Data provisioning
Connector settings
The following provisioning details need to be configured:
| Setting | Description |
|---|---|
| Server Type | You can select either Hybrid or Local. When you select Hybrid, all the following settings will be doubled and a prefix will be added to them, either Local: or Cloud:. |
| Local: Connection URI | The URI for Exchange PowerShell. Example: http://[hostname]/powershell. |
| Local: Authentication | Select the authentication method to use. Can be Basic, Credssp, Default, Digest, Kerberos, Negotiate, Negotiate implicit credentials. Check in the Internet Information Services that the PowerShell folder under the Default Website is configured for the desired authentication type. For more information refer, to Microsoft documentation. You can find more information on various authentication types on Microsoft MSDN here. |
| Local: Username | Specify the username for the account that is used to write data to Exchange. If you leave this field blank, the username specified for importing is used. |
| Local: Password | Specify the password for the account used, if you have entered a username in the field above. |
| Local: Session options | Advanced options for the PowerShell session. Go here for list of options. -SkipCACheck -SkipCNCheck -SkipRevocationCheck |
| Cloud: Authentication | Select the authentication method to use. Can be Certificate thumbprint, Certificate with password. For instructions on how to set up certificate authentication, go to Set Up Certificate Authentication |
| Cloud: Connection URI | The URL for Exchange Online PowerShell. rrefer to Connect to Exchange Online PowerShell in order to find the right URL for your Exchange Online organization, for example: https://outlook.office365.com/powershell-liveid |
| Cloud: Username | Specify the username for the account that is used to write data to Exchange. |
| Cloud: Password | The password for the defined Cloud username. |
| Cloud: Organization | Specify the organization that's used in certificate based authentication. Be sure to use an .onmicrosoft.com domain for the parameter value. |
| Cloud: Application ID | Specifies the application ID of the service principal that's used in certificate based authentication. |
| Cloud: Certificate thumbprint | Specify the thumbprint value of the certificate used for certificate based authentication. |
| Cloud: Certificate (PEM format) | Specify the certificate used for certificate based authentication. Value should be enclosed with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- |
| Cloud: Private key password | Specify password for private key used for certificate based authentication. |
| Cloud: Remote domain | Specify the domain in which SMTP address for remote mailboxes will be created. Example: mailtest.com |
| Cloud: Session options | Advanced options for the PowerShell session. Refer to New-PSSessionOption for the list of options. -SkipCACheck -SkipCNCheck -SkipRevocationCheck |
| Detect migration request | Enable to detect migration requests. A migration request is detected when a mailbox is requested modified and when Mailbox location is changed. Note that the actual migration is not performed. |
| Always enforce the email address policy | Ensures that all provisioned mailboxes in Exchange is set to follow the current email address policy. |
| Extension script file | Specifies a PowerShell file. You must place the file in the OPS installation folder. All exchange commands in the PowerShell scripts require following prefixes to determine on which connection command they should be carried out. - OnPrem - to execute on local connection. Online - to execute on cloud connection |
| Test connection | Enable this setting to test the connection information that you have specified. If you want to use this functionality must install Omada Provisioning Service and make sure it has the necessary permissions to communicate with the target system. |
Data model
The Data model for Microsoft Exchange Hybrid Connectivity supports the following objects:
- Mailbox
- SharedMailbox
- RoomMailbox
- EquipmentMailbox
- MailboxAccess
- DistributionGroup
- DistributionGroupAssignment
Task mappings
The bundledAttributes can be used to set any of the parameters supported by Set-Mailbox, New-Mailbox, Set-RemoteMailbox, New-RemoteMailbox, New-DistributionGroup, and Set-DistributionGroup command.
For more information, check the following sources:
Mailbox
The Mailbox object is used to create, update and delete mailboxes. Supported properties:
| Property | Type | Description |
|---|---|---|
| IdentityRequired | stringType | Specifies the target mailbox user. You can use any value that uniquely identifies the user. |
| bundledAttributes | stringType | bundledAttributes is an OPS Generic PowerShell Connector feature. |
| MailboxLocation | stringType | This value is required and can be either Local or Cloud. |
By using the OPS PowerShell Connector's bundledAttributes feature, the OPS Exchange Hybrid Connector by default supports the following properties as string data types:
- issueWarningQuota [^1]
- prohibitSendQuota [^1]
- prohibitSendReceiveQuota [^1]
- webmail [^2]
- hideInAddressList [^2]
- primaryEmail
[^1] Handled as MB (megabytes)
[^2] Converted from string to Boolean data type in the connector Omada.OPS.Connector.Powershell.Exchange.ps1.
