Data import
The Exchange Hybrid Connectivity relies on Microsoft Active Directory Connectivity and Microsoft Microsoft Entra ID Connectivity if using Exchange Hybrid for the correct operation. It is necessary to configure and import data from Active Directory and Microsoft Entra ID (for Exchange Hybrid Connectivity) before you can import data from Microsoft Exchange.
You likely have only one Microsoft Exchange system, but you can manage more Exchange systems if required. Two companies may merge without merging their Exchange systems:
-
For each Exchange system, you must configure the following properties:
- the connection details
- the Active Directory (or Microsoft Entra ID) trust
- the provisioning type
-
Exchange Hybrid Connectivity integrates with Exchange using remote PowerShell. You must specify the URI to the PowerShell interface and the credentials associated with the system.
-
After the initial load from Exchange, the new Exchange system is created in Omada Identity and is then ready for the remaining configuration.
-
Configure the Active Directory (or Microsoft Entra ID) trust by specifying the system's domain (or domains) that the Exchange system integrates with.
-
Configure the Exchange system to use OPS for provisioning of resource assignments.
General settings
| Setting | Description |
|---|---|
| Name | Type a unique name for the system. Two systems cannot have the same name. |
| System ID | Type a unique System ID for the system. Two systems cannot have the same System ID. You cannot change this setting. |
| Description | Type an optional description of the system. |
| Status | Status of the system. Set the status to Removed to ensure the system is no longer included in warehouse imports, reconciliation, or provisioning. Setting a system as Removed will delete all objects referring to the system, including resources, manual and automated provisioning tasks, and assignment policies. |
| Content | This option is disabled and can be selected only when onboarding the Exchange Hybrid Connector. |
| Trusts | Select one or more trusted systems to associate with the system. |
| Prevent self-service | Optionally, decide if it will be possible or not to request the resource in a self-service requests in that system. |
Trust is specifically designed for use between physical systems. It is not intended for use between logical and physical systems.
Connection details
| Setting | Description |
|---|---|
| Server Type | Select Local, if you are onboarding an on-premises Exchange organization. Select Hybrid, if you are onboarding a hybrid Exchange deployment. A hybrid Exchange deployment consist of an on-premises Exchange organization (Local) and Exchange Online (Cloud). When Local is selected, only the details for the on-premises Exchange will be visible. |
| Local: Connection URI | The URL for Exchange PowerShell, for example: https://[hostname]/powershell |
| Local: Authentication | Select the authentication method to use. Can be: Basic, Credssp, Default, Digest, Kerberos, Negotiate, Negotiate implicit credentials. Check in the Internet Information Services that the PowerShell folder under the Default Website is configured for the desired authentication type. You can configure the authentication methods for the /powershell URL the PowerShell cmdlet Set-PowerShellVirtualDirectory and not IIS. For more information refer to Microsoft documentation. You can find more information on various authentication types on Microsoft MSDN here. |
| Local: Username | Specify the username for the account that is used to read data from Exchange. If you leave this field blank, the username specified for importing is used. |
| Local: Password | Specify the password for the account used, if you have entered a username in the field above. |
| Local: Session options | Advanced options for the PowerShell session. For information about possible parameters and their functions, refer to the New-PSSessionOption article or the PSSessionOption Class article. - SkipCACheck -SkipCNCheck -SkipRevocationCheck |
| Local: Organizational unit | Optional parameter. The parameter is not used for connecting, but for filtering the mailbox. It can be a simple name or a fully distinguished name like OU=MiniTest,DC=odwad,DC=test. For specifying multiple organizational units, use the | symbol to separate them. |
