Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with external, identity-aware applications. This guide discusses the connector that enables you to use Microsoft Exchange as a managed (target) resource of Oracle Identity Manager.
Note:
At some places in this guide, Microsoft Exchange has been referred to as the target system.
This connector supports two recipient types, UserMailbox and MailUser. The term recipients is used in this guide to refer to both recipient types. In other cases, the terms UserMailbox and MailUser are used in this guide to refer to specific recipient types.
In the account management mode of the connector, information about mailboxes created or modified directly on the target system can be reconciled into Oracle Identity Manager. In addition, you can use Oracle Identity Manager to perform mailbox provisioning operations on the target system.
This chapter contains the following sections:
These are the software components and their versions required for installing and using the connector.
Table 1-1 Certified Components
Item | Requirement |
---|---|
Oracle Identity Governance or Oracle Identity Manager |
You can use one of the following releases of Oracle Identity Governance or Oracle Identity Manager:
|
Target systems |
The target system can be any one or a combination of the following:
|
Connector Server |
11.1.2.1.0 |
Connector Server JDK |
JDK 1.6 Update 24 or later |
Other systems |
You must ensure the following software are installed in your operating environment:
|
Depending on the Oracle Identity Manager version that you are using, you must deploy and use one of these connector versions.
If you are using an Oracle Identity Manager release 9.1.0.2 or later and earlier than Oracle Identity Manager 11g Release 1 (11.1.1.5.6), then you must use the 9.0.4 version of this connector.
If you are using Oracle Identity Manager 11g Release 1 (11.1.1.5.6) or later, Oracle Identity Manager 11g Release 2 (11.1.2.0.6) or later, Oracle Identity Manager 11g Release 2 (11.1.2.2.0), or Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0), then use the latest 11.1.1.x version of this connector. However, if you are using Microsoft Exchange 2003, then you must use the 9.x versions for both Microsoft Active Directory User Management and Microsoft Exchange connectors.
These are the languages that the connector supports.
Arabic
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
English
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Portuguese
Portuguese (Brazilian)
Romanian
Russian
Slovak
Spanish
Swedish
Thai
Turkish
Learn about the architecture of the connector and reconciling and provisioning mailboxes across multiple domains.
This section discusses the following topics:
Note:
The connector requires the deployment of a Microsoft Active Directory User Management connector. The user account data is stored in Microsoft Active Directory. Before you can provision a Microsoft Exchange mailbox for a user, you must create an account for the user in Microsoft Active Directory.
The Microsoft Exchange connector uses the data in Microsoft Active Directory during the mailbox provisioning and reconciliation operations. This means that the connector only supports target resource reconciliation with Microsoft Exchange.
The connector uses Exchange-related PowerShell cmdlets to perform recipient administration activities on the Exchange Server. The connector supports UserMailbox and MailUser recipient types. The .NET connector server is mandatory for both Exchange 2007 and Exchange 2010 target system versions.
See Also:
http://technet.microsoft.com/en-us/library/bb201680%28v=exchg.141%29.aspx
for more information about recipient types
Figure 1-1 shows the architecture of the connector supporting Exchange Server 2007. In this architecture diagram, the .NET connector server is installed on a different computer in the same domain as that of the Exchange Server computer. You can also install the .NET connector server on the same computer hosting Exchange Server.
Figure 1-1 Architecture of the Connector Supporting Exchange Server 2007
Oracle Identity Manager (OIM) communicates with Exchange Server 2007 via connector bundle using various adapters and scheduled jobs. The connector bundle is deployed on a Windows computer with the .NET connector server installed. To communicate with Exchange Server 2007, the connector loads the Microsoft.Exchange.Management.PowerShell.Admin snap-in locally to create a runspace, which is the environment for running PowerShell cmdlets. This snap-in becomes available when Exchange Management Tools are installed. For this reason, Exchange Management Tools must be installed on the Windows computer hosting the connector server.
For more information on hardware requirements, installing, and configuring connector server, see Installing, Configuring, and Running the Connector Server.
