Using the Microsoft Exchange Connector

5 Using the Microsoft Exchange Connector

You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.

The following topics discuss information related to using the connector for performing reconciliation and provisioning operations:

5.1 Guidelines on Using the Connector

These are the guidelines that you must apply while using the connector for reconciliation and provisioning operations.

5.1.1 Guidelines on Configuring Reconciliation

Apply these guidelines while configuring reconciliation.

Before a target resource reconciliation run is performed, lookup definitions must be synchronized with the lookup fields of the target system. In other words, scheduled tasks for lookup field synchronization must be run before user reconciliation runs.

If you are using Oracle Identity Manager 11.1.2.x or later, then you must also run the Entitlement List and Catalog Synchronization Job scheduled jobs.
The scheduled task for user reconciliation must be run before the scheduled task for reconciliation of deleted user data.

5.1.2 Guidelines on Performing Provisioning Operations

Apply these guidelines while performing provisioning operations.

Before performing provisioning operations, you must reconcile all lookup definitions.
Before provisioning Exchange User, you must provision AD User.
If you select the user type as UserMailbox, then the Database field on the process form is mandatory. If you select the user type as MailUser, then External E-mail Address field on the process form is mandatory.
Specifying multibyte values for fields

Some Asian languages use multibyte character sets. If the character limit for fields on the target system is specified in bytes, then the number of Asian-language characters that you can enter in a particular field may be less than the number of English-language characters that you can enter in the same field. The following example illustrates this point:

Suppose you can enter 50 characters of English in the Display Name field of the target system. If you have configured the target system for the Japanese language, then you would not be able to enter more than 25 characters in the same field.
The character length of target system fields must be taken into account when specifying values for the corresponding Oracle Identity Manager fields

During a provisioning operation, you must keep the lengths of target system fields in mind while entering values for Oracle Identity Manager process form fields. The character limit specified for some process form fields may be more than that of the corresponding target system field.

5.2 Configuring Reconciliation

You can configure the connector to specify the type of reconciliation and its schedule.

This section provides information on the following topics related to configuring reconciliation:

5.2.1 Performing Full Reconciliation and Incremental Reconciliation

Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Manager.

After you create the application, you must first perform full reconciliation. In addition, you can switch from incremental reconciliation to full reconciliation whenever you want to ensure that all target system records are reconciled in Oracle Identity Manager.

You can perform a full and incremental reconciliation against a single domain by providing a value for the DomainController parameter of the reconciliation job. If the value of the DomainController parameter is blank, then reconciliation is performed against a forest.

To perform a full reconciliation run, ensure that no values are specified for the following parameters of the jobs for reconciling user records:

Filter
Incremental Recon Attribute
Latest Token

5.2.2 Performing Limited Reconciliation

By default, all target system records are reconciled during the current reconciliation run. You can customize this process by specifying the subset of target system records that must be reconciled.

You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter parameter that allows you to use the Exchange resource attributes to filter the target system records.

For detailed information about ICF Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager.

5.3 Configuring Reconciliation Jobs

Configure reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Governance.

You can apply this procedure to configure the reconciliation jobs for users and entitlements.

To configure a reconciliation job:

Log in to Identity System Administration.
In the left pane, under System Management, click Scheduler.
Search for and open the scheduled job as follows:
1. In the Search field, enter the name of the scheduled job as the search criterion. Alternatively, you can click Advanced Search and specify the search criterion.
2. In the search results table on the left pane, click the scheduled job in the Job Name column.
On the Job Details tab, you can modify the parameters of the scheduled task:
- Retries: Enter an integer value in this field. This number represents the number of times the scheduler tries to start the job before assigning the Stopped status to the job.
- Schedule Type: Depending on the frequency at which you want the job to run, select the appropriate schedule type. See Creating Jobs in Oracle Fusion Middleware Administering Oracle Identity Governance.
In addition to modifying the job details, you can enable or disable a job.
On the Job Details tab, in the Parameters region, specify values for the attributes of the scheduled task.

Note:

Values (either default or user-defined) must be assigned to all the attributes. If even a single attribute value is left empty, then reconciliation is not performed.
Click Apply to save the changes.

Note:

You can use the Scheduler Status page in Identity System Administration to either start, stop, or reinitialize the scheduler.

5.4 Performing Provisioning Operations

You create a new user in Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.

To perform provisioning operations in Oracle Identity Governance:

Log in to Identity Self Service.
Create a user as follows:
1. In Identity Self Service, click Manage. The Home tab displays the different Manage option. Click Users. The Manage Users page is displayed.
2. From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
3. Enter details of the user in the Create User page.
On the Account tab, click Request Accounts.
In the Catalog page, search for and add to cart the application instance for the connector that you configured earlier, and then click Checkout.
Specify value for fields in the application form and then click Ready to Submit.
Click Submit.

5.5 Uninstalling the Connector

Uninstalling the connector deletes all the account-related data associated with its resource objects.

If you want to uninstall the connector for any reason, then run the Uninstall Connector utility. Before you run this utility, ensure that you set values for ObjectType and ObjectValues properties in the ConnectorUninstall.properties file. For example, if you want to delete resource objects, scheduled tasks, and scheduled jobs associated with the connector, then enter "ResourceObject", "ScheduleTask", "ScheduleJob" as the value of the ObjectType property and a semicolon-separated list of object values corresponding to your connector (for example, ActiveDirectory User; ActiveDirectory Group) as the value of the ObjectValues property.

For more information, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Governance.