSTANDARD

      Success

      EXCHNAGE_S_ENTERPRISE

      Success

      SHAREPOINTWAC_DEVELOPER

      Success

      SHAREPOINT_S_DEVELOPER

      Success

  • Exchange Online Configuration: Select Yes to enable the Exchange Online configuration. The following options are displayed to configure the Subscriber channel:

    • Make Group Owner Member of the Group: Select True to specify that the manager of the group is also a member of the distribution group.

      NOTE:By default, the driver adds itself as the owner of the distribution and security exchange groups. This is mandatory for the driver to manage these groups.

    • Member Join Restriction: Specifies the restrictions on recipients who want to join the group membership. Set it to Open if no restriction applies. Set it to Closed if restrictions apply. Otherwise, set it to Approval Required if it requires approval from the moderator. This is a default configuration setting that the driver will use. To change it for a particular group, set the relevant attributes using the driver policies.

    • Member Depart Restriction: Specifies the restrictions on recipients who want to leave the group membership. Set it to Open if no restriction applies. Set it to Closed if restrictions apply. Otherwise, set it to Approval Required if it requires approval from the moderator. This is a default configuration setting that the driver will use. To change it for a particular group, set the relevant attributes using the driver policies.

      NOTE:The Office 365 driver does not allow some of the Distribution or Security Group settings for specific groups. For example, it doesn’t allow you to set Member Depart Restriction to Open for a Security Group. It doesn’t allow you to set Member Join Restriction to Approval Required for some Distribution Groups.

    • Moderation Enabled: Specifies whether to enable moderation for the distribution group. To ensure moderation, set it to True. Otherwise, set it to False. This is a default configuration setting that the driver will use. To change it for a particular group, set the relevant attributes using the driver policies.

    • Bypass Nested Moderation: Specifies whether to allow the parent group moderators to provide approval for any nested groups that are also moderated. If it is set to True, after a moderator approves a message sent to this distribution group, the message is automatically approved for any other moderated recipients that are members of this distribution group. The default value is False.

    • Send Moderation: Specifies whether status notifications are sent to users when they send a message to the moderated distribution group. Set it to Always for sending the notifications to all senders. Set it to Internal for sending the notifications only to the senders who are internal to the organization. The senders are always notified if their message is rejected by the moderators, regardless of the listed values for this option. The default value is Never, which disables all status notifications.

Publisher Settings

Show/Hide Publisher Connection: Select Show to enable the Publisher connection. The following options are displayed to configure the Publisher channel.

  • Working Directory: Specify the full path to a directory on the local file system where Publisher state information for the driver can be stored. The information is stored in the SQLite database. The driver process must have write access to the directory. The default location is C:\temp folder on the Remote Loader server. The following filenames are created with the driver object GUID value in the default location:

    • MSOnline_MSolGroup<driver object GUID value>.s3db

    • MSOnline_MSolUser<driver object GUID value>.s3db

    The driver cleans up the database files. However, the cache needs to be deleted manually while uninstalling the driver.

  • Office 365 Polling Interval: Specifies the number of seconds that the Publisher channel waits after running the polling script and sending Office 365 events from the change cache to the Identity Manager engine.

  • Database Password: Specify the database password. This driver shim uses this password to encrypt the database that stores the Publisher cache/state information.

  • Remove Existing Password: Select this option to remove the existing password.

  • Publisher change calculation method: Specify how you want the driver to capture the changes that occurred in the Office 365 portal. The options are:

    • CACHE: Use this option if you have Msol, usermailbox, and mail users in the Office 365 portal. The driver retrieves all users from Office 365 to compute and then publish the changes to the Identity Vault. The driver takes longer time and consumes more memory to complete this activity.

    • TIMESTAMP: Use this option if your Office 365 portal primarily consists of Exchange-based usermailbox or mailuser or both. The driver retrieves all users that have changed compared to an earlier state based on timestamp. This option is applicable only when Exchange Online is enabled.

      • Enable cache rebuild on driver start: This option is displayed only when TIMESTAMP is selected. To update the Publisher cache when the driver starts, set this option to True.

  • Confirm Publisher Deletes: When this option is set to True, the Publisher channel reconfirms the delete operations by polling Office 365. If the value is set to False, reconfirmation is not done. By default, the value is set to True.

  • Clear Current Cached Events: When this option is set to True, the current events stored in the Publisher cache are cleared. If the value is set to True, the Office 365 driver will not generate any events on the Publisher channel on the driver startup. If the value is set to False, the Publisher events are cached when the driver is not running. By default, the value is set to False.

  • Heartbeat Interval: Specifies how often, in seconds, the driver shim contacts the Identity Manager engine when there has not been any traffic during the interval time. Specify 0 to disable the heartbeat.

A.1.6 ECMAScript

The ECMAScript section enables you to add ECMAScript resource files. The resources extend the driver’s functionality when Identity Manager starts the driver.

A.1.7 Global Configurations

The Global Configurations section displays an ordered list of Global Configuration objects. The objects contain extension GCV definitions for the driver that Identity Manager loads when the driver is started. You can add or remove the Global Configuration objects, and you can change the order in which the objects are executed.