Figure 1-2 shows the architecture of the connector supporting Exchange Server 2010. In this architecture diagram, the .NET connector server is installed on a different computer in the same domain as that of the Exchange Server computer. You can also install the connector server on the same computer hosting Exchange Server.
Figure 1-2 Architecture of the Connector Supporting Exchange Server 2010
Oracle Identity Manager (OIM) communicates with Exchange Server 2010 via connector bundle using various adapters and scheduled jobs. The connector bundle is deployed on a Windows computer with the .NET connector server installed. To communicate with Exchange Server 2010, OIM uses remote Shell, which in turn uses Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0 without the need for Exchange Management Tools. Therefore, Exchange Management Tools are not required to be installed on the connector server for Exchange Server 2010. For more information, see the following topic on Remote Exchange Management at:
http://technet.microsoft.com/en-in/library/dd297932%28v=exchg.141%29.aspx
Run the Enable-PSRemoting cmdlet to configure the Exchange Server computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology. For more information about the Enable-PSRemoting cmdlet, see:
http://technet.microsoft.com/en-us/library/hh849694.aspx
For more information on hardware requirements, installing, and configuring connector server, see Installing, Configuring, and Running the Connector Server.
The connector supports reconciliation and provisioning of mailboxes for users across multiple Microsoft Active Directory domains. The domains can be in a parent child relationship or can be peer domains.
For example:
Users in Child Domain 1, Child Domain 2, and Parent Domain can have mailboxes in the same single Exchange Server.
Users in Peer Domain 1 and Peer Domain 2 can have mailboxes in the same single Exchange Server. In this case, Exchange Server can be configured against Peer Domain 1 or Peer Domain 2.
The features of the connector include full and incremental reconciliation, limited reconciliation, transformation and validation of account data and so on.
After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, incremental reconciliation is automatically enabled. In incremental reconciliation, user accounts that have been added or modified since the last reconciliation run are fetched into Oracle Identity Manager.
You can perform a full and incremental reconciliation against a single domain by providing a value for the DomainController parameter of the scheduled task. If the DomainController parameter is blank, reconciliation is performed against all domains in the forest.
See Performing Full Reconciliation and Incremental Reconciliation for more information.
You can set a reconciliation filter as the value of the Filter attribute of the user reconciliation scheduled task. This filter specifies the subset of added and modified target system records that must be reconciled.
See Limited Reconciliation By Using Filters for more information.
You can configure the connector for reconciliation of deleted user records. In target resource mode, if a user record is deleted on the target system, then the corresponding Exchange User resource is revoked from the OIM User.
See Exchange Target Resource Delete User Reconciliation for more information.
You can configure the connector for reconciliation of the distribution groups and mailbox database in the target system to be populated in the lookup definitions on Oracle Identity Manager.
See the following sections for more information:
The connector supports multiple domains in a forest with a single Exchange resource object.
See Connector Architecture for more information.
You can configure validation of account data that is brought into or sent from Oracle Identity Manager during reconciliation and provisioning. In addition, you can configure transformation of account data that is brought into Oracle Identity Manager during reconciliation.
The following sections provide more information:
You can run custom PowerShell scripts on a computer where the Microsoft Exchange connector is deployed. You can configure the scripts to run before or after the create, update, or delete an account provisioning operations.
For example, you could configure a script to run before a user is created by the connector.
See Configuring Action Scripts for more information.
Lookup definitions are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.
The lookup definitions are as follows:
The Lookup.Exchange.Configuration lookup definition holds connector configuration entries that are used during reconciliation and provisioning operations.
Table 1-2 lists the default entries in this lookup definition.
