...
If your environment has Microsoft Exchange, you can configure EmpowerID to inventory and enforce permissions for your Exchange organization. If you are using Exchange, EmpowerID automatically discovers the organization during the initial Active Directory forest scan, categorizes it as a Resource System, and creates a record within the ExchangeMailbox table of the EmpowerID Identity Warehouse for each mailbox within the organization.
To work with Exchange after the initial inventory, you must:
Enable the Exchange Management Host Web Service on an EmpowerID Web server, enabled by default on All-In-One and Web Front-End server roles.
Configure the Exchange Resource System to talk to the host on the specified EmpowerID Web server
EmpowerID directs all traffic for Exchange through the EmpowerID Exchange Services Web site and application pool in IIS.
To configure Exchange management
...
On the navbar, expand Admin, then Applications and Directories, and select Account Stores and Systems.
...
Select the Resource Systems tab
...
and then search for the Exchange Organization
...
that you want to configure.
Click the Display Name link
...
for the
...
organization.
...
On the Account Store Details page that
...
| Info |
|---|
Clicking the Save button on any of the tabs saves any changed settings on all of the tabs, so there is no need to save it after each tab. |
Settings Tab
...
Click the drop-down arrow to select how EmpowerID decides which server to add new mailboxes to when there are multiple Exchange servers.
- Count — Finds the mailbox store within the specified load-balancing group with the least number of existing mailboxes.
- Custom Logic — Uses a custom load-balancing scheme that your developers create by modifying the following stored procedure in the EmpowerID Identity Warehouse:
dbo.Custom_ExchangeMailboxObjectContainer_GetByCustomerGroupCustomLogic - Quota Based — Compares the amount of storage space allocated for existing mailboxes against the value set as the maximum capacity for the mailbox store and selects the mailbox store within the load-balancing groups specified with the most unallocated space.
- Random — Selects mailbox stores randomly.
Inventory Tab
...
Select to allow EmpowerID to inventory the Exchange organization.
...
Projection Tab
...
Select to allow EmpowerID to dynamically manage the membership of the organization's groups, adding and removing users to and from groups based on policy-based assignment rules.
...
Select the units for the interval at which to run projection. By default, this is set to 10 minutes.
- Once — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run projection.
- Hour Interval — If you select this value, enter the number of hours between projection runs in the Interval box below.
- Weekly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the day and time at which to run projection.
- Minute Interval — If you select this value, enter the number of minutes between projection runs in the Interval box below.
- Daily — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run projection each day.
- Monthly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the months, days, and time at which to run projection.
...
Enforcement Tab
...
Select to allow EmpowerID to determine who should have access to what in Exchange based on their assignments to Access Levels in EmpowerID and to enforce it using domain local groups (Resource Role Groups).
...
- No Action — No rights enforcement action occurs.
- Projection with Enforcement — Changes to rights within EmpowerID occur within EmpowerID and are enforced within the native environment.
- Projection with No Enforcement — Changes to rights within EmpowerID occur only within EmpowerID; they are not passed on to the native environment.
- Projection with Strict Enforcement — EmpowerID overrides any changes made in the native environment. All changes made must occur within EmpowerID to be accepted. (Applies only to Active Directory groups.)
...
Select the units for the interval at which to run enforcement. By default, this is set to 10 minutes.
- Once — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run enforcement.
- Hour Interval — If you select this value, enter the number of hours between enforcement runs in the Interval box below.
- Weekly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the day and time at which to run enforcement.
- Minute Interval — If you select this value, enter the number of minutes between enforcement runs in the Interval box below.
- Daily — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run enforcement each day.
- Monthly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the months, days, and time at which to run enforcement.
...
...
opens, select the Resource System tab and then click the Edit icon to put the resource system in edit mode.
This opens the edit form for the Exchange resource system. Settings that can be edited are described in the table below the image.
Insert excerpt IL:Exchange Settings IL:Exchange Settings nopanel true Edit settings as needed and then click Save.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|