C.1 Provisioning Exchange Server 2007 Accounts

Exchange Server 2007 no longer supports CDOEXM for mailbox management. In order to provision Exchange Server 2007 mailboxes, the Active Directory driver uses Windows PowerShell in the form of a service.

This service is installed on the server that is running the Active Directory driver. If you decided to run the driver locally, the driver is installed on the Identity Manager server. If you decided to run the driver remotely, the driver is installed on the same server as the Remote Loader service.

The service listens on a default port of 8097. This is set when the service is installed. It is stored in the registry key HK EY_LOCAL_MACHINE\SOFTWARE\Novell\IDM_AD_EX_SERVICE. The value can be edited if necessary. If you edit the registry key, both the service and the driver must be restarted.

The Active Directory driver creates, moves, and disables Exchange Server 2007 mailboxes. The cmdlets supported by the Active Directory driver to create, move, and disable mailboxes in Exchange Server 2007 are Enable-Mailbox, move-Mailbox, and Disable-Mailbox. The cmdlets use the following parameters in the Active Directory driver:

  • Enable-Mailbox: -Identity, -Alias, -Database -DomainController

  • Disable-Mailbox: -Identity, -DomainController, -Confirm

  • Move-Mailbox: -Identity, -TargetDatabase, -DomainController, -Confirm

For more functionality support, use the Scripting driver or the native PowerShell support feature. For more information on the Scripting driver, see the Identity Manager Driver for Scripting Implementation Guide. For more information on PowerShell support in Identity Manager, see Section D.0, Configuring PowerShell Support.

To provision the Exchange Server 2007 mailboxes, you must complete the following steps:

C.1.1 Meeting the Prerequisites

On the server where the driver will run, whether that is as a Remote Loader service or if the driver is installed locally, make sure that the following items are installed:

  • Microsoft .NET Framework version 2.0 or later

  • Exchange Server 2007 Management Tools for the correct platform: 32-bit or 64-bit

C.1.2 Installing the Service

To install the service, you must use the .NET Framework InstallUtil.exe utility.

NOTE:Even if you have a later version of .NET Framework installed on your server, the InstallUtil.exe utility is located in the v2.0.version folder.

The default location for a 32-bit server is C:\WINDOWS\Microsoft.Net\Framework\v2.0.version\InstallUtil.exe.

The default location for a 64-bit server is C:\WINDOWS\Microsoft.Net\Framework64\v2.0.version\InstallUtil.exe.

To use InstallUtil.exe:

  1. Open command prompt.

  2. Issue the InstallUtil IDMEx2007Service.exe command to register the service and create the correct registry entries.

  3. To start the service, select Start > Control Panel > Administrative Tools > Services.

  4. Right-click IDM_AD_Ex2007_Service, then select Start.

To uninstall the service, issue the InstallUtil /u IDMExService.exe command.

C.1.3 Configuring the Driver

You need to create a new driver object and select the correct fields to enable provisioning with Exchange Server 2007 or modify the existing driver.

Creating a New Driver

  1. When you are creating a driver object, specify the configuration parameters to provision the Exchange Server 2007 mailboxes.

    See Table C-1 for a list of Exchange parameters. See Section 4.0, Creating a New Driver for information on how to create the driver object.

  2. Verify that you have selected use-post-cdoexm to provision Exchange Server 2007 mailboxes. See Exchange Management interface type for more information.

  3. Start the driver to provision the Exchange Server 2007 mailboxes.

Table C-1 Exchange Provisioning Configuration Parameters

Parameter

Description

Exchange Policy

Exchange provisioning can be handled by a driver policy, Entitlements, or skipped entirely. A user can be assigned a mailbox in Exchange (the user is mailbox enabled) or have information about a foreign mailbox stored in the Identity Vault record (the user is mail enabled).

When you are using entitlements, an external service such as the Workflow service or Role-Based Entitlements makes these decisions and the driver policy simply applies them.

Implement in policy uses the policies in the driver instead of entitlements to assign Exchange mailboxes. When you are using the driver policy, the decision to mailbox-enable or mail-enable a user, plus the Exchange message database where the account will reside, is controlled completely in the policy.

When None is selected, the default configuration does not create Exchange mailboxes but does synchronize the Identity Vault Internet E-Mail Address with the Active Directory mail attribute.

