Managing Exchange "On Premise" and Exchange Online

jplefebvre2 · October 3, 2023, 1:05pm

Hi,

We are facing a new challenge with an Integration in IIQ and we are looking for some help/guidance/recipe for this.

We have the requirement to manage Exchange “on premise” and Exchange Online through IdentityIQ.
We are a bit lost on how to start that kind of integration…

We know that we can manage mailboxes, mailNicknames, aliases (proxyAddresses) and so on through the AD Direct Connector,
but the connector documentation does not clearly indicate which exchanges operations are possible, so this is hard to know if we can cover all the requirements. Can we manage archiving ? RemoteMailbox ? can we disable EmailAddressPolicyEnabled ?

As for Exchange Online, I can see that the O365 connector was deprecated and that we should use the Azure AD connector.
The issue is that we are in Read-Only with Azure (everything related with Azure in our company is managed through the AD on prem and replicated to Azure)

Do we know if there is a way to manage Exchange Online without going in full Provisioning with the Azure Connector ?

Any information that could help us would greatly appreciate it.

drosenbauer · October 3, 2023, 8:49pm

In general, you’re going to have to write Powershell for this.

What I usually do is:

Use the AD connector for the basic provisioning, including on-prem mailboxes.
In the AD connector’s “After Provisioning” rule, fire off a workflow delayed by 1-2 minutes (to allow AD to replicate). My workflow is usually called “AD After Provisioning”. You would use the “Workflow Request” request type for this delayed invocation.
In the workflow, check to see whether a remote mailbox is required and invoke a Powershell rule (and/or script) to do so. (That article is slightly outdated, with some code updates in the linked Compass post. I need to update both of them.)

You can do other things in the workflow, too, like email notifications, etc.

If you need to wait for AD to Azure sync before you create Azure-related artifacts, you can also include an arbitrary delay between two workflow steps.

One big advantage of using a workflow is that the actions can be “replayed”. If something fails, you can have a loop in the workflow that tries again after five minutes. You can also manually launch the same workflow via QuickLink as an administrator or IT helpdesk person.

dheerajk27 · October 4, 2023, 5:57am

Agree With @drosenbauer ,

I also did in same way using PowerShell scripts as nativeRule in Active Directory application.

MVKR7T · October 4, 2023, 8:39am

agree with @drosenbauer

I haven’t used Workflow approach yet, that’s a very good approach.

I have done simple implementation using AD Groups, you can refer this topic and find my response there.
On Premise Exchange Setup - IdentityNow (IDN) / Discussion and Questions - SailPoint Developer Community Forum

system · December 3, 2023, 8:39am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can the OOB Azure provisioning transaction status be changed related to using a script to manage distribution lists and mail enabled security groups IIQ Discussion and Questions	4	656	July 19, 2023
Administrator Permissions for the SharePoint Online Connector IIQ Discussion and Questions aggregation , identityiq , connectors	3	326	November 27, 2023
Office 365 Out of Office SaaS Connector ISC Show and Tell saas-connector , custom-connector , identity-security-cloud , connectors	10	1089	November 21, 2023
IIQ - O365 mail forwarding rules via Azure AD connector IdentityIQ (IIQ)	0	839	January 4, 2022
Read the Powershell commands in a Provisioning IIQ Discussion and Questions identityiq , provisioning	5	560	July 28, 2023

Managing Exchange "On Premise" and Exchange Online

Related Topics