Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (Microsoft)
  • When: 2 Nov 2011 5:29 AM
  • Last revision by (eMicrosoft Partne)
  • When: 1 May 2013 3:43 PM
  • Revisions: 11
  • Comments: 7
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  REFERENCE: Configuring Exchange 2010 Provisioning

REFERENCE: Configuring Exchange 2010 Provisioning

REFERENCE: Configuring Exchange 2010 Provisioning

Table of Contents

 

OVERVIEW / PURPOSE / GOAL
The purpose or goal of this document is to provide guidance on setting up, configuring a Global Address List Synchronization (GalSync) solution where you will be provisioning mail-enabled contact objects to a Microsoft Exchange 2010 Forest.  There are some key prerequisites that we need to ensure that we have in place prior to configuring our GalSync Solution to ensure that we are able to work with the Microsoft Exchange 2010 Forest.

Please note, that while this document focuses on a Global Address List Synchronization (GalSync) Solution, these prerequisites are needed for a solution where you are using an Active Directory Management Agent to export to Microsoft Exchange 2010 to create and update mail-boxes, or mail-enabled users, or mail-enabled contacts.
 

WHICH IDENTITY PRODUCT DO YOU HAVE INSTALLED?

The first thing is to understand which Identity Management product that you have currently installed.  This is important, as there are certain Identity Management products that are designed to work with Microsoft Exchange 2010 out of the box (OOB).

IIFP / MIIS 2003 / ILM 2007 RTM

These products all came out prior to the release of Microsoft Exchange Server 2010. They were not designed to work with Microsoft Exchange 2010 Out of the Box (OOB). You may be able to customize the management agents and get them to at-least export the mail-enabled contact object to Active Directory. However, you will not be able to see it in the GAL.

You may consider reviewing the following Microsoft Knowledge Base Article where we discuss using these products to export to Microsoft Exchange 2007. The PowerShell CMDLETs exist on Microsoft Exchange 2010, and you may be able to utilize them to help.

ILM 2007 FEATURE PACK 1

This product is not designed to work with Microsoft Exchange 2010 Out of the Box (OOB). You will need to upgrade to Identity Lifecycle Manager 2007 Feature Pack 1 Service Pack 1 (3.3.1139.2).

ILM 2007 FP1 SP1 / FIM 2010 / FIM 2010 R2

 These products have been designed to work with Microsoft Exchange 2010 Out of the Box (OOB). On the Configure Extensions Tab of the Management Agent properties, you will see a drop down to determine the type of Exchange Provisioning. In that drop down, you will have the option to select Exchange 2010.

You will be required to enter the URI. The URI is the path to the Exchange 2010 Client Access Server (CAS) where the Exchange PowerShell CMDLETs are installed.

PREREQUISITES

WINDOWS POWERSHELL V2

Windows PowerShell v2 is required to be installed on the Synchronization Service Machine. 

Microsoft Exchange 2003 contained a service known as Recipient Update Services (RUS).  In Microsoft Exchange 2007 the RUS went away, remained that way in Microsoft Exchange 2010.  An Exchange PowerShell CMDLET called Update-Recipient was created by the Exchange Product Group to update the objects exported with all necessary Exchange related attributes.  For Exchange 2010 Provisioning in a GalSync Solution, we call Update-Recipient remotely using WinRM. 

You can download Windows PowerShell v2 and WinRM from here.

GALSYNC USER PERMISSIONS

The GalSync User account will require some special permissions for Exchange 2010 provisioning. 
For Exchange 2010 Provisioning, the GalSync User will need to be a member of the Exchange Organization Administrators Group.
For additional information on permissions, review the Permissions for GalSync User document on the GalSync Resource Wiki.

URI TO CLIENT ACCESS SERVER

This is not really a prerequisite, as much as it is a requirement for Exchange 2010 Provisioning.  I have it listed as a prerequisite because it would be good to know this information up front before the creation of your Exchange 2010 GalSync Management Agent.

In the GalSync Management Agent Properties, on the Configure Extensions tab, there is a dropdown to select the type of provisioning.  There you will select Exchange 2010.  You will notice a text box appears looking for a URI.  The URI is a http path to the Exchange 2010 Client Access Server (CAS).  Follow the steps outlined here to get the information for the URI. 

If you do not know this information prior to creating the GalSync Management Agent, you will need it once you select Exchange 2010 for the Provisioning For dropdown.

POSSIBLE ISSUES

EXPORT ISSUES

In most cases, we have seen problems with exporting to Microsoft Exchange 2010.  You could see things like:

  • ma-extension-error
    • Troubleshooting, or looking for more informatition on this errror message, can be found in the Application Event Log.
  • slow export to exchange 2010
    • We have seen this on occasion.  This normally has to do with a .NET Framework issue, and we should be able to resolve the issue with the following wiki.
  • timeout issue

ADDITIONAL INFORMATION

 SEE ALSO

 

, , , , , , , , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 4 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 2 Aug 2012 9:34 AM

    Richard Mueller edited Revision 6. Comment: Fixed HTML <h> tags so TOC works

  • 14 May 2012 3:00 PM

    Tim Macaulay edited Revision 5. Comment: updated the title

  • 2 Nov 2011 5:55 AM

    Tim Macaulay edited Revision 3. Comment: added link to the ma-extension-error page

  • 2 Nov 2011 5:44 AM

    Tim Macaulay edited Original. Comment: added the possible issues section, and the link to Exchange 2007 provisioning

Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 2 Nov 2011 5:44 AM

    Tim Macaulay edited Original. Comment: added the possible issues section, and the link to Exchange 2007 provisioning

  • Posted by
    on 2 Nov 2011 5:55 AM

    Tim Macaulay edited Revision 3. Comment: added link to the ma-extension-error page

  • Posted by
    on 14 May 2012 3:00 PM

    Tim Macaulay edited Revision 5. Comment: updated the title

  • Posted by
    on 2 Aug 2012 9:34 AM

    Richard Mueller edited Revision 6. Comment: Fixed HTML <h> tags so TOC works

  • Posted by
    on 23 Nov 2012 10:42 PM

    Good one !

  • Posted by
    on 1 May 2013 3:43 PM

    Carsten Siemens edited Revision 9. Comment: fixed typo

  • Posted by
    on 2 May 2013 6:09 AM

    good work

Page 1 of 1 (7 items)