Oracle® Waveset 8.1.1 Connector Reference Release 8.1.1 E25959-06 |
|
|
PDF · Mobi · ePub |
This chapter includes the following information about the Exchange connector for Oracle Waveset:
The Exchange connector is a .NET connector that supports provisioning and reconciliation for target systems running Microsoft Exchange Server On-Premise 2007 and On-Premise 2010.
The Exchange connector also extends the functionality of the Active Directory connector. The Exchange connector bundle includes both the Exchange connector and Active Directory connector libraries (DLL files). If you use the Exchange connector to provision Active Directory, the operations and deployment considerations for the Active Directory connector also apply to the Exchange connector. For more information, see Chapter 2, "Oracle Waveset Connector for Microsoft Active Directory".
Other considerations for the Exchange connector are:
The Exchange connector uses Windows PowerShell to manage the Exchange Server target systems. Therefore, the appropriate PowerShell cmdlet
set must be available to the connector.
The Exchange connector operates in the context of the .NET Connector Framework, which in turn requires an application to execute. Therefore, by default, Oracle provides (and recommends) the .NET connector server to run the Exchange connector and Active Directory connector. For more information, see Deploying the Exchange Connector.
The Exchange connector supports agentless target deployment; that is, an agent is not required.
The Exchange connector supersedes the Exchange resource adapter and earlier versions of the Exchange connector. For migration information, see Migrating to the Exchange Connector.
Additional information in this section includes:
The Exchange connector supports the operations shown in the following table. The Exchange connector also supports the operations for Active Directory, as described in Active Directory Connector Features.
Table 5-1 Exchange Connector Operations
Operation | Description |
---|---|
Account provisioning |
Operations include create, read, update, and delete objects. |
Reconciliation |
Both full and incremental reconciliation are supported. Reconciliation can perform the following functions:
Active Sync polls for changes to a resource and detects incremental changes in real time. Active Sync is performed by the Active Directory connector. For additional information about Active Sync, see the Oracle Waveset 8.1.1 Deployment Guide in the following library: |
Before and after actions |
Before and after actions use scripts to perform activities during a user create, update, or delete request. Script execution is performed by the Active Directory connector. For more information, see Configuring Before and After Actions for the Active Directory Connector. |
The Exchange connector supports reconciliation and provisioning of mailboxes for users across multiple Microsoft Active Directory domains. For example, users on ChildDomain1, ChildDomain2, ParentDomain, and PeerDomain can have mailboxes in the same Exchange Server installed on the parent domain. Oracle Waveset can reconcile and provision mailboxes for the users who belong to each of these domains, with a resource pointing to the parent domain where Exchange Server is installed.
Note:
Latency in Replication of Data Between Domain Controllers and the Global Catalog Server
The Exchange connector gets user and distribution group information from the domain controllers. Information residing in different domain controllers must be replicated among each other. At certain times, there can be a delay in this replication, and complete user or distribution group information might not be pulled into Oracle Waveset by the connector. In these situations, it is recommended to search for the entity information again.
By default, the user forms cache Active Directory and Exchange groups. After you create a new resource, clear the cache. To clear the cache, navigate to debug page and click Clear Resource Object List Cache. After the cache is cleared, Oracle Waveset obtains information about the groups from the target system. Subsequently, Oracle Waveset obtains this information from cache.
When you configure a resource for the Exchange connector on a Windows target system, the connector uses the Active Directory connector configuration parameters, described in Active Directory Connector Resource Configuration Parameters.
The Exchange connector also requires the additional configuration parameters described in the following table.
Table 5-2 Exchange Connector Resource Configuration Parameters
Parameter Name | Type | Required | Description |
---|---|---|---|
AuthenticationMechanism |
String |
Yes |
This entry is used when the connector is configured against Exchange 2010 to remotely connect to the Exchange Server. Default value: Do not modify this entry. |
Exchange Server Type |
String |
Yes |
Version of the Exchange Server target. The choices are:
|
ExchangeServerHost |
String |
No |
Hostname of the computer hosting Exchange Server 2010. This is required only if ExchangeServerType is set to OnPremise2010. |
ExchangeUser |
String |
No |
User name of the service account having minimum privileges. Format: DomainName\UserName This is required only if ExchangeServerType is set to OnPremise2010. |
ExchangeUserPassword |
String |
No |
Valid password for user specified for the ExchangeUser parameter. This is required only if ExchangeServerType is set to OnPremise2010. |
UseSSLForRemotePowerShell |
String |
Yes |
This entry is used when the connector is configured against Exchange 2010 to remotely connect to the connector. Default value: Do not modify this entry. |
For Active Directory, see Security Considerations for the Active Directory Connector.