| Local: Import threads | Specify the number of threads to use for import. Configure the number of simultaneous PowerShell sessions to use for retrieving the Send as and Full access information and speed up the run time for these two permissions. Use this setting for an asynchronous PowerShell to speed up the run time, wherever possible. Members of admin groups are fetched asynchronously. The default value is 6 (six) for Local and 1 (one) for Cloud. |
| Cloud: Connection URI | The URL for Exchange Online PowerShell. refer to Connect to Exchange Online PowerShell in order to find the right URL for your Exchange Online organization. Example: https://outlook.office365.com/powershell-liveid |
| Cloud: Authentication | The authentication method to use with the Exchange system. You can use the following authentication methods: - Certificate thumbprint (on-premises only, not available in Omada Identity Cloud) - Certificate with password |
| Cloud: Organization | Specify the organization that's used in certificate based authentication. Be sure to use an .onmicrosoft.com domain for the parameter value. |
| Cloud: Application ID | Specifies the application ID of the service principal that's used in certificate based authentication. |
| Cloud: Certificate (PEM format) | Specify the certificate used for certificate based authentication. Value should be enclosed with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- |
| Cloud: Private key (PEM format) | Specify the private key used for certificate based authentication. Value should be enclosed with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- |
| Cloud: Session options | Advanced options for the PowerShell session. refer to New-PSSessionOption for the list of options. -SkipCACheck -SkipCNCheck -SkipRevocationCheck |
| Cloud: Import threads | Specify the number of threads to use for import against Exchange Online. Check your tenant for max allowed sessions. |
| Test connection | Enable this setting to test the connection information that you have specified. If you want to use this functionality you must install Omada Provisioning Service and make sure it has the necessary permissions to communicate with the target system. |
Queries and mappings
Out of the box, the Exchange Hybrid Connectivity provides the following mappings. The suggested list of destinations to have the History checkbox enabled:
- PRIMARY_EMAIL
- ADDITIONAL_EMAILS
- HIDEINADDRESSLIST
- ISSUEWARNINGQUOTA
- PROHIBITSENDQUOTA
- PROHIBITSENDRECEIVEQUOTA
- WEBMAIL
- MAILBOXLOCATION
Generic resources
Parameters
| Parameter | Value |
|---|---|
| Source | Generic resources |
| Query scope | Local |
| Distinct | Yes |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName, BusinessKey) |
| Security resource business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName, BusinessKey) |
| Name | Map | Name |
| Category | Map | Category |
| Type | Map | Type |
| Logical key | Expression | string.Format("{0}_{1}", BuiltIn.SystemShortName, BusinessKey) |
Role Groups
Parameters
| Parameter | Value |
|---|---|
| Source | Administrative resources |
| Query scope | Local and Cloud |
| Distinct | No |
| Filter | Type=="RoleGroups" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | string.Format("<system>{0}</system><resource>{1}</resource>",BuiltIn.SystemShortName, RoleGroupSamAccountName.ToLower() ) |
| Security resource business key | Expression | string.Format("<system>{0}</system><resource>{1}</resource>",BuiltIn.SystemShortName, RoleGroupSamAccountName.ToLower() ) |
| Name | Map | RoleGroupName |
| Category | Constant | Group |
| Type | Constant | Exchange Admin Role Group |
| Distinguished name | Map | RoleDistingushedName |
| Description | Map | RoleGroupDescription |
| Scope | Map | Scope |
| RoleGroup Type | Map | RoleGroupType |
Members group
Parameters
| Parameter | Value |
|---|---|
| Source | Administrative resources |
| Query scope | Local and Cloud |
| Distinct | No |
| Filter | Type=="Members" && RecipientType?.ToString().IndexOf("Group") !=-1 |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Indirect | Constant | 0 |
| Parent resource business key | Expression | string.Format("<system>{0}</system><resource>{1}</resource>",BuiltIn.SystemShortName, RoleGroupSamAccountName.ToLower() ) |
| Child resource - business key | Lookup | DistinguishedName=MemberDistinguishedName |
Local user mailboxes
Parameters
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Query scope | Local |
| Mailbox subtype | UserMailbox,LinkedMailbox |
| Distinct | No |
| Filter | Type=="User mailbox" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName,RecipientTypeDetails) |
| Account - CBK | Lookup | Path=Identity |
