{"id":356,"date":"2009-02-25T14:10:38","date_gmt":"2009-02-25T14:10:38","guid":{"rendered":"https:\/\/www.wapshere.com\/missmiis\/?p=356"},"modified":"2009-11-18T08:39:29","modified_gmt":"2009-11-18T08:39:29","slug":"ilm2-rc0-provisioning-exchange-2007-users","status":"publish","type":"post","link":"https:\/\/www.wapshere.com\/missmiis\/ilm2-rc0-provisioning-exchange-2007-users","title":{"rendered":"ILM2 RC0 &#8211; Provisioning Exchange 2007 Users"},"content":{"rendered":"<p>This post builds on <a href=\"https:\/\/www.wapshere.com\/missmiis\/?p=347\">yesterday&#8217;s<\/a>\u00c2\u00a0which should be <strong>read first<\/strong>.\u00c2\u00a0 Following are the extra\u00c2\u00a0Sync Rule and MA configurations that I made\u00c2\u00a0which added the Exchange 2007 support.<br \/>\n<!--more--><\/p>\n<h3>Workflow<\/h3>\n<p>I have changed yesterday&#8217;s Workflow a little so that it now uses &#8220;Based on attribute value&#8221; as the Action selection. This seems to give me more control over where the sync rule is applied.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.wapshere.com\/images\/ilm2-exchprov-workflow.jpg\" alt=\"\" \/><\/p>\n<h3>Synchronization Rule<\/h3>\n<p>The following table shows the configuration of my sync rule.<\/p>\n<table border=\"1\" cellpadding=\"4\">\n<tbody>\n<tr>\n<td><strong>Destination<\/strong><\/td>\n<td><strong>Source<\/strong><\/td>\n<td><strong>Initial<\/strong><\/td>\n<td><strong>Existance<\/strong><\/td>\n<\/tr>\n<tr>\n<td>sAMAccountName<\/td>\n<td>accountName<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>userPrincipalName<\/td>\n<td>accountName<br \/>\n+ &#8220;@mydomain.local&#8221;<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>givenName<\/td>\n<td>firstName<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>sn<\/td>\n<td>lastName<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>department<\/td>\n<td>department<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>displayName<\/td>\n<td>displayName<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>mailNickname<\/td>\n<td>mailNickname<\/td>\n<td>\u00c2\u00a0<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>dn<\/td>\n<td>&#8220;CN=&#8221;<br \/>\n+ accountName<br \/>\n+ &#8220;,OU=Users,OU=MyOrg,dc=mydomain,dc=local&#8221;<\/td>\n<td>yes<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>employeeID<\/td>\n<td>employeeID<\/td>\n<td>yes<\/td>\n<td>yes<\/td>\n<\/tr>\n<tr>\n<td>unicodePwd<\/td>\n<td>&#8220;Password01&#8221;<\/td>\n<td>yes<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>userAccountControl<\/td>\n<td>512<\/td>\n<td>yes<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<tr>\n<td>homeMDB<\/td>\n<td>&#8220;CN=&#8221;<br \/>\n+ mailDatabase<br \/>\n+ &#8220;,CN=&#8221;<br \/>\n+ mailStorageGroup<br \/>\n+ &#8220;,CN=InformationStore,CN=&#8221;<br \/>\n+ mailServer<br \/>\n+ &#8220;,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,<br \/>\nCN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local&#8221;<\/td>\n<td><strong><\/strong>yes<\/td>\n<td>\u00c2\u00a0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Note that I have used a number of custom attributes to construct the homeMDB. Apart from this being a more flexible approach, I actually got an &#8220;unexpected-error&#8221; in MIIS when I hard-coded the entire homeMDB string. For the RC0 documentation on modifying the schema see <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc561137.aspx\" target=\"_blank\">here<\/a>.<\/p>\n<h3>MA Configuration<\/h3>\n<p>The configuration of the ILM MA is as I covered <a href=\"https:\/\/www.wapshere.com\/missmiis\/?p=347\">yesterday<\/a> &#8211; you just need to make sure you have all the import flow rules in place to get the necessary data into the metaverse &#8211; not forgetting the ExpectedRulesList.<\/p>\n<p>The AD MA should not need any classic flow rules, as you&#8217;ve configured everything you need in the Sychronization Rule object. You do need to tick &#8220;Enable Exchange 2007 provisioning&#8221; on the Extensions page.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.wapshere.com\/images\/ilm2-exchprov-adma.jpg\" alt=\"\" \/><\/p>\n<h3>Exchange Management Tools<\/h3>\n<p>And, just like with ILM 2007, you need to have installed the Exchange Management Tools on the ILM server.<\/p>\n<h3>Here&#8217;s one I prepared earlier<\/h3>\n<p>Here&#8217;s what a provisioned user looked like just prior to exporting him from the AD MA.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.wapshere.com\/images\/ilm2-exchprov-provisioned-object.jpg\" alt=\"\" \/><\/p>\n<p>Immediately after exporting I was able to login as this user, open Outlook, and send an email. Hooray!<\/p>\n<p>Another nice surprise: as I had gone through the <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc561138.aspx\">Password Reset and Registration<\/a> configuration, and had already installed the ILM client on this workstation, the user was immediately prompted to register for password reset! Now that I <em>do<\/em> like.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.wapshere.com\/images\/ilm2-pwreset-prompttoregister.jpg\" alt=\"\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post builds on yesterday&#8217;s\u00c2\u00a0which should be read first.\u00c2\u00a0 Following are the extra\u00c2\u00a0Sync Rule and MA configurations that I made\u00c2\u00a0which added the Exchange 2007 support.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":[]},"categories":[26,25],"tags":[],"class_list":["post-356","post","type-post","status-publish","format-standard","hentry","category-exchange2007","category-ilm-2"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pkp1o-5K","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/comments?post=356"}],"version-history":[{"count":17,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/356\/revisions"}],"predecessor-version":[{"id":601,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/356\/revisions\/601"}],"wp:attachment":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/media?parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/categories?post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/tags?post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}