On the Exchange connector side, secure communication is ensured by the API. Any bind to the directory is secured by the Windows Security Support Provider Interface (SSPI).
Communication to the Exchange Server is secured by Windows PowerShell.
The communication between the .NET Connector Framework and Oracle Waveset is encrypted by the framework, but it is also recommended that you use an SSL connection.
Depending on the Exchange Server version you are using, ensure the administrator account meets the following requirements:
The minimum privileges required for a Exchange 2007 service account to manage recipients (UserMailbox and MailUser) are:
The service account must be a member of Exchange Recipient Administrators group.
For more information, see http://technet.microsoft.com/en-us/library/aa996881%28v=exchg.80%29.aspx
.
If you want to add a recipient to a distribution group or remove a recipient from a distribution group, then the service account must also be a member of Account Operators group in the domain where the distribution group exists.
For more information, see http://technet.microsoft.com/en-us/library/bb124340%28v=exchg.80%29.aspx
and http://technet.microsoft.com/en-us/library/aa997627%28v=exchg.80%29.aspx
.
The minimum privilege required for a Exchange 2010 service account to manage recipients (UserMailbox and MailUser) is:
The service account must be a member of Recipient Management group.
For more information, see http://technet.microsoft.com/en-us/library/dd298028%28v=exchg.141%29.aspx
.
The Exchange connector is certified with the following components:
Table 5-3 Exchange Connector Certified Components
Component | Requirement |
---|---|
Oracle Waveset |
Oracle Waveset 8.1 Update 1 Bundle Patch 8 or later |
Identity Connector Framework (ICF) |
ICF 1.2 or later |
Microsoft .NET Framework |
Microsoft .NET Framework 3.5 Note: To prevent a memory leak problem with Microsoft .NET Framework 3.5, apply the hotfix described in the following article: |
Target Systems |
The target system can be any one or a combination of the following:
|
To migrate from an earlier version of the Exchange connector, follow these steps:
Make sure you have installed Oracle Waveset with the patch shown in Certified Components for the Exchange Connector.
Log in to the Oracle Waveset Administrator interface.
In the Edit Resource wizard, specify the new Exchange connector version and configure the Resource Parameters, as required for your deployment.
Before You Get Started: Install and configure the latest version of the connector server, as described in Installing, Configuring, and Running the Connector Server.
To migrate an Exchange resource adapter to the Exchange connector, follow these steps:
Make sure you have installed Oracle Waveset with the patch shown in Certified Components for the Exchange Connector.
Log in to the Oracle Waveset Administrator interface.
Go to the Migrate Adapters page.
Select the Resource you want to migrate from.
Select the type of the connector you want to convert to.
On the next page, select the Exchange connector version and the connector server to use.
Provide the Active Directory Domain Name and Exchange Server Type.
Click Convert.
After migrating an earlier Exchange connector or Exchange resource adapter, perform the following task:
In the Exchange connector userForm.xml file, replace "Exchange" with "Windows Active Directory" in the following field:
<contains> <ref>accountInfo.typeNames</ref> <s>Exchange</s> <contains>
In the postProcess.xml file, replace "Exchange" with "Windows Active Directory" in the following line:
<MapEntry key='typeString' value='Exchange'/>
Import the userForm.xml and postProcess.xml files into Oracle Waveset, as follows:
Click the Configure tab.
Click Import Exchange File.
Select the XML files and then click Import.
The connector uses Exchange-related PowerShell cmdlets to perform recipient administration activities on the Exchange Server. The connector supports User, UserMailbox, and MailUser recipient types. Connector server is mandatory for both Exchange 2007 and Exchange 2010 target system versions.
Note:
You can also use the Exchange connector to manage Active Directory users. To manage Active Directory users, select RecipientType as User in the user form. In this case, the Exchange connector only creates a user in Active Directory. The Exchange connector will not create any UserMailbox or mark this Active Directory user as a MailUser. For more information, see Oracle Waveset Connector for Microsoft Active Directory.
The following sections discuss details specific to Exchange resource only.
For more information about recipient types, see http://technet.microsoft.com/en-us/library/bb201680%28v=exchg.141%29.aspx
.