| Business key | Expression | Type=="User mailbox"?"<exchangeguid>"+ExchangeGuid+"</exchangeguid>":null |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| WEBMAIL | Map | OWAEnabled |
| MAILBOXLOCATION | Map | MailboxLocation |
Local shared mailboxes
Parameters
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Query scope | Local |
| Mailbox subtype | DiscoveryMailbox, EquipmentMailbox, GroupMailbox, LegacyMailbox, LinkedMailbox, LinkedRoomMailbox, RoomMailbox, SchedulingMailbox, SharedMailbox, TeamMailbox |
| Distinct | No |
| Filter | Identity != null && Type !="Full access" && Type !="Send as" && Type !="Send on behalf" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName,RecipientTypeDetails) |
| Account - CBK | Lookup | Path=Identity |
| Business key | Expression | Type=="User mailbox"?"<exchangeguid>"+ExchangeGuid+"</exchangeguid>":null |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| LINKEDMAILBOXDOMAIN | Map | LinkedMasterAccount |
| WEBMAIL | Map | OWAEnabled |
| MAILBOXLOCATION | Map | MailboxLocation |
Local mailbox access
Parameters
| Parameter | Value |
|---|---|
| Source | Mailbox access |
| Query scope | Local |
| Mailbox subtype | UserMailbox,EquipmentMailbox,RoomMailbox,SharedMailbox,LinkedMailbox |
| Distinct | No |
| Filter | LinkedMasterAccount != null && LinkedMasterAccount != "NT AUTHORITY" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName, Type == "Full access" ? "fullmailboxaccess": "sendasmailboxaccess") |
| Account - CBK | Lookup | Name=LinkedMasterAccount |
| Target - CBK | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", LinkedMasterAccount, Type, ExchangeGuid) |
| LinkedMasterAccount | Map | LinkedMasterAccount |
| AccessType | Map | Type |
| MAILBOXREF | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
Local send on behalf (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Query scope | Local |
| Mailbox subtype | UserMailbox,LinkedMailbox,DiscoveryMailbox,EquipmentMailbox,GroupMailbox,LegacyMailbox,LinkedRoomMailbox,RoomMailbox,SchedulingMailbox,SharedMailbox,TeamMailbox |
| Distinct | No |
| Filter | Type=="Send on behalf" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>sendonbehalfofmailboxaccess</genericresource>",BuiltIn.SystemShortName) |
| Account - CBK | Lookup | Path=GrantSendOnBehalfTo |
| Target - CBK | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", GrantSendOnBehalfTo, Type, ExchangeGuid) |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| Identity | Map | Identity |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| ExternalDirectoryObjectID | Map | ExternalDirectoryObjectID |
| GrantSendOnBehalfTo | Map | GrantSendOnBehalfTo |
| MAILBOXREF | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
Local role assignments (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Administrative resources |
| Query scope | Local |
| Distinct | No |
| Filter | Type=="Members" && RecipientType?.ToString().IndexOf("Group") < 0 |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><resource>{1}</resource>",BuiltIn.SystemShortName, RoleGroupSamAccountName.ToLower() ) |
| Account - CBK | Lookup | DistinguishedName=MemberDistinguishedName |
| Description | Map | RecipientType |
Cloud user mailboxes (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Query scope | Cloud |
| Mailbox subtype | UserMailbox,LinkedMailbox |
| Distinct | No |
| Filter | Type=="User mailbox" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName,RecipientTypeDetails) |
| Account - CBK | Lookup | BusinessKey=ExternalDirectoryObjectID |
| Business key | Expression | Type=="User mailbox"?"<exchangeguid>"+ExchangeGuid+"</exchangeguid>":null |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| WEBMAIL | Map | OWAEnabled |
| MAILBOXLOCATION | Map | MailboxLocation |
Cloud shared mailboxes (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Query scope | Cloud |
| Mailbox subtype | DiscoveryMailbox, EquipmentMailbox, GroupMailbox, LegacyMailbox, LinkedMailbox, LinkedRoomMailbox, RoomMailbox, SchedulingMailbox, SharedMailbox, TeamMailbox |
| Distinct | No |
| Filter | Identity != null && Type !="Full access" && Type !="Send as" && Type !="Send on behalf" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName,RecipientTypeDetails) |
| Account - CBK | Lookup | BusinessKey=ExternalDirectoryObjectID |
| Business key | Expression | Type=="User mailbox"?"<exchangeguid>"+ExchangeGuid+"</exchangeguid>":null |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| LINKEDMAILBOXDOMAIN | Map | LinkedMasterAccount |
