Microsoft Exchange
This connector exports mailboxes from a Microsoft Exchange instance.
This page is about Microsoft Exchange .
Overview
Microsoft Exchange Server is Microsoft's email, calendar, contact, scheduling and collaboration platform. It is deployed on the Windows Server operating system (OS) for business use. This connector uses Exchange Server PowerShell (Exchange Management Shell) to export databases and mailboxes.
Prerequisites
Implementing this connector requires:
- a Microsoft Exchange Server 2010, or later. See here Exchange Server 2016's requirements;
- installing Windows PowerShell. See how to connect to Exchange servers using remote PowerShell.
Export
This connector exports
mailboxes
and
mailbox databases.
Two CSV files are generated, one with the
mailbox properties
(like Database, EmailAddresses, ServerName , etc.) and the other with
mailbox database properties
(like Name, Server, Mounted, etc.). These properties are explicitly part of the PowerShell
script used by Identity Manager.
Configuration
This process is configured through a
Connection in the UI and/or
the XML configuration, and in the appsettings.agent.json > Connections section:
appsettings.agent.json
{
...
"Connections": {
...
"<ConnectionIdentifier>": {
...
}
}
}
The identifier of the connection and thus the name of the subsection must:
- be unique.
- not begin with a digit.
- not contain
<,>,:,",/,\,|,?,*and_.
For example:
appsettings.agent.json
{
...
"Connections": {
...
"MicrosoftExchangeExport": {
"AuthType": "Kerberos",
"Server": "http://mailbox01.contoso.com/PowerShell/"
}
}
}
Setting attributes
| Name | Details |
|---|---|
| Server required | Type String Description Address of the Exchange Server used by the remote PowerShell: http://<ServerFQDN>/PowerShell/ where <ServerFQDN> is the fully qualified domain name of the Exchange server, like mailbox01.contoso.com. |
PowerShellScriptPath default value: {your usercube path}/Runtime/Export-Exchange.ps1 | Type String Description Path of the export script file. |
Output details
This connector is meant to generate the following files:
-
<connectionIdentifier>_mailboxes.csvwith the following columns:<connectionIdentifier>_databases.csv
Command,Database,EmailAddresses,UseDatabaseRetentionDefaults,RetainDeletedItemsUntilBackup,DeliverToMailboxAndForward,ExchangeGuid,ExchangeUserAccountControl,ForwardingAddress,ForwardingSmtpAddress,IsMailboxEnabled,ProhibitSendQuota,ProhibitSendReceiveQuota,RecoverableItemsQuota,RecoverableItemsWarningQuota,CalendarLoggingQuota,IsResource,IsLinked,IsShared,SamAccountName,AntispamBypassEnabled,ServerName,UseDatabaseQuotaDefaults,UserPrincipalName,WhenMailboxCreated,IsInactiveMailbox,AccountDisabledIsDirSynced,Alias,OrganizationalUnit,DisplayName,MaxSendSize,MaxReceiveSize,PrimarySmtpAddress,RecipientType,RecipientTypeDetails,Identity,IsValid,Name,DistinguishedName,Guid,ObjectCategory,WhenChangedUTC,WhenCreatedUTC,ObjectState
Insert,value1,value2,...,valueNFor example, we could have
C:/identitymanagerContoso/Temp/ExportOutput/MicrosoftExchangeExport_mailboxes.csv.See more details on mailbox properties in Microsoft's documentation.
-
<connectionIdentifier>_databases.csvwith the following columns:<connectionIdentifier>_databases.csv
Command,Name,Server,Mounted,ObjectCategory,Guid,WhenChangedUTC,WhenCreatedUTC,ObjectState
Insert,value1,value2,...,valueNSee more details on mailbox database properties in Microsoft's documentation.
-
<connectionIdentifier>_cookie.binwhich stores the time of the last successful export, thus allowing incremental processes.
The CSV files are stored in the Application SettingsExport Output, and the cookie file in the Export Cookies folder.
Fulfill
This connector can create, update or delete mailboxes' addresses (PrimarySmtpAddress, ProxyAddress) and mailbox databases.
As it works via a PowerShell script. See the PowerShellProv topic for additional information.
Identity Manager's PowerShell script can be found in the SDK in
Usercube.Demo/Scripts/Fulfill-Exchange.ps1.
See the PowerShellProv topic for additional information.
Authentication
Authentication Type
This connector uses Kerberos authentication when trying to connect with the Exchange Server.
Password reset
This connector does not reset passwords.
Credential protection
Data protection can be ensured through:
-
Connection , configured in the
appsettings.encrypted.agent.jsonfile; -
An Connection safe;
-
A Connection able to store Microsoft Exchange's
Server.
This kind of credential protection can be used only for the export process.
The fulfill process' credentials can be protected by following the instructions for the PowerShellProv connector. See the PowerShellProv topic for additional information