Figure 5-1 shows the architecture of the connector supporting Exchange Server 2007. In this architecture diagram, the connector server is installed on a different computer in the same domain as that of the Exchange Server computer. You can also install the connector server on the same computer hosting Exchange Server.
Figure 5-1 Architecture of the Connector Supporting Exchange Server 2007
Oracle Waveset communicates with Exchange Server 2007 via connector bundle. The connector bundle is deployed on a Windows computer with the connector server installed. To communicate with Exchange Server 2007, the connector loads the Microsoft.Exchange.Management.PowerShell.Admin snap-in locally to create a runspace, which is the environment for running PowerShell cmdlets. This snap-in becomes available when Exchange Management Tools are installed. For this reason, Exchange Management Tools must be installed on the Windows computer hosting connector server.
For more information on hardware requirements, installing, and configuring connector server, see Installing, Configuring, and Running the Connector Server.
Figure 5-2 shows the architecture of the connector supporting Exchange Server 2010. In this architecture diagram, the connector server is installed on a different computer in the same domain as that of the Exchange Server computer. You can also install the connector server on the same computer hosting Exchange Server.
Figure 5-2 Architecture of the Connector Supporting Exchange Server 2010
Oracle Waveset communicates with Exchange Server 2010 via connector bundle. The connector bundle is deployed on a Windows computer with the connector server installed. To communicate with Exchange Server 2010, Oracle Waveset uses remote Shell, which in turn uses Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0 without the need for Exchange Management Tools. Therefore, Exchange Management Tools are not required to be installed on the connector server for Exchange Server 2010. For more information, see the following topic on Remote Exchange Management at:
http://technet.microsoft.com/en-in/library/dd297932%28v=exchg.141%29.aspx
Run the Enable-PSRemoting cmdlet to configure the Exchange Server computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology. For more information about the Enable-PSRemoting cmdlet, see:
http://technet.microsoft.com/en-us/library/hh849694.aspx
For more information on hardware requirements, installing, and configuring connector server, see Installing, Configuring, and Running the Connector Server.
The Exchange connector is available on the Oracle Identity Manager Connector Downloads page:
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
The connector server is an application that enables remote execution of the Exchange connector. As the Exchange connector is implemented in .NET, it requires a .NET connector server.
The connector server can either be installed on the same computer as that of the Exchange Server or on a different computer in the same domain as that of the Exchange Server. For more information, see Exchange Connector Deployment Architecture.
This section contains the following topics:
The following pre-requisites and requirements are recommended for the connector server:
The computer hosting the connector server has Intel Dual-Core Processor, 2 GHz with 4 GB RAM or a computer with similar configuration.
If you have a computer dedicated to the connector server, then 2 GB RAM is sufficient.
Before you install the connector server, ensure that you have installed .NET Framework 3.5 SP1 on the same computer where you are installing the connector server.
In addition, you must install the following patch:
http://support.microsoft.com/kb/981575
The connector server need not be installed on the Exchange server target system. It can be installed either on the Exchange server or on a system that belongs to the same domain as that of the Exchange server. However, it is recommended to deploy connector server on a separate system that belongs to the same domain as that of the Exchange server.
If you are using Exchange Server 2007, then you must install Exchange Management Tools on the computer hosting the connector server. This is a mandatory requirement.
If you are using Exchange Server 2010, then the pre-requisites and requirements must be met for remote Shell as mentioned in the Remote Exchange Management page at:
http://technet.microsoft.com/en-in/library/dd297932%28v=exchg.141%29.aspx
Windows 2008 R2 is recommended as the operating system for the computer hosting the connector server as it includes all the necessary pre-requisites and requirements.
To install the connector server:
Download the connector server package (a zip file such as Connector_Server_111200.zip) from the Oracle Identity Manager Connector Downloads page at:
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
Extract the contents of the connector server package and locate the ServiceInstall-version.msi file, such as ServiceInstall-1.4.0.0.msi.
Install the connector server by running the ServiceInstall-1.4.0.0.msi file.
If the Setup Type - Typical option is used during the installation, then the connector server will be installed at the C:\Program Files\Identity Connector\Connector Server directory.
Note:
In this guide, CONNECTOR_SERVER_HOME represents the C:\Program Files\Identity Connector\Connector Server directory.
Upon successful installation, the connector server is registered as a Windows service and will be started automatically.
Stop the connector server Windows service.
To configure the connector server:
Open the connectorserver.exe.config file located in the CONNECTOR_SERVER_HOME directory. In the connectorserver.exe.config file, set the following properties, as required by your deployment.