| WEBMAIL | Map | OWAEnabled |
| MAILBOXLOCATION | Map | MailboxLocation |
Cloud mailbox access (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Mailbox access |
| Query scope | Cloud |
| Mailbox subtype | UserMailbox,EquipmentMailbox,RoomMailbox,SharedMailbox,LinkedMailbox |
| Distinct | No |
| Filter | LinkedMasterAccount != null && LinkedMasterAccount != "NT AUTHORITY" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName, Type == "Full access" ? "fullmailboxaccess": "sendasmailboxaccess") |
| Account - CBK | Lookup | Name=LinkedMasterAccount |
| Target - CBK | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", LinkedMasterAccount, Type, ExchangeGuid) |
| LinkedMasterAccount | Map | LinkedMasterAccount |
| AccessType | Map | Type |
| MAILBOXREF | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
Cloud send on behalf (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Query scope | Cloud |
| Mailbox subtype | UserMailbox,LinkedMailbox,DiscoveryMailbox,EquipmentMailbox,GroupMailbox,LegacyMailbox,LinkedRoomMailbox,RoomMailbox,SchedulingMailbox,SharedMailbox,TeamMailbox |
| Distinct | No |
| Filter | Type=="Send on behalf" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>sendonbehalfofmailboxaccess</genericresource>",BuiltIn.SystemShortName) |
| Account - CBK | Lookup | Path=GrantSendOnBehalfTo |
| Target - CBK | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", GrantSendOnBehalfTo, Type, ExchangeGuid) |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| Identity | Map | Identity |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| ExternalDirectoryObjectID | Map | ExternalDirectoryObjectID |
| GrantSendOnBehalfTo | Map | GrantSendOnBehalfTo |
| MAILBOXREF | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
Cloud role assignments (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Administrative resources |
| Query scope | Cloud |
| Distinct | No |
| Filter | Type=="Members" && RecipientType?.ToString().IndexOf("Group") < 0 |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><resource>{1}</resource>",BuiltIn.SystemShortName, RoleGroupSamAccountName.ToLower() ) |
| Account - CBK | Lookup | UID=MemberName |
| Description | Map | RecipientType |
Distribution groups (Resource)
Microsoft Exchange Hybrid can also support local distribution groups. The default settings are configured for the cloud instance. To import local distribution groups, change the default queries.
By default, there is only one query for distribution groups. To onboard distribution groups and separately mail-enabled security groups, apply additional filtering. Use the DistributionGroupType attribute - provide the SecurityEnabled value to provision mail-enabled groups.
Parameters
| Parameter | Value |
|---|---|
| Source | Distribution groups |
| Distinct | No |
| Filter | Type==""DistributionGroups" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | DistributionGroupGuid |
| Secret resource business key | Map | DistributionGroupName |
| Name | Map | DistributionGroupName |
| Category | Constant | Distribution Group |
| Type | Constant | Exchange Distribution Group |
| Display name | Map | DistributionGroupDisplayName |
| Account - CBK | Lookup | BusinessKey=MemberExternalDirectoryObjectId |
Default source fields
Add the DistributionGroup prefix to use any other field returned by the Get-DistributionGroup command. Example: To get the alias field, add the mapping for DistributionGroupAlias.
DistributionGroupName
DistributionGroupDisplayName
DistributionGroupDistinguishedName
DistributionGroupType
DistributionGroupPrimarySmtpAddress
DistributionGroupManagedBy
DistributionGroupHiddenFromAddressListsEnabled
DistributionGroupRequireSenderAuthenticationEnabled
Type
Distribution group members (Resource assignment)
Parameters
| Parameter | Value |
|---|---|
| Source | Distribution groups |
| Distinct | No |
| Filter | Type==""DistributionGroupMembers" |
Mappings
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Map | DistributionGroupGuid |
| Account - CBK | Lookup | BusinessKey = MemberName |
Default source fields
Add the Member prefix to use any other field returned by the Get-DistributionGroupMember command. Example: To get the ExchangeGuid field, add the mapping for MemberExchangeGuid.
DistributionGroupName
MemberDistinguishedName
MemberName
MemberDisplayName
MemberAlias
RecipientType
Type
Extension script
Utilizing the PowerShell extension script is supported for the Exchange collector.
