Hi,
I am completely have no idea. The requirement is to create mail-enabled groups and convert distribution list to mail-enabled groups.
I want to know step by step process in detail.
Thanks
Deepak
Hi @vedeepak
are you talking about Mail Enabled Azure AD groups ?
do you have azure ad or entra id integration and are you talking about these groups
the ask is to create mail enabled groups for AD application.
The options you have,
a. create AD Group with GroupScope = Universal by plan
b. call Powershell to make it mail enabled (uses Enable-DistributionGroup cmdlet)
- Active Directory Connector - FAQ and troubleshooting - Compass ( here you will get all details )
c. Modify the group to make groupScope = Global, so you can add members.
Let me know if you need any help on writing these steps.
thanks,
Pravin
1 Like
Hello @pravin_ranjan
Thanks for the reply, I was looking into the FAQ document that you have shared. I see something related to “Exch_”.
<ProvisioningPlan>
<AccountRequest application="ADRW2" op="Create" nativeIdentity="CN=testMailbox,OU=NewOU,DC=exch2007dc,DC=local" type="entitlement">
<AttributeRequest op="Add" name="ObjectType" value="User" />
<AttributeRequest op="Add" name="sAMAccountName" value="testMailbox" />
<AttributeRequest op="Add" name="*password*" value="L9uvGWk6LbLxDpv0RZPDUA==" />
<AttributeRequest name="IIQDisabled" op="Add" value="true"/>
<AttributeRequest name="mailNickname" op="Add" value="Room5"/>
<AttributeRequest name="homeMDB" op="Add" value="CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=VM-W2K8-01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exch2007dc,DC=local"/>
<AttributeRequest name="Exch_AcceptMessagesOnlyFromDLMembers" op="Add">
<Value>
<List>
<String>ExchGroup@exch2007dc.local</String>
<String>NGP434@exch2007dc.local</String>
</List>
</Value>
</AttributeRequest>
<AttributeRequest name="Exch_PrimarySmtpAddress" op="Add" value="Equipment11@exch2007dc.local"/>
<AttributeRequest name="Exch_Type" op="Add" value="Room"/>
<AttributeRequest name="Exch_EmailAddressPolicyEnabled" op="Add">
<Value>
<Boolean>true</Boolean>
</Value>
</AttributeRequest>
<AttributeRequest name="Exch_HiddenFromAddressListsEnabled" op="Add">
<Value>
<Boolean>true</Boolean>
</Value>
</AttributeRequest>
</AccountRequest>
</ProvisioningPlan>
Could you please explain what it the purpose and why we need to use. Is there anything happen if I pass “Exch_” in provision plan. If you have any reference on the usage please share that would be helpful me.
Thanks,
Deepak
Exch_ is for mailbox creation. it has prefix of exch_.
if you are setting mailnickname then it will trigger the mail box creation by connector.
some links :
How to create exchange mailbox - Compass ( Vishal explained very well here )
Solved: IdentityIQ 8.2 Integration with Microsoft Exchange - Compass
Let me know if that works for you.
Hello @pravin_ranjan ,
Thanks for sharing the reference. Correct me if I am wrong seems like “Exch_” only Is for users and contacts but not for mail-enabled groups..
I have tried in test rule and pass object type as “group” and Exch_Type as “Distribution” in provisioning plan. Below is a reference that I used in test rule
objRequest.add(new AttributeRequest("exch_externalEmailAddress", ProvisioningPlan.Operation.Set, "groupMailBox@test.com"));
objRequest.add(new AttributeRequest("mailNickname", ProvisioningPlan.Operation.Set, "groupMailBox@test.com"));
objRequest.add(new AttributeRequest("Exch_PrimarySmtpAddress", ProvisioningPlan.Operation.Set, "groupMailBox@test.com"));
objRequest.add(new AttributeRequest("Exch_Type", ProvisioningPlan.Operation.Set, "Distribution"));
So here all attributes are getting committed except mailNickname, its giving an error “The specified directory service attribute or value does not exist”. I checked in schema attribute and as well as in AD server as well and mailNickname is present.
What I observe after committed, its creating an group object in AD, but I am not sure where to check if it really created an exchange for mail-enabled groups. Please correct me If I am doing wrong approach with my test rule.
To create a mail-enabled groups is there any approach via “Exch_” or we need to use PowerShell script? this is were I am bit confused. If you could provide right approach then that would be helpful for me to move to next step.
I don’t see GroupScope=Universal in your plan. pls make sure GroupScope should be set Universal.
Active Directory Connector - FAQ and troubleshooting - Compass
if possible then pls share the complete plan after adding GroupScope and value should be Universal.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.