Property | Description |
---|---|
connectorserver.port |
Port on which the connector server listens for requests. Default value: |
connectorserver.usessl |
If set to Default value: |
Certificatestorename |
If the connectorserver.usessl property is set to true, then this property should point to your certificate store name. |
connectorserver.key |
Connector server key. See Step 2 for information about setting this value. |
Set The connector server key in the connectorserver.exe.config file, as follows:
Note:
This key value must be mentioned in the Exchange Connector Server IT resource property.
Open a command prompt and navigate to CONNECTOR_SERVER_HOME directory.
Run the ConnectorServer.exe /setKey command.
This displays the prompt Enter Key:
Enter an appropriate key and press Enter.
This displays the prompt Confirm Key:
Enter the same key to confirm and press Enter.
This displays the message Key Updated.
The Exchange connector uses the built-in logging mechanism of the .NET framework. Logging for the Exchange connector is not integrated with Oracle Waveset. The log level is set in the connector server configuration file (ConnectorServer.exe.config).
By default, logging is not enabled for the connector. To enable logging:
Navigate to CONNECTOR_SERVER_HOME directory. The default directory is C:\Program Files\Identity Connectors\Connector Server.
The ConnectorServer.exe.config file must be present in this directory.
Search and locate the tag <add name="myListener" under the <listeners> tag.
The connector logs all information in the file indicated by the initializeData parameter. The default value is c:\connectorserver.log.
Edit this value as per your deployment needs. As the connector server runs using the service account, ensure the service account has write permissions on the log location and on the log file. Otherwise, there would be no logs generated even if you enable logging.
In the ConnectorServer.exe.config file, add the lines shown in bold text:
<system.diagnostics> <trace autoflush="true" indentsize="4"> <listeners> <remove name="Default" /> <add name="myListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="c:\connectorserver.log" traceOutputOptions="DateTime"> <filter type="System.Diagnostics.EventTypeFilter" initializeData="Information" /> </add> </listeners> </trace> <switches> <add name="ExchangeSwitch" value="4" /> </switches> </system.diagnostics>
The value="4"
sets the log level to Verbose. This value can be set as follows:
Information about events that occur during the course of reconciliation and provisioning operations are stored in a log file. As you use the connector over a period time, the amount of information written to a log file increases. If no rotation is performed, then log files become huge.
To avoid such a scenario, perform the procedure described in this section to configure rotation of the log file.
To configure rotation of a log file on a daily basis:
Log in to the computer that is hosting the connector server.
Stop the connector server.
Back up the ConnectorServer.exe.config file. The default location of this file is C:\Program Files\Identity Connectors\Connector Server.
In a text editor, open the ConnectorServer.exe.config file for editing.
Search for the <listeners> and </listeners> elements and replace the text between these elements with the following:
<remove name="Default" /> <add name="FileLog"type="Microsoft.VisualBasic.Logging.FileLogTraceListener,Microsoft.VisualBasic,Version=8.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" initializeData="FileLogWriter" traceOutputOptions="DateTime" BaseFileName="ConnectorServerDaily" Location="Custom" CustomLocation="C:\ConnectorServerLog\" LogFileCreationSchedule="Daily"> <filter type="System.Diagnostics.EventTypeFilter" initializeData="Information"/> </add>
Save the file and close it.
Start the connector server.
See Also:
The following URL for more information about configuring log file rotation:
http://msdn.microsoft.com/en-us/library/microsoft.visualbasic.logging.filelogtracelistener.aspx
To run the connector server, perform one of the following steps depending on the Exchange Server version:
If you are using Exchange Server 2007:
Login to computer hosting the connector server.
The login user must have permissions to perform the following steps.
Open Windows services explorer. To do so:
Click the Start button, then click to Run... Enter Services.msc
and click OK.
Locate the Connector Server service.
Right-click on the service and click Properties.
Click the Log On tab and select This Account.
Click Browse to choose the service account having minimum privileges as described in Privileges for Exchange 2007 Service Account Then, enter password for this service account.
Click OK.
With this service selected, click Run.
After the above steps are completed successfully, the connector server runs with the service account that has the minimum privileges to perform recipient management tasks on Exchange Server 2007.
Note:
The above steps are mandatory and must be completed successfully. This is because the Exchange connector uses the credentials of the user who starts the connector server to communicate with Exchange Server 2007. The username and password information provided in the Exchange resource is not used.
