FIM-GALSYNC: Exchange 2007 Provisioning

FIM-GALSYNC: Exchange 2007 Provisioning

 

Contents

OVERVIEW/GOAL. 1

UNDERSTANDING THE IDENTITY PRODUCT YOU HAVE INSTALLED.. 1

PREREQUISITES. 2

Reason: 2

POSSIBLE ISSUES. 3

ADDITIONAL INFORMATION.. 3

Permissions for the GalSync User. 3

GalSync Solution between Microsoft Exchange 2007 and Microsoft Exchange 2010. 3

General GalSync Information.. 3

Exchange 2010 Provisioning.. 3

 SEE ALSO

 

OVERVIEW/GOAL

The goal of this article is to provide information on setting up a GalSync Management Agent to provision a mail-enabled contact object to Microsoft Exchange 2007. 

The focus of the article is from a GalSync perspective, but the information in the article can also be applied to a standard Active Directory Management Agent ( AD MA ) that is provisioning to Microsoft Exchange 2007.

UNDERSTANDING THE IDENTITY PRODUCT YOU HAVE INSTALLED

First, you need to understand which identity product that you are utilizing and how interacts with provisioning the mail-enabled contact object to Microsoft Exchange 2007.

Microsoft Identity Integration Server 2003  ( MIIS 2003 )

Microsoft Identity Integration Feature Pack ( IIFP )

These two products came out prior to Microsoft Exchange 2007.  They were designed to work with previous versions of Microsoft Exchange. 

That stated, you should still be able to provision the mail-enabled contact object to Microsoft Exchange 2007, but you will have to execute a Microsoft Exchange PowerShell CmdLet on the Microsoft Exchange 2007 Server. 

The following Microsoft Knowledge Base Article discusses this further.

http://support.microsoft.com/kb/951077

Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 ( ILM 2007 FP1 )

Out of the box, ILM 2007 FP1 does support provisioning to Microsoft Exchange 2007.  You will find a checkbox on the Configure Extensions tab for Microsoft Exchange 2007 provisioning. 

Two pieces of software are required installed on the Synchronization Service Server in order for this to work. 

Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 Service Pack 1

( ILM 2007 FP1 SP1 )

Microsoft Forefront Identity Manager 2010

( FIM 2010 )

ILM 2007 FP1 SP1 and FIM 2010 now contain a dropdown on the Configure Extensions Tab.  The dropdown allows you to configure the GalSync Management Agent to provision to either Exchange 2007 or Exchange 2010.

Two pieces of software are required installed on the Synchronization Service Server in order for this to work. 

PREREQUISITES

In order to provision mail-enabled contact objects to Microsoft Exchange 2007, you will need to install the following software on the Synchronization Service machine.  This only applies to ILM 2007 FP1, ILM 2007 FP1 SP1, FIM 2010 and later.

  1. Microsoft Exchange 2007 Management Tools Service Pack 1 or later.
    1. Service Pack 3 is preferred here, as there was several roll up updates which fixed several issues with the Update-Recipient PowerShell CmdLet.
    2. Recommend to go to the Microsoft Download Center to download the Microsoft Exchange 2007 Management Tools.
  2. Microsoft Windows PowerShell v1 or v2

Reason:

Microsoft Exchange 2007 and later no longer contain the Recipient Update Services ( RUS ).  The Microsoft Exchange Product Group developed a PowerShell CmdLet called Update-Recipient.  Update-Recipient is delivered with the Microsoft Exchange 2007 Management Tools Service Pack 1 and later.

The Synchronization Service Engine calls Update-Recipient locally on the Synchronization Service Manager machine, which is why we need the two pieces of software installed.

POSSIBLE ISSUES

You may select Exchange 2007 provisioning, but then you receive "ma-extension-error” when exporting to Microsoft Exchange 2007.  You review the application event log, and find several errors. 

A majority of the time, this is caused because Exchange 2007 provisioning is not properly configured.  This means, either we do not have the prerequisites installed, or we do not have the correct permissions on the GalSync user.

ADDITIONAL INFORMATION

Permissions for the GalSync User :  The GalSync user requires additional permissions to be able to provision to Microsoft Exchange 2007.  You can find them documented here.

GalSync Solution between Microsoft Exchange 2007 and Microsoft Exchange 2010 : You may have a situation where you are executing a GalSync Solution between Microsoft Exchange 2007 and Microsoft Exchange 2010.  Review this wiki for more information on an issue that you may encounter.

General GalSync Information : The GalSync Resources Wiki provides information on several pieces of information dealing with GalSync.

Exchange 2010 Provisioning : Review this wiki for information on the Exchange 2010 provisioning.


SEE ALSO
 
Exchange Provisioning using ILM 2007 and FIM 2010

Leave a Comment
  • Please add 1 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Tim Macaulay edited Revision 1. Comment: added link to the ma-extension-error page

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Tim Macaulay edited Revision 1. Comment: added link to the ma-extension-error page

Page 1 of 1 (1 items)