Table 1-2 Entries in the Lookup.Exchange.Configuration Lookup Definition
Code Key | Decode | Description |
---|---|---|
AuthenticationMechanism |
Kerberos |
This entry is used when the connector is configured against Exchange 2010 to remotely connect to the Exchange Server. Do not modify this entry. |
Bundle Name |
Exchange.Connector |
This entry holds the name of the connector bundle package. Do not modify this entry. |
Bundle Version |
2.0.0.1 |
This entry holds the version of the connector bundle class. Do not modify this entry. |
Connector Name |
Org.IdentityConnectors.Exchange.ExchangeConnector |
This entry holds the name of the connector class. Do not modify this entry. |
Container |
UseDefault |
This entry is used internally. Do not modify this entry. |
DomainName |
UseDefault |
This entry is used internally. Do not modify this entry. |
DirectoryAdminName |
UseDefault |
This entry is used internally. Do not modify this entry. |
DirectoryAdminPassword |
UseDefault |
This entry is used internally. Do not modify this entry. |
DefaultIncomingMessageSize |
10MB |
During Enable operation, the connector first sets the IncomingMessageSize of the recipient to this value. After the operation completes, the connector updates the target system with the actual size in the process form. Provide appropriate default value for your organization. |
DefaultOutgoingMessageSize |
10MB |
During Enable operation, the connector first sets the OutgoingMessageSize of the recipient to this value. After the operation completes, the connector updates the target system with the actual size in the process form. Provide appropriate default value for your organization. |
Mode |
OIM |
This entry is used internally. Do not modify this entry. |
User Configuration Lookup |
Lookup.Exchange.UM.Configuration |
This entry holds the name of the lookup definition that contains user-specific configuration properties. Do not modify this entry. |
UseSSLForRemotePowerShell |
false |
This entry is used when the connector is configured against Exchange 2010 to remotely connect to the connector. Do not modify this entry. |
The Lookup.Exchange.UM.Configuration lookup definition holds configuration entries that are specific to the user object type. This lookup definition is used during user management operations.
Table 1-3 lists the default entries in this lookup definition.
Table 1-3 Entries in the Lookup.Exchange.UM.Configuration
Code Key | Decode | Description |
---|---|---|
Provisioning Attribute Map |
Lookup.Exchange.UM.ProvAttrMap |
This entry holds the name of the lookup definition that maps process form fields and target system attributes. See Lookup Definitions for Attribute Mappings for more information about this lookup definition. |
Recon Attribute Map |
Lookup.Exchange.UM.ReconAttrMap |
This entry holds the name of the lookup definition that maps resource object fields and target system attributes. See Lookup Definitions for Attribute Mappings for more information about this lookup definition. |
Recon Transformation Lookup |
Lookup.Exchange.UM.ReconTransformation |
This entry holds the name of the lookup definition that is used to configure transformation of attribute values that are fetched from the target system during user reconciliation. See Configuring Transformation of Data During User Reconciliation for more information about adding entries in this lookup definition. |
Recon Validation Lookup |
Lookup.Exchange.UM.ReconValidation |
This entry holds the name of the lookup definition that is used to configure validation of attribute values that are fetched from the target system during reconciliation. See Configuring Validation of Data During Reconciliation and Provisioning for more information about adding entries in this lookup definition. |
Provisioning Validation Lookup |
Lookup.Exchange.UM.ProvValidation |
This entry holds the name of the lookup definition that is used to configure validation of attribute values entered on the process form during provisioning operations. See Configuring Validation of Data During Reconciliation and Provisioning for more information about adding entries in this lookup definition. |
The Lookup.Exchange.UM.ProvAttrMap and Lookup.Exchange.UM.ReconAttrMap lookup definitions hold attribute mappings used during connector operations.
The Lookup.Exchange.UM.ProvAttrMap lookup definition holds mappings between process form fields (Code Key values) and target system attributes (Decode values) used during provisioning operations.
You can add entries to this lookup if you want to map new target system attributes for provisioning. See Adding New Fields for Provisioning for more information.
The Lookup.Exchange.UM.ReconAttrMap lookup definition holds mappings between resource object fields (Code Key values) and target system attributes (Decode values) used during reconciliation operations.
You can add entries to this lookup definition if you want to map new target system attributes for reconciliation. See Adding New Fields for Target Resource Reconciliation for more information.
Table 1-4 lists the default entries in these lookup definitions.