If you are using Exchange Server 2010:
Login to computer hosting the connector server.
The login user must have permissions to perform the following steps.
Open Windows services explorer. To do so:
Click the Start button, then click to Run... Then, enter Services.msc
and click OK.
Locate the Connector Server service and click Run.
Note:
The Exchange connector uses the user credentials provided in the Exchange resource to communicate with Exchange Server. Therefore, any user can start the connector server.
Alternatively, the connector server can be started by the service account having minimum privileges as described in Privileges for Exchange 2010 Service Account.
To install the Exchange connector bundle in the connector server:
Change to the directory where the connector server was installed.
Unzip the Exchange connector ZIP file in the directory from Step1.
Note:
If the AD connector DLL was updated by any one-off releases or patches, then do not update the AD DLL provided as part of the Exchange connector bundle zip file.
Restart the connector server service. Or, you can also restart the connector server using the following command:
ConnectorServer.exe /run
Configuring before and after actions for the Exchange connector is the same as for the Active Directory connector. See Configuring Before and After Actions for the Active Directory Connector.
Before you create an Exchange connector resource, configure the connector server in Oracle Waveset, as follows.
Click the Configure tab and then select the Connector Servers subtab.
Click New and provide the required configuration details, including:
Hostname or IP Address
Connector Server Port
Connector Server Key
Any user-specific name of the connector server
Click Save.
If the connector server is up and running, the status is displayed as Available.
If the status is displayed as "Failed: Connection refused", start the connector server service or execute the following command:
ConnectorServer.exe /run
To update Oracle Waveset with the newer versions of the Exchange connector artifacts:
Log in to the computer hosting Oracle Waveset and navigate to the Oracle Waveset installation directory.
Unzip the ExchangeConnector-idmglue-1.0.8.zip file in the installation directory.
This will extract the following files:
WEB-INF/lib/ExchangeConnector-idmglue.jar
sample/connectors/ExchangeConnector-idmglue/migration.xml
sample/connectors/ExchangeConnector-idmglue/postProcess.xml
sample/connectors/ExchangeConnector-idmglue/resourceWizard.xml
sample/connectors/ExchangeConnector-idmglue/userForm.xml
Import the resourceWizard.xml file in the sample/connectors/ExchangeConnector-idmglue/ directory.
(Optional) Import the remaining XML files in the sample/connectors/ExchangeConnector-idmglue/ directory as required.
To create an Exchange connector resource, follow these steps:
Log in to the Oracle Waveset Administrator interface.
Create the Exchange connector resource by following the Create Windows Exchange Connector Resource wizard.
Select the Exchange Connector Version as "2.0.0.1".
Select the connector server on which the Exchange connector bundle is deployed.
Specify values for the Exchange connector, depending on your deployment. For more information, see:
Edit the Tabbed User Form to use Exchange User Form for the Exchange resource created in Creating an Exchange Connector Resource as follows:
Go to the Oracle Waveset debug page:
http://
host-name:port/idm/debug
Select User Form from the drop-down box, which is adjacent to List Objects, and then click on List Objects.
Search for the Tabbed User Form and then click Edit. Under the _FM_ATTRIBUTES field:
If this is the first connector using the dynamic form, search for the "MissingFields" string. Then, replace the <FieldRef name='MissingFields'/>
block with following block:
<FieldRef name='accountId'/> <FormRef name='Exchange User Form'> <Property name='RESOURCE_NAME' value='Exchange Server'/> </FormRef>
If any other connector is configured already, then add the following block between </FormRef>
and </Field>
:
<FormRef name='Exchange User Form'> <Property name='RESOURCE_NAME' value='Exchange Server'/>
where Exchange Server is the resource name created in Creating an Exchange Connector Resource.
Navigate to the top of this form and add following line under the <include>
tag:
<ObjectRef type='UserForm' id='' name='Exchange User Form'/>
The id will be picked up automatically.
Save the form.
The Exchange connector support the following object classes:
__GROUP__
(or Group) Object Class for the Exchange Connector
__DISTRIBUTIONGROUP__
Object Class for the Exchange Connector
Note:
The Exchange connector extends the Active Directory connector schema. The Exchange connector supports any arbitrary Active Directory schema attribute used by Exchange Server and a predefined subset of Exchange PowerShell cmdlet
parameters.
