I have not created mailbox just by using AD connector so far, I would like to look into that as well.
But below is the approach I have used in a bit many clients,
- Create an AD Group in On-Prem AD or directly in Azure AD.
- Make sure that this Group will be in scope with Azure AD Sync job, so that Group will sync between on-prem AD and Azure AD.
- Add E3/E5 or any other license your organization is using to the same Group.
- In SailPoint IdentityNow, provision this Group to the users based on your requirements.
- Use native Rules in AD source, ConnectorAfterCreate or ConnectorAfterModify
- Develop PowerShell script which will be triggered from native Rules, Use Enable-RemoteMailBox in PowerShell to enable user mailbox
Thanks
Krish