See Also:
The following pages in Microsoft technical library for a description of the parameters in the Decode column
For MailUser recipient type:
For Microsoft Exchange 2007, see http://technet.microsoft.com/en-us/library/aa995971(v=exchg.80).aspx
For Microsoft Exchange 2010, see http://technet.microsoft.com/en-us/library/aa995971%28v=exchg.141%29.aspx
For UserMailbox recipient type:
For Microsoft Exchange 2007, see http://technet.microsoft.com/en-us/library/bb123981(v=exchg.80).aspx
For Microsoft Exchange 2010, see http://technet.microsoft.com/en-us/library/bb123981%28v=exchg.141%29.aspx
Table 1-4 Entries in the Lookup Definitions for Attribute Mappings
Code Key | Decode | Comments |
---|---|---|
Alias |
Alias |
|
Database[LOOKUP] |
Database |
You must provide a value for this parameter only for the UserMailbox recipient type. It is mandatory for Microsoft Exchange 2007. It is not mandatory for Microsoft Exchange 2010. |
Display Name |
DisplayName |
|
Distribution Groups~Distribution Group[LOOKUP] |
DistributionGroup |
|
Email Address Policy Enabled |
EmailAddressPolicyEnabled |
|
External Email Address |
ExternalEmailAddress |
This parameter is mandatory for the MailUser recipient type. |
Hidden From Address Lists Enabled |
HiddenFromAddressListsEnabled |
|
Mailbox Size Receipt Quota |
ProhibitSendReceiveQuota |
|
Mailbox Size Transmit Quota |
ProhibitSendQuota |
|
Mailbox Warning Size |
IssueWarningQuota |
|
Maximum Recipients |
RecipientLimits |
|
Max Incoming Message Size |
MaxReceiveSize |
|
Max Outgoing Message Size |
MaxSendSize |
|
Message Body Format |
MessageBodyFormat |
This parameter only applies to MailUser recipient type. |
Message Format |
MessageFormat |
This parameter only applies to MailUser recipient type. |
Primary SMTP Address |
PrimarySmtpAddress |
|
Recipient Type |
RecipientType |
The value of this parameter can be UserMailbox or MailUser. This parameter is used by the connector for internal purposes. It does not represent any attribute on the target system. Note: It is mandatory to set a value for this attribute. |
Retain Deleted Items |
UseDatabaseRetentionDefaults |
This parameter only applies to UserMailbox recipient type. |
Retain Deleted Items For |
RetainDeletedItemsFor |
This parameter is not applicable to MailUser recipient type on Microsoft Exchange 2007. |
Retain Deleted Items Until Backup |
RetainDeletedItemsUntilBackup |
This parameter only applies to UserMailbox recipient type. |
ReturnValue |
__UID__ Note: This value represents the GUID of the user on the target system, used by the connector for internal purposes. |
|
Simple Display Name |
SimpleDisplayName |
This parameter is used to display an alternative description of the object. |
UD_EX_CH~Distribution Group[LOOKUP] |
DistributionGroup |
This parameter represents the distinguished name of the distribution group. |
Use Prefer Message Format |
UsePreferMessageFormat |
This parameter only applies to MailUser recipient type. |
User Logon Name |
Depending on the lookup, the decode value is as follows:
|
|
Use Storage Defaults |
UseDatabaseQuotaDefaults |
This parameter only applies to UserMailbox recipient type. |
The Lookup.Exchange.DistributionGroups lookup definition holds all the distribution groups available on the target system. This lookup is populated by running the Exchange User Distribution Group Lookup Reconciliation task.
Note:
Distribution groups of type MailUniversalDistributionGroup only are supported.
An entry in the Code Key column has the following format:
IT resource instance key~Distinguished name of the distribution group
An entry in the Decode column has the following format:
IT resource name~Distinguished name of the distribution group
The following table shows sample entries:
Code Key | Decode |
---|---|
27~CN=TestGroup3,CN=Users,DC=connectordev,DC=us,DC=oracle,DC=com |
Exchange IT Resource~CN=TestGroup3,CN=Users,DC=connectordev,DC=us,DC=oracle,DC=com |
27~CN=newChildgroup,DC=bangalore,DC=connectordev,DC=us,DC=oracle,DC=com |
Exchange IT Resource~CN=newChildgroup,DC=bangalore,DC=connectordev,DC=us,DC=oracle,DC=com |
The Lookup.Exchange.MailboxDatabase lookup definition holds all the databases available on the target system. This lookup is populated by running the Exchange User Mailbox Database Group Lookup Reconciliation task.