__ACCOUNT__
Object Class for the Exchange ConnectorThe following table lists only the Exchange Connector attributes that are additional to the Active Directory connector. For a complete list of the attributes, see __ACCOUNT__
Object Class for the Active Directory Connector.
Unless noted otherwise, an attribute is single-valued and optional, and can be created, updated, and read.
Table 5-5 Additional __ACCOUNT__ Attributes for the Exchange Connector
Attribute Name | Exchange Mapped Attribute | Type | Description |
---|---|---|---|
|
|
String |
The list of available databases from the target is returned by default. When provisioning an Oracle Waveset user to an Exchange resource, the Database attribute value must be a distinguished name in the following format: CN=Mailbox Database 123456789,CN=Databases,CN=Exchange Administrative Group(ABCDEFG1234567),CN=Administrative Groups,CN=ABC Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ABC,DC=COM Once set, this attribute is not updatable. Required for Exchange Server 2007 but optional for Exchange Server 2010. |
|
|
String |
Not returned by default. Required for both Exchange Server 2007 and Exchange Server 2010, if |
|
|
String |
Required. Not returned by default. |
|
|
String |
Mailbox alias, which is generally the same as sAMAccountName. Note: sAMAccountName is the user login for Microsoft Active Directory. |
|
|
String |
Used to display an alternative description of the object when only a limited set of characters is permitted. This limited set of characters consists of ASCII characters 26 through 126, inclusively. |
|
|
String |
Name of a user as displayed in the address book. This is usually a combination of the user's first name, middle initial, and last name. |
|
|
String |
Specifies the maximum number of recipients per message to which this mailbox can send. |
|
|
String |
Specifies the maximum size of messages that this mailbox can send. |
|
|
String |
Specifies the maximum size of messages that this mailbox can receive. |
|
|
Boolean |
Specifies that this mailbox uses the quota attributes specified for the mailbox database where this mailbox resides. |
|
|
String |
Specifies the mailbox size at which the user associated with this mailbox can no longer send or receive messages. |
|
|
String |
Specifies the mailbox size at which the user associated with this mailbox can no longer send messages. |
|
|
String |
Specifies the mailbox size at which a warning message is sent to the user. |
|
|
String |
The archive mailbox size at which messages will no longer be accepted. |
|
|
String |
The archive mailbox size at which a warning message is sent to the user. |
|
|
Boolean |
Specifies that this mailbox uses default values to handle deleted items or messages. |
|
|
String |
Specifies the length of time to keep deleted items. |
|
|
Boolean |
Specifies whether to retain deleted items until the next backup. The two possible values for this parameter are $true or $false. |
|
|
Boolean |
Specifies whether this mailbox is hidden from address lists. The two possible values for this parameter are $true or $false. |
|
|
Boolean |
Specifies whether the e-mail address policy for this mailbox is enabled. The two possible values for this parameter are $true or $false. |
|
|
String |
Specifies the address that external users see when they receive a message from this mailbox. |
|
|
String |
Multi-valued attribute. |
Note:
Oracle Waveset brings all the groups (Active Directory and Exchange distribution groups) from the target system for the first time and then caches it. From the next time the user form is opened, the groups are loaded from the cache. If a new group is added on the target system and if the group needs to be reflected in Oracle Waveset user form, then you must clear the cache. In addition, if you create a new resource, you must clear cache. To do so:
Go to the Oracle Waveset debug page at:
http://
host_name:port/idm/debug
Click Clear Resource Object List Cache.
A message is displayed indicating that the Resource Object List cache has been cleared. Every time a new resource is created, you must clear the cache.
The following table lists the PowerShell cmdlet
parameters supported by the Exchange connector. None of these attributes are returned by default.
The Exchange connector supports all multi-valued attributes that are supported by Exchange Server target. The attributes in the following table are supported for Exchange Server 2010, unless the description specifies Exchange Server 2007.
Note:
By default, the Exchange connector includes only the DistributionGroup attribute in the userForm.xml file. To support additional multi-valued attributes, edit the userForm.xml and postProcess.xml files as described in Supporting Multi-Valued Attributes for the Exchange Connector.
