We are trying to create a user mailbox in Exchange Onpremise during AD account creation as part of the onboarding process. Based on the documentation this is something you can perform using native functionality, you just need to:
Complete Exchange Configuration on AD source
Update Create policy with: mailNickname , homeMBD, externalEmailAddress and msExchHideFromAddressLists
Doing so we got an error when we trigger the account creation. If we remove the externalEmailAddress from the provisioning policy, we are able to reach out Exchange, but instead of creating a UserMailbox, we create a contact in Exchange.
We also try to add a new attribute to the account schema msExchRecipientTypeDetails to define the typology but its not working.
Exchange mailbox creation via IDN’s native AD connector requires that mailNickname, homeMDB, and msExchHomeServerName be set—notexternalEmailAddress, which is used for mail contacts.
If externalEmailAddress is included, the system interprets the intent as creating a mail-enabled contact, not a mailbox.
You must exclude externalEmailAddress and ensure that homeMDB points to a valid mailbox database and msExchHomeServerName is correctly populated.
The attribute msExchRecipientTypeDetails is not writable in this context—it’s set by Exchange once the mailbox is created.
This is just an idea i thought just think if it works
Hello @ManvithaNalabolu06 thanks a lot for your reply. Could you please confirm if attribute msExchHomeServerName needs to be populated by us or its something set by Exchange?
This error indicates that required mailbox attributes (like homeMDB or msExchHomeServerName) are missing or incorrect, causing Exchange to treat the object inconsistently.
Avoid using externalEmailAddress—that triggers creation of a mail contact, not a user mailbox.
Ensure that both homeMDB and msExchHomeServerName values match valid, existing configurations in your Exchange environment.
Hi @Beatriz you’re on the right track & nearly there, and @ManvithaNalabolu06 already highlighted the key points well.
Here’s what to confirm to successfully provision a User Mailbox via ISC:
Do not include externalEmailAddress - this attribute is for mail contacts, not mailboxes. Including it triggers contact creation instead.
Ensure required attributes are present and accurate to create a mailbox, your provisioning policy must include:
A. mailNickname — mailbox alias
B. homeMDB — the target mailbox database name, not its DN
C. msExchHomeServerName — the Exchange server name where the mailbox should be hosted
– Both homeMDB and msExchHomeServerName must match valid, existing resources in your Exchange environment.
Remove msExchRecipientTypeDetails from the policy - This attribute is assigned by Exchange after successful mailbox creation, and cannot be set manually.
My thought about why “ExchangeGuid” error occurs, happens because Exchange attempted to create a UserMailbox object but did not receive all required attributes, including server and database context. This leads to an inconsistent object in AD.
What that you really need to do now is to Update your provisioning policy:
A. Remove externalEmailAddress & msExchRecipientTypeDetails
B. Add correct values for homeMDB (e.g., the mailbox database name) & msExchHomeServerName (e.g., the FQDN of Exchange server)
Did you check the configuration connector documentation? if you are using the exchange configuration you should also add the exchange domain in the forest list.
The forest list must be at the exchange configuration because SailPoint ISC reads what is there and compares it to what is in the DN.