An entry in the Code Key column has the following format:
IT resource instance key~Distinguished name of the database
An entry in the Decode column has the following format:
IT resource name~Distinguished name of the database
The following table shows a sample entry:
Code Key | Decode |
---|---|
10~CN=Mailbox Database 0068647612,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=connectorqa,DC=com |
Exchange IT Resource~CN=Mailbox Database 0068647612,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=connectorqa,DC=com |
The Lookup.Exchange.RecipientType.Options lookup definition indicates the type of account to be created on the target system. This option is a mandatory field on the process form.
If UserMailbox is selected, then a UserMailbox is created. If MailUser is selected, then a MailUser is created.
This lookup contains the following entries by default:
Code Key | Decode |
---|---|
UserMailbox |
UserMailbox |
MailUser |
MailUser |
In the managed account mode, the connector can be used to perform target resource reconciliation and provisioning.
Target resource reconciliation involves fetching data about newly created or modified mailboxes on the target system and using this data to create or modify mailbox resources assigned to OIM Users. The Exchange Target Resource User Reconciliation scheduled task is used to start target resource reconciliation runs. This scheduled task is discussed in Reconciliation Scheduled Tasks.
This section discusses the following topics:
These are the mailbox fields from which values are fetched during a target resource reconciliation run.
Table 1-5 Mailbox Fields for Target Resource Reconciliation
Process Form Field | Target System Field | Description |
---|---|---|
Alias Note: This is a mandatory field. |
Alias |
Mailbox alias, which is generally the same as sAMAccountName Note: sAMAccountName is the user login for Microsoft Active Directory. |
Archive Mailbox Size |
ArchiveQuota |
The archive mailbox size at which messages will no longer be accepted |
Archive Mailbox Size Warning |
ArchiveWarningQuota |
The archive mailbox size at which a warning message is sent to the user |
Database |
Database |
The distinguished name of the database that contains the mailbox object. |
Display Name |
DisplayName |
Name of a user as displayed in the address book This is usually a combination of the user's first name, middle initial, and last name. |
Email Address Policy Enabled |
EmailAddressPolicyEnabled |
Specifies whether the e-mail address policy for this mailbox is enabled. The two possible values for this parameter are $true or $false. |
External Email Address |
ExternalEmailAddress |
This field is mandatory for MailUser recipient type. Specifies the e-mail address to which all the e-mails sent to the user would be automatically forwarded to. |
Hidden From Address Lists Enabled |
HiddenFromAddressListsEnabled |
Specifies whether this mailbox is hidden from address lists. The two possible values for this parameter are $true or $false. |
Mailbox Size Receipt Quota |
ProhibitSendReceiveQuota |
Specifies the mailbox size at which the user associated with this mailbox can no longer send or receive messages |
Mailbox Size Transmit Quota |
ProhibitSendQuota |
Specifies the mailbox size at which the user associated with this mailbox can no longer send messages |
Mailbox Warning Size |
IssueWarningQuota |
Specifies the mailbox size at which a warning message is sent to the user |
Max Incoming Message Size |
MaxReceiveSize |
Specifies the maximum size of messages that this mailbox can receive |
Max Outgoing Message Size |
MaxSendSize |
Specifies the maximum size of messages that this mailbox can send |
Maximum Recipients |
RecipientLimits |
Specifies the maximum number of recipients per message to which this mailbox can send |
Primary SMTP Address |
PrimarySmtpAddress |
Specifies the address that external users see when they receive a message from this mailbox |
Recipient Type |
RecipientType Note: This field is not a target system attribute. However, it is used by the connector for internal purposes. |
Specifies the type of recipient in the Address Book. The connector supports the following recipient types: MailUser: A mail-enabled Active Directory user that represents a user outside the Exchange organization. Each MailUser has an external e-mail address. All messages sent to the MailUser are routed to this external e-mail address. A MailUser is similar to a mail contact, except that a MailUser has Active Directory logon credentials and can access resources. UserMailbox: A mailbox that is assigned to an individual user in your Exchange organization. It typically contains messages, calendar items, contacts, tasks, documents, and other important business data. |
Retain Deleted Items Defaults |
UseDatabaseRetentionDefaults |
Specifies that this mailbox uses default values to handle deleted items or messages |
Retain Deleted Items For |
RetainDeletedItemsFor |
Specifies the length of time to keep deleted items |
Retain Deleted Items Until Backup |
RetainDeletedItemsUntilBackup |
Specifies whether to retain deleted items until the next backup. The two possible values for this parameter are $true or $false |
Simple Display Name |
SimpleDisplayName |
Used to display an alternative description of the object when only a limited set of characters is permitted. This limited set of characters consists of ASCII characters 26 through 126, inclusively |
Use Storage Defaults |
UseDatabaseQuotaDefaults |
Specifies that this mailbox uses the quota attributes specified for the mailbox database where this mailbox resides |
User Logon Name |
UserPrincipalName |
Specifies the UPN for this mailbox. This is the logon name for the user. The UPN consists of a user name and a suffix. Typically, the suffix is the domain name where the user account resides. |
Learn about the reconciliation rule for this connector and how to view it.