Table 5-6 PowerShell cmdlet
Parameters Supported by the Exchange Connector
Attribute Name | Exchange Mapped Attribute | Type | Description |
---|---|---|---|
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
through
|
through
|
String |
|
|
|
String |
|
through
|
through
|
String |
Multi-valued. Attributes are supported only by Exchange Server 2010 SP2 and later releases. |
|
|
String |
Multi-valued. Supported for Exchange Server 2007. |
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
|
|
String |
Multi-valued. |
|
|
Boolean |
|
|
|
String |
By default, the Exchange connector includes only the multi-valued DistributionGroup attribute. To support additional multi-valued attributes, edit the userForm.xml and postProcess.xml files, as follows:
In the postProcess.xml file, add mappings for the multi-valued attributes that you want to add. For example, the mapping for the GrantSendOnBehalfTo attribute is:
<MapEntry key='accountAttributes[mapName==GrantSendOnBehalfTo].attributeName' value='GrantSendOnBehalfTo'/> <MapEntry key='accountAttributes[mapName==GrantSendOnBehalfTo].multi' value='true'/>
In the userForm.xml file, add the Field reference for the multi-valued attributes you want to add. For example, the reference for the GrantSendOnBehalfTo attribute is:
<Field name='accounts[$(RESOURCE_NAME)].GrantSendOnBehalfTo'> <Display class="TextArea"> <Property name="title" value="SendOnBehalf" /> <Property name="rows" value="4" /> <Property name="columns" value="60" /> <Property name="format" value="list" /> <Property name="sorted" value="true" /> </Display> </Field>
Import the postProcess.xml and userForm.xml files into Oracle Waveset.
__GROUP__
(or Group) Object Class for the Exchange ConnectorThe __GROUP__ (or Group) object class represents Active Directory groups excluding distribution groups (which are still part of Active Directory groups but are specific to Exchange).
For a list of the __GROUP__
(or Group) object class attributes, see __GROUP__
(Group) Object Class for the Active Directory Connector.
organizationalUnit
Object Class for the Exchange ConnectorFor a list of the organizationalUnit
object class attributes, see organizationalUnit
Object Class for the Active Directory Connector.
__MAILBOXDATABASE__
Object Class for the Exchange ConnectorThe __MAILBOXDATABASE__
object class is added to the existing Exchange connector schema to make it more convenient to retrieve mail store and mailbox database data from each version of the target system.
__DISTRIBUTIONGROUP__
Object Class for the Exchange ConnectorThere are no additional attributes to the schema in the Exchange connector for groups; however the connector forces the group type to be a Distribution group.
You can refer the following FAQs as guidelines and to troubleshoot connector issues. The following topics are discussed in this section:
The following are FAQs on connector issues common to both Exchange 2010 and Exchange 2007:
What is the recommended system configuration for the computer hosting and running the connector server?
Answer: The computer on which you want to install and run the connector server must meet the following requirements:
The computer hosting the connector server must have Intel Dual-Core Processor, 2 GHz with 4 GB RAM or a computer with similar configuration. If you have a computer dedicated to the connector server, then 2 GB RAM is sufficient.
Microsoft Windows Server 2003 or 2008, either 32-bit or 64-bit versions.
Where should I install the connector server for the Exchange connector?
Answer: Install the connector server on a computer that belongs to the same domain as that of the target Exchange server.
Why cannot I see the log files corresponding to the connector operations in the computer hosting Oracle Identity Manager?
Answer: The Exchange connector uses the built-in logging mechanism of the .NET framework. Therefore, all connector logs are generated on the computer hosting the connector server. See Enabling Logging for more information.
After extracting the contents of the connector bundle into the CONNECTOR_SERVER_HOME directory, I observed some DLLs. Does it matter whether the computer hosting the connector server is 32-bit or 64-bit?
Answer: No, you can use the same DLLs on both 32-bit and 64-bit computers.
Can a single connector server be used to deploy the Active Directory User Management connector bundle and the Exchange connector bundle?
Answer: Yes, a single connector server can host both the Active Directory User Management and the Exchange connector bundles.
While deploying the Exchange connector, ensure not to replace the existing ActiveDirectory.Connector.dll file on the connector server.
Does the Exchange connector support managing only Active Directory user as well? If so, what steps need to be done?
Answer: Yes, the Exchange connector supports managing Active Directory users as well. To manage Active Directory users, in the user form select User in the recipient type drop down box. In this case, only Active Directory user will be created.
Alternatively, you can use Oracle Waveset Connector for Microsoft Active Directory to manage Active Directory users. For more information, see Oracle Waveset Connector for Microsoft Active Directory.
The following are FAQs on connector issues specific to Exchange 2010:
In what format should the IT resource parameter ExchangeUser be specified?
Answer: It should be in the DOMAIN_NAME\USER_NAME format.