To enable it specify the Script file name, containing available functions, in the Connection details section.
For local deployment provide the entire file path to the script file. For cloud deployment providing only the file name is sufficient.
You can implement extension script in two ways.
In the Queries and mappings section add a mapping with the Source parameter set to Script. Then configure the Function name parameter to indicate which function from the extension script file you want to utilize. Then specify the required mappings.
Alternatively, for the queries with source set to Mailboxes there is an additional parameter Extension attribute function name. The specified function is then performed after retrieving the mailboxes. This provides additional attributes, that are otherwise not available with the Get-Mailbox command.
This way PSObjects are returned with the ExchangeGuid, used for mapping results of the function mailbox return by query, and required attributes.
Each function utilizes the $serverType, with value either Local or Cloud, to differentiate the script behavior based on the mailbox location in the hybrid scenario.
Advanced queries and mappings configuration
If you require any custom mappings for your system implementation, this section describes the details of the fields available in the Queries and mappings task. This collector supports any number of queries and has the following query parameters which should be specified when creating or editing a query.
- In the Distinct field, you can specify if the collector should remove possible duplicate rows.
- In the Filter field under the Parameters section, you can provide a Dynamic Expresso expression that is used for filtering the data imported into Omada Identity. It returns a TRUE/FALSE result for each imported data row. If the expression returns "FALSE" for the given row that row is skipped during import.
The filter can be supplied with special functions #MinRow() or #MaxRow(). The #MinRow()/#MaxRow() are custom functions that can be combined with regular DynamicExpresso expressions thanks to the # prefix. For example, in line:
#MinRow(col1, col2)#col=="active"
the custom function is encapsulated with # at the start and optionally at the end if a regular filter is to be appended like in the example (col=="active").
The MinRow()/MaxRow() functions take two parameters. The intention is similar to a "Group by function" in SQL server that allows you to eliminate duplicates and to take the lowest or highest*[order by column]* for each [unique column] row, i.e., MinRow([unique column], [order by column]).
:::note[Example]:
MaxRow(UniqueKey, Version)
Input:
| UniqueKey | Version |
|---|---|
| 1 | 1 |
| 1 | 2 |
| 2 | 2 |
| 2 | 1 |
| 3 | 1 |
Output:
| UniqueKey | Version |
|---|---|
| 1 | 2 |
| 2 | 2 |
| 3 | 1 |
| ::: |
Naming convention for mapping and expressions
The name used for mapping or expressions is converted into a name that is usable as a C# parameter.
Names can contain the characters _, a-z, A-Z, and 0-9, but the first character of the name cannot be a digit (0-9).
Furthermore, any forbidden characters will be stripped from the name under the conversion.
For example, $somekey1 becomes somekey1 and 1another_key becomes another_key.
Overriding onboarding configuration in import profile
To decrease the import time you can override the SendAs and FullAccess onboarding values in the import profile from the true, to the false value. Those exclude import of SendAs or FullAccess permissions respectively while executing Mailbox access query.
To do so, go to Import profile and add a separate line in the Overridden onboarding configuration field for each setting you want to override.
Import profile with the SendAs setting overridden.
Each entry for a configuration value should be in a separate line and have a following format.
SettingName=NewValue
Advanced settings
When selecting the Use cache checkbox the executed PowerShell commands to get data from Exchange will be stored in local cache. When the same command is executed again for a different query, the result will be taken from cache resulting in faster execution.
Configure thresholds
The Configure thresholds function allows you to set the amount of changes that cannot be exceeded, relevant to the last import.
In the Configure import thresholds window, type a number (integer) in percentage for New objects, Modified objects, and Deleted objects to enable thresholds for the import of objects from this system.
The value for each operation is by default set to 0, which means that no threshold calculations take place for the operation(s) until you change the integer.
Account rules
Accounts reside in either Active Directory or Microsoft Entra ID, and the mailboxes refer to the accounts in these systems, so there is no configuration required for the Exchange Hybrid Collector in this regard. For the already onboarded Active Directory and Microsoft Entra ID systems, default account rules are provided, or you may have configured your own, but if you want to match the Shared, Room and Equipment Mailboxes additional configuration is required.