The following is the default reconciliation rule for this connector:
Rule Name: Exchange User Recon Rule
Rule Element: User Login Equals User ID
In this rule:
User Login is the User ID field on the OIM User form.
User ID is the sAMAccountName field of Microsoft Active Directory. Microsoft Exchange uses the same User ID during reconciliation.
Learn about the reconciliation action rules for this connector and how to view them.
Table 1-6 lists the action rules for target resource reconciliation.
Table 1-6 Action Rules for Target Resource Reconciliation
Rule Condition | Action |
---|---|
No Matches Found |
None |
One Entity Match Found |
Establish Link |
One Process Match Found |
Establish Link |
Provisioning involves creating or modifying mailbox data on the target system through Oracle Identity Manager.
This section discusses the following topics:
These are the supported mailbox provisioning functions and the adapters that perform these functions.
The functions listed in the table correspond to either a single or multiple process tasks.
See Also:
Using the Adapter Factory in Oracle Fusion Middleware Developing and Customizing Applications with Oracle Identity Manager for generic information about adapters
Table 1-7 Mailbox Provisioning Functions Supported by the Connector
Function | Adapter |
---|---|
Alias Updated |
ExchangeUpdateUser |
Archive Mailbox Size Updated |
ExchangeUpdateUser |
Archive Mailbox Size Warning Updated |
ExchangeUpdateUser |
Create User |
ExchangeCreateUser |
Delete User |
ExchangeDeleteUser |
Disable User |
ExchangeDisableUser |
Display Name Updated |
ExchangeUpdateUser |
Distribution Group Delete |
ExchangeRemoveChildTableValues |
Distribution Group Insert |
ExchangeAddChildTableValues |
Distribution Group Update |
ExchangeUpdateChildTableValues |
Email Address Policy Enabled Updated |
ExchangeUpdateUser |
Enable User |
ExchangeEnableUser |
External Email Address Updated |
ExchangeUpdateUser |
Hidden From Address Lists Enabled Updated |
ExchangeUpdateUser |
Mailbox Size Receipt Quota Updated |
ExchangeUpdateUser |
Mailbox Size Transmit Quota Updated |
ExchangeUpdateUser |
Mailbox Warning Size Updated |
ExchangeUpdateUser |
Maximum Recipients Updated |
ExchangeUpdateUser |
Max Incoming Message Size Updated |
ExchangeUpdateUser |
Max Outgoing Message Size Updated |
ExchangeUpdateUser |
Primary SMTP Address Updated |
ExchangeUpdateUser |
Retain Deleted Items Defaults Updated |
ExchangeUpdateUser |
Retain Deleted Items For Updated |
ExchangeUpdateUser |
Retain Deleted Items Until Backup Updated |
ExchangeUpdateUser |
Simple Display Name Updated |
ExchangeUpdateUser |
Use Storage Defaults Updated |
ExchangeUpdateUser |