How do I ensure that the username and password provided in the IT resource are correct?
Answer: Follow the steps mentioned in Table 5-9, "Troubleshooting Connector Issues with Exchange 2010" for the error "unknown user name or bad password."
What is the minimum permission/role that the user provided in IT resource should have?
Answer: The user should be part of the Recipient Management group.
What are Exchange 2010 specific requirements that must be met by the computer hosting connector server?
Answer: The host computer should meet all the prerequisites of Remote PowerShell. For more information, see the topic on Connect Remote Exchange Management Shell to an Exchange Server at:
http://technet.microsoft.com/en-in/library/dd297932%28v=exchg.141%29.aspx
Does the computer hosting the connector server need to have Exchange Management Tools installed?
Answer: No.
The following are FAQs on connector issues specific to Exchange 2007:
Does the connector support RTM version of Exchange 2007?
Answer: No.
What values do I have to provide for ExchangeUser, ExchangeUserPassword, and ExchangeServerHost in the Exchange IT resource?
Answer: No values are required for these attributes. You can leave them blank. As the connector communicates to Exchange 2007 via local runspace, the connector does not use username or password provided in IT resource to connect to Exchange server. It uses the username and password of the user who starts the connector server.
Does the computer hosting the connector server need to have Exchange Management Tools installed?
Answer: Yes.
What is the minimum permission/role of the user who starts the connector server?
Answer:
User should be part of the Exchange Recipient Administrators group.
User should be part of the Account Operators group in the domain where the distribution group exists.
What are Exchange 2007 specific requirements that need to be met by the computer hosting the connector server?
Answer: The host computer needs to have Exchange Management Tools installed.
The following tables list solutions to some issues associated with the Exchange connector:
Table 5-9, "Troubleshooting Connector Issues with Exchange 2010"
Table 5-10, "Troubleshooting Connector Issues with Exchange 2007"
Table 5-8 lists solutions to some commonly encountered issues associated with the Exchange connector:
Table 5-8 Troubleshooting Common Connector Issues
Problem Description | Solution |
---|---|
The Exchange connector throws the following error:
|
The connector tries to get the domain controller where the Active Directory (AD) user was created using the value provided in the Directory Adminstrator's Account field. This value must be same as the value provided for the User Principal Name field during AD provisioning. If there is any mismatch, the connector throws this error. Ensure the values provided for these two fields are same. |
The Exchange connector does not log any information. Logging is enabled for the connector in ConnectorServer.exe.Config file. The line <add name="ExchangeSwitch" value="4" /> has been added and connector server has been restarted. |
Ensure the log file location and name as specified in the ConnectorServer.exe.Config file is valid. Also, ensure the user who is running the connector server has write permission on the log file. Then, restart the connector server. |
The Exchange connector throws the following error while updating a user:
|
Multiple domain controllers may be configured for the same domain. In such a case, add a field to the ResourceWizard.xml file as follows: <Field name="resourceAttributes[SyncDomainController].value" required="false"> <Display class="Text"> <Property name="title" value="SyncDomainController"/> <Property name="help" value="SyncDomainController"/> </Display> </Field> Then, import the XML file and specify the domain controller (host) value in the resource form. |
Table 5-9 lists solution to a commonly encountered issue associated with the connector when using Exchange 2010:
Table 5-9 Troubleshooting Connector Issues with Exchange 2010
Problem Description | Solution |
---|---|
The Exchange connector throws the following error:
|
Ensure the username and password specified are correct. The username must be in the format DomainName\UserName. User distinguished name (DN) must not be mentioned as a value for the ExchangeUser resource parameter. If this does not solve the issue, verify if you can connect to Exchange Server from the computer hosting the connector server using a remote PowerShell window using the same credentials by following below commands:
If the above steps complete without any error, then check Windows event logs for more information. Alternate Solution: Run the Enable-PSRemoting cmdlet to configure the Exchange Server computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology. For more information about the Enable-PSRemoting cmdlet, see: |
Table 5-10 lists solution to commonly encountered issue associated with the connector when using Exchange 2007:
Table 5-10 Troubleshooting Connector Issues with Exchange 2007
Problem Description | Solution |
---|---|
The Exchange connector throws the following error while adding a user to a distribution group:
|
For Exchange 2007, the service account must be a member of the Exchange Recipient Administrator role and the Account Operator role in every domain where the distribution group exists. Add the user to the Account Operator role of the domain where the distribution group exists and restart the connector server. |