Additionally, bundledAttributes can be used to set any of the parameters supported by Set-Mailbox command.
SharedMailbox
The SharedMailbox object is used to create, update and delete shared mailboxes. Supported properties:
| Property | Type | Description |
|---|---|---|
| Identity | stringType | Specifies the target mailbox user. You can use any value that uniquely identifies the user. |
| Name | stringType | Specifies the resource name visible in the address book. |
| DisplayName | stringType | Specifies the name that is shown in the address book and in the To and From lines when an email is sent from and to this mailbox. |
| Alias | stringType | Specifies the beginning of an email address preceding the @ symbol. |
| MailboxLocation | stringType | This value is required and can be either Local or Cloud. |
| bundledAttributes | stringType | bundledAttributes is an OPS Generic PowerShell Connector feature. |
RoomMailbox
The RoomMailbox object is used to create, update and delete room mailboxes. Supported properties:
| Property | Type | Description |
|---|---|---|
| Identity | stringType | Specifies the target mailbox user. You can use any value that uniquely identifies the user. |
| Name | stringType | Specifies the resource name visible in the address book. |
| DisplayName | stringType | Specifies the name that is shown in the address book and in the To and From lines when an email is sent from and to this mailbox. |
| Alias | stringType | Assigns an alias (also called mail nickname) to a room mailbox. |
| MailboxLocation | stringType | This value is required and can be either Local or Cloud. |
| bundledAttributes | stringType | bundledAttributes is an OPS Generic PowerShell Connector feature. |
EquipmentMailbox
The EquipmentMailbox object is used to create, update and delete room mailboxes. Supported properties:
| Property | Type | Description |
|---|---|---|
| Identity | stringType | Specifies the target mailbox user. You can use any value that uniquely identifies the user. |
| Name | stringType | Specifies the resource name visible in the address book. |
| DisplayName | stringType | Specifies the name that is shown in the address book and in the To and From lines when an email is sent from and to this mailbox. |
| Alias | stringType | Assigns an alias (also called mail nickname) to a equipment mailbox. |
| MailboxLocation | stringType | This value is required and can be either Local or Cloud. |
| bundledAttributes | stringType | bundledAttributes is an OPS Generic PowerShell Connector feature. |
MailboxAccess
The MailboxAccess object is used to create, update, or delete access permissions of a user to another user's mailbox. Supported properties:
| Property | Type | Description |
|---|---|---|
| IdentityRequired | stringType | Specifies the identity of the mailbox that permissions are assigned to. Use any value that uniquely identifies the user. |
| MailboxLocation | stringType | If you don't specify any value then the collector will look for the mailbox locally, and if it is not found, then it will take the remote. |
| mailboxPermission | stringType | Permission access level that one user can have to another user’s mailbox. Three permission levels supported out of the box: Full Access, Send As, and Send on Behalf. |
| userMailboxGuid | stringType | Specifies the user mailbox that the permissions are being granted to on the other mailbox. The latter indicated by the identity property. |
DistributionGroup
The DistributionGroup object is used to create, update, and delete distribution groups. Supported properties:
By default, there is only one query for distribution groups. To onboard distribution groups and separately mail-enabled security groups, apply additional filtering. Use the Type property - set it to SecurityEnabled to provision mail-enabled groups.
| Property | Type | Description |
|---|---|---|
| Identity | stringType | Specifies the group that you want to modify. You can use any value that uniquely identifies the group. |
| Name | stringType | Specifies the unique name of the group. |
| DisplayName | stringType | Specifies the display name of the group. |
| Alias | stringType | Specifies the Exchange alias (also known as the mail nickname) for the recipient. This value identifies the recipient as a mail-enabled object. |
| Type | stringType | Specifies the type of group that you want to create. |
| bundledAttributes | stringType | bundledAttribute is an OPS Generic PowerShell Connector feature. |
| DistributionGroupLocation | stringType | Defines whether local or cloud distribution groups should be managed. Set to cloud by default. |
DistributionGroupAssignment
The DistributionGroupAssignment object is used to create, update, and delete distribution group members.
| Property | Type | Description |
|---|---|---|
| Identity | stringType | Specifies the group that you want to modify. You can use any value that uniquely identifies the group. |
| distributionGroupGuid | stringType | The unique identifier for this object. |
Extension script
Utilizing the PowerShell extension script is supported for the Exchange connector.
To enable it, specify the Script file name, containing available functions, in the Connection details section.
For the local deployment, provide the entire file path to the script file. For the cloud deployment, providing only the file name is sufficient.