You can install the Azure AD driver on the Identity Manager server or with the Remote Loader.
The driver installation program guides you through the driver and the Identity Manager Exchange Service installation.
NOTE:
IDM Exchange service must be run on the same machine as the driver and configured to listen only on local host.
IDM Exchange service must be run with least privilege required for the configured PowerShell cmdlets to execute.
Only system administrator must be provided access to the IDM exchange service machine
Perform the following actions to install and configure the Exchange Service:
Copy Exchange Service from [ISO]:\products\IDM\windows\setup\drivers\azuread\ExchangeService to any local drive on the server you intend to run this service.
Navigate to the directory where you copied the ExchServerHost.exe in the first step.
For example, C:\ExchangeService
Run the following command to install the Exchange Service:
<location of InstallUtil>\InstallUtil.exe ExchServerHost.exe
For example:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe ExchServerHost.exe
where, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe is the location where InstallUtil.exe is located.
Ensure the server certificate is available in iManager. To create the server certificate, see Securing Communication with Identity Manager Exchange Service
Open cmd prompt, and navigate to the local drive location where the ExchangeService is saved, as mentioned in Step 1 (\products\IDM\windows\setup\drivers\azuread\ExchangeService\), and execute the command configureExchService.bat <port> <certificate_name>.
For example: configureExchService.bat 9001 azuread. Where 9001 is the port number and azuread is the nickname of the certificate that was created in iManager.
To start the service, navigate to Control Panel > Administrative Tools > Services.
Right-click the IDMExchangeOnline service and select Start.
NOTE:To uninstall the service, open a .NET command prompt and issue the InstallUtil /u ExchServerHost.exe command.
NetIQ recommends you to use TLS 1.1 and TLS 1.2 protocols with the Identity Manager Exchange Service. If you are using ciphers and protocols such as RC4 and Triple DES, or SSLv2/v3 on a server running Identity Manager Exchange Service, you must disable them using the disableWeakCiphers.reg file provided in the Exchange Service installation directory. You can either execute the registry file or import the file into Windows Registry. After the changes are made, restart the server. For more information about restricting the use of certain cryptographic algorithms and protocols on Windows servers, see Microsoft Support Site.
After finishing the installation of Identity Manager Exchange Service, verify that the service is properly installed.
NOTE:Ensure that SSL is configured for the Identity Manager Exchange Service before starting the service. This is a mandatory step before running the service. For more information, see Securing Communication with Identity Manager Exchange Service.
From the Start menu, type regedit.
On the Registry Editor page, locate the service at HKEY_LOCAL_MACHINE > Software > Novell > ExchServer and verify that the Port and CertificateFriendlyName have the correct values.
The CertificateFriendlyName must be the same as Certificate Alias that you specified in Step 1 of the Securing Communication with Identity Manager Exchange Service.
Navigate to the services that are running on your server and start the IDMExchangeOnline service.
To verify the provisioned mailboxes for users, follow the procedure provided in the Microsoft Exchange Admin Center.