Exchange

Owned by Universal Importer for Confluence
Last updated: Apr 16, 2019 by Patrick Parker
6 min read

If your environment has Microsoft Exchange, you can configure EmpowerID to inventory and enforce permissions for your Exchange organization. If you are using Exchange, EmpowerID automatically discovers the organization during the initial Active Directory forest scan, categorizes it as a Resource System, and creates a record within the ExchangeMailbox table of the EmpowerID Identity Warehouse for each mailbox within the organization. 

To work with Exchange after the initial inventory, you must:

  • Enable the Exchange Management Host Web Service on an EmpowerID Web server, enabled by default on All-In-One and Web Front-End server roles.
  • Configure the Exchange Resource System to talk to the host on the specified EmpowerID Web server

EmpowerID directs all traffic for Exchange through the EmpowerID Exchange Services Web site and application pool in IIS.

To configure Exchange management

  1. Log into the EmpowerID web application as an administrator.
  2. In the navigation pane, expand Admin, then Applications and Directories, and select Account Stores and Systems.
  3. On the Resource Systems tab, the Exchange Organization appears as a Microsoft Exchange system type in the grid.



  4. Click the Display Name link of the Exchange Organization. In the Resource System Details page that appears, you can run inventory or other jobs. To edit the settings, click the Edit icon on the name of the organization.



  5. In the edit view of the page, you can edit values in any of the enabled fields on several tabs as detailed in the tables below. Do not enable inventory until the end.

  6. When you have finished editing, click Save.

    Clicking the Save button on any of the tabs saves any changed settings on all of the tabs, so there is no need to save it after each tab.

Settings Tab


Setting Description
Load Balancing Scheme 

Click the drop-down arrow to select how EmpowerID decides which server to add new mailboxes to when there are multiple Exchange servers.

  • Count — Finds the mailbox store within the specified load-balancing group with the least number of existing mailboxes.
  • Custom Logic — Uses a custom load-balancing scheme that your developers create by modifying the following stored procedure in the EmpowerID Identity Warehouse:
    dbo.Custom_ExchangeMailboxObjectContainer_GetByCustomerGroupCustomLogic     
  • Quota Based — Compares the amount of storage space allocated for existing mailboxes against the value set as the maximum capacity for the mailbox store and selects the mailbox store within the load-balancing groups specified with the most unallocated space.
  • Random — Selects mailbox stores randomly.



Inventory Tab


Setting Description
Inventory Enabled 

Select to allow EmpowerID to inventory the Exchange organization.

Inventory Calendar Permissions EnabledSelect to allow EmpowerID to inventory calendar permissions for the Exchange organization.



Projection Tab


Setting Description
Resource Role Group Membership Projection Enabled 

Select to allow EmpowerID to dynamically manage the membership of the organization's groups, adding and removing users to and from groups based on policy-based assignment rules.

Projection Interval: StartSet the date on which to begin projection. By default, this is set to the creation date of the account store.
Projection Interval: EndSet the date on which to stop projection. By default, this is set to ten years after the creation date of the account store, but since Run Indefinitely is selected by default, this value is ignored unless you clear that checkbox.
Projection Interval: (units)

Select the units for the interval at which to run projection. By default, this is set to 10 minutes.

  • Once — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run projection.
  • Hour Interval — If you select this value, enter the number of hours between projection runs in the Interval box below.
  • Weekly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the day and time at which to run projection.
  • Minute Interval — If you select this value, enter the number of minutes between projection runs in the Interval box below.
  • Daily — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run projection each day.
  • Monthly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the months, days, and time at which to run projection.
Run IndefinitelySelect to allow projection to run indefinitely, ignoring the End date.
Interval: (number)Set the number of units for the interval at which to run projection. By default, this is set to 10 minutes.



Enforcement Tab


Setting Description
Resource Role Group Rights Enforcement Enabled 

Select to allow EmpowerID to determine who should have access to what in Exchange based on their assignments to Access Levels in EmpowerID and to enforce it using domain local groups (Resource Role Groups).

Enforcement TypeSelect to specify how EmpowerID is to enforce rights in native systems. 
  • No Action — No rights enforcement action occurs.
  • Projection with Enforcement — Changes to rights within EmpowerID occur within EmpowerID and are enforced within the native environment.
  • Projection with No Enforcement — Changes to rights within EmpowerID occur only within EmpowerID; they are not passed on to the native environment.
  • Projection with Strict Enforcement — EmpowerID overrides any changes made in the native environment. All changes made must occur within EmpowerID to be accepted. (Applies only to Active Directory groups.)
Schedule: StartSet the date on which to begin enforcement. By default, this is set to the creation date of the account store.
Schedule: EndSet the date on which to stop enforcement. By default, this is set to ten years after the creation date of the account store, but since Run Indefinitely is selected by default, this value is ignored unless you clear that checkbox.
Interval: (units)

Select the units for the interval at which to run enforcement. By default, this is set to 10 minutes.

  • Once — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run enforcement.
  • Hour Interval — If you select this value, enter the number of hours between enforcement runs in the Interval box below.
  • Weekly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the day and time at which to run enforcement.
  • Minute Interval — If you select this value, enter the number of minutes between enforcement runs in the Interval box below.
  • Daily — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the time at which to run enforcement each day.
  • Monthly — If you select this value, the Interval box below is replaced with a Times control that allows you to specify the months, days, and time at which to run enforcement.
Run IndefinitelySelect to allow enforcement to run indefinitely, ignoring the End date.
Interval: (number)Set the number of units for the interval at which to run enforcement. By default, this is set to 10 minutes.
Enforcement FrequencySet the re-enforcement frequency in minutes.



Related Content

In this article