Exchange Management interface type

The driver cannot provision Exchange Server 2007, Exchange Server 2010, or Exchange Server 2013 mailboxes in the same driver configuration at the same time. This option allows you to select which type of mailboxes the driver can provision.

IDM EXCH 2007 service synchronizes Exchange Server 2007 accounts.

IDM EXCH 2010 service synchronizes Exchange Server 2010 accounts.

IDM Powershell Service synchronizes Exchange Server 2013 accounts.

Allow Exchange mailbox move (yes/no)

When this option is enabled, the driver shim intercepts modifications to the Active Directory homeMDB attribute to move the mailbox to the new message data store.

Yes moves the Exchange mailbox.

No does not move the Exchange mailbox.

Allow Exchange mailbox delete (yes/no)

When this option is enabled, the driver shim intercepts removal for the Active Directory homeMDB attribute to delete the mailbox.

Yes allows the Exchange mailbox to be deleted.

No does not allow the Exchange mailbox to be deleted.

Default Exchange MDB

Specify the default Exchange Message Database (MDB). To obtain the correct name for the Exchange MDB, see Section 4.1, Gathering Configuration Information.

For example,

[CN=Mailbox Store (CONTROLLER),CN=First Storage Group,CN=InformationStore,CN=CONTROLLER,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com]

The driver can be updated to manage additional MDBs after the import is complete.

Modifying an Existing Driver in Designer

  1. Right-click the Active Directory

  2. driver in the Modeler, then select Properties.

  3. Select Driver Configuration > Driver Parameters > Edit XML.

  4. Search for the heading <header display-name="Exchange Options"/>.

  5. Change the following lines:

    Old XML

    New XML

    <definition display-name="Use CDOEXM for Exchange (yes/no)" name="use-CDOEXM" type="enum">

    <definition display-name="Exchange Management interface type (use-cdoexm/use-post-cdoexm)" name="exch-api-type" type="enum">

    <enum-choice display-name="Yes">yes</enum-choice>

    <enum-choice display-name="use-cdoexm">use-cdoexm</enum-choice>

    <enum-choice display-name="No">no</enum-choice>

    <enum-choice display-name="use-post-cdoexm">use-post-cdoexm</enum-choice>

    <definition display-name="Allow CDOEXM Exchange mailbox move (yes/no)" name="cdoexm-move" type="enum">

    <definition display-name="Allow Exchange mailbox move (yes/no)" name="exch-move" type="enum">

    <definition display-name="Allow CDOEXM Exchange mailbox delete (yes/no)" name="cdoexm-delete" type="enum">

    <definition display-name="Allow Exchange mailbox delete (yes/no)" name="exch-delete" type="enum">

  6. Click OK twice to save the changes.

Modifying an Existing Driver in iManager

  1. In iManager, click Identity Manager Administration.

  2. Select Administration > Identity Manager Overview.

  3. Select the driver set where the Active Directory driver is stored.

  4. Click the upper right corner of the Active Directory driver, then click Edit properties.

    Edit properties icon on the Active Directory driver
  5. In the Driver Configuration tab, click Edit XML under Driver Parameters.

  6. Click the Enable XML editing check box.

  7. Search for the heading <header display-name="Exchange Options"/>.

  8. Change the following lines:

    Old XML

    New XML

    <definition display-name="Use CDOEXM for Exchange (yes/no)" name="use-CDOEXM" type="enum">

    <definition display-name="Exchange Management interface type (use-cdoexm/use-post-cdoexm)" name="exch-api-type" type="enum">

    <enum-choice display-name="Yes">yes</enum-choice>

    <enum-choice display-name="use-cdoexm">use-cdoexm</enum-choice>

    <enum-choice display-name="No">no</enum-choice>

    <enum-choice display-name="use-post-cdoexm">use-post-cdoexm</enum-choice>

    <definition display-name="Allow CDOEXM Exchange mailbox move (yes/no)" name="cdoexm-move" type="enum">

    <definition display-name="Allow Exchange mailbox move (yes/no)" name="exch-move" type="enum">

    <definition display-name="Allow CDOEXM Exchange mailbox delete (yes/no)" name="cdoexm-delete" type="enum">

    <definition display-name="Allow Exchange mailbox delete (yes/no)" name="exch-delete" type="enum">

  9. Click OK twice to save the changes.

  10. Click Close.