Migrating to the new Microsoft Exchange Online connectivity
Perform the following steps to migrate to the new version of Microsoft Exchange Online connector.
On-prem environments
For on-prem environments, download the new connectivity package from the Omada Hub.
Remove the previous Exchange Online mappings
Before configuring the new Exchange Online connector, remove the previous mappings. Go to Queries and mappings. Locate and delete the following entries with the source set to Mailboxes or Mailbox access:
- Online user mailboxes
- Online shared mailboxes
- Online mailbox access
- Online send on behalf
Create new Resource Assignment queries
- In the Queries and mappings view, create a new resource assignment query by clicking New.
- In the dialog that appears, select Resource assignment as the object type for the query. Click OK.
- Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | UserMailbox |
| Filter | Type=="User mailbox" |
| Description | Online user mailboxes assignments |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName,RecipientTypeDetails) |
| Account - CBK | Lookup | BusinessKey=ExternalDirectoryObjectID |
| Business key | Expression | Type=="User mailbox"?"<exchangeguid>"+ExchangeGuid+"</exchangeguid>":null |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| WEBMAIL | Map | OWAEnabled |
- (second query) Create a new query using steps 1 and 2. Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | UserMailbox, RoomMailbox, EquipmentMailbox |
| Filter | Type=="Send on behalf" |
| Description | Online user mailbox access assignments - send on behalf |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>sendonbehalfofmailboxaccess</genericresource>",BuiltIn.SystemShortName) |
| Account – CBK | Lookup | BusinessKey=GrantSendOnBehalfTo |
| Target – CBK | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", GrantSendOnBehalfTo, Type, ExchangeGuid) |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| Identity | Map | Identity |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| ExternalDirectoryObjectID | Map | ExternalDirectoryObjectID |
| GrantSendOnBehalfTo | Map | GrantSendOnBehalfTo |
| MAILBOXREF | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
- (third query) Create a new query using steps 1 and 2. Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | UserMailbox, RoomMailbox, EquipmentMailbox |
| Filter | LinkedMasterAccount != null && LinkedMasterAccount != "NT AUTHORITY" |
| Description | Online mailbox access assignments - Full Access and Send As |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName, Type == "Full access" ? "fullmailboxaccess": "sendasmailboxaccess") |
| Account – CBK | Lookup | DistinguishedName=LinkedMasterAccount |
| Target – CBK | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) | |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", LinkedMasterAccount, Type, ExchangeGuid) |
| LinkedMasterAccount | Map | LinkedMasterAccount |
| AccessType | Map | Type |
| MAILBOXREF | Expression | string.Format("{0}_<exchangeguid>{1}</exchangeguid>", BuiltIn.SourceSystemID, ExchangeGuid) |
- (fourth query) Create a new query using steps 1 and 2. Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | DiscoveryMailbox, SchedulingMailbox, RoomMailbox, EquipmentMailbox |
| Filter | Identity != null && Type !="Full access" && Type !="Send as"&& Type !="Send on behalf" |
| Description | Online mailboxes assignments - DiscoveryMailbox, SchedulingMailbox, RoomMailbox, EquipmentMailbox |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | string.Format("<system>{0}</system><genericresource>{1}</genericresource>",BuiltIn.SystemShortName,RecipientTypeDetails) |
| Account – CBK | Lookup | BusinessKey=ExternalDirectoryObjectID |
| Business key | Expression | Type=="Usermailbox"?"<exchangeguid>"+ExchangeGuid+"</exchangeguid>":null |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| WEBMAIL | Map | OWAEnabled |
Create new Resource queries
- In the Queries and mappings view, create a new resource query by clicking New.
- In the dialog that appears, select Resource as the object type for the query. Click OK.
- Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | SharedMailbox |
| Distinct | Yes |
| Description | Online SharedMailbox - FullAccess |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | ExchangeGuid + "_FullAccess" |
| Security resource business key | Expression | ExchangeGuid + "_FullAccess" |
| Name | DisplayName + "_FullAccess" | |
| Category | Constant | Permission |
| Type | Expression | RecipientTypeDetails == "RoomMailbox" ? "Exchange Room Mailbox" : RecipientTypeDetails == "SharedMailbox" ? "Exchange Shared Mailbox" : RecipientTypeDetails == "EquipmentMailbox" ? "Exchange Equipment Mailbox" : null |
| Short Name | Expression | DisplayName + "_FullAccess" |
| Logical key | Expression | string.Format("<exchangeguid>{0}</exchangeguid>", DisplayName) |
| PrimarySmtpAddress | Map | PrimarySmtpAddress |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| LINKEDMAILBOXDOMAIN | Map | LinkedMasterAccount |
| WEBMAIL | Map | WEBMAIL |
| Identity | Map | Identity |
- (second query) Create a new query using steps 1 and 2. Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | SharedMailbox |
| Distinct | Yes |
| Description | Online SharedMailbox - SendAs |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | ExchangeGuid + "_SendAs" |
| Security resource business key | Expression | ExchangeGuid + "_SendAs" |
| Name | DisplayName + "_SendAs" | |
| Category | Constant | Permission |
| Type | Expression | RecipientTypeDetails == "RoomMailbox" ? "Exchange Room Mailbox" : RecipientTypeDetails == "SharedMailbox" ? "Exchange Shared Mailbox" : RecipientTypeDetails == "EquipmentMailbox" ? "Exchange Equipment Mailbox" : null |
| Short Name | Expression | DisplayName + "_SendAs" |
| Logical key | Expression | string.Format("<exchangeguid>{0}_SendAs</exchangeguid>", DisplayName) |
| Description | Expression | string.Format("<exchangeguid>{0}_SendAs</exchangeguid>", DisplayName) |
| PrimarySmtpAddress | Map | PrimarySmtpAddress |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| PrimarySmtpAddress | Map | PrimarySmtpAddress |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| LINKEDMAILBOXDOMAIN | Map | LinkedMasterAccount |
| WEBMAIL | Map | WEBMAIL |
| Identity | Map | Identity |
- (third query) Create a new query using steps 1 and 2. Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | SharedMailbox |
| Distinct | Yes |
| Description | Online SharedMailbox - SendOnBehalf |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Expression | ExchangeGuid + "_SendOnBehalf" |
| Security resource business key | Expression | ExchangeGuid + "_SendOnBehalf" |
| Name | DisplayName + "_SendOnBehalf" | |
| Category | Constant | Permission |
| Type | Expression | RecipientTypeDetails == "RoomMailbox" ? "Exchange Room Mailbox" : RecipientTypeDetails == "SharedMailbox" ? "Exchange Shared Mailbox" : RecipientTypeDetails == "EquipmentMailbox" ? "Exchange Equipment Mailbox" : null |
| Short Name | Expression | DisplayName + "_SendOnBehalf" |
| Logical key | Expression | string.Format("<exchangeguid>{0}_SendOnBehalf</exchangeguid>", DisplayName) |
| Description | Expression | string.Format("<exchangeguid>{0}_SendOnBehalf</exchangeguid>", DisplayName) |
| PrimarySmtpAddress | Map | PrimarySmtpAddress |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| PrimarySmtpAddress | Map | PrimarySmtpAddress |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| ADDITIONAL_EMAILS | Map | EmailAddresses |
| HIDEINADDRESSLIST | Map | HiddenFromAddressListsEnabled |
| ISSUEWARNINGQUOTA | Map | IssueWarningQuota |
| PROHIBITSENDQUOTA | Map | ProhibitSendQuota |
| PROHIBITSENDRECEIVEQUOTA | Map | ProhibitSendReceiveQuota |
| LINKEDMAILBOXDOMAIN | Map | LinkedMasterAccount |
| WEBMAIL | Map | WEBMAIL |
| Identity | Map | Identity |
Create new Resource Assignment queries
- In the Queries and mappings view, create a new resource assignment query by clicking New.
- In the dialog that appears, select Resource assignment as the object type for the query. Click OK.
- Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailbox access |
| Mailbox subtype | SharedMailbox |
| Filter | LinkedMasterAccount != null && LinkedMasterAccount != "NT AUTHORITY" && Type == "Full access" |
| Description | Online Shared mailbox access - Full Access |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | ExchangeGuid + "_FullAccess" |
| Account - CBK | Lookup | BusinessKey=Identity |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", LinkedMasterAccount, Type, ExchangeGuid) |
| LinkedMasterAccount | Map | LinkedMasterAccount |
| AccessType | Map | Type |
- (second query) Create a new query using steps 1 and 2. Use the following configuration:
Parameters:
| Parameter | Value |
|---|---|
| Source | Mailbox access |
| Mailbox subtype | SharedMailbox |
| Filter | LinkedMasterAccount != null && LinkedMasterAccount != "NT AUTHORITY" && Type == "Send as" |
| Description | Online Shared mailbox access - Send as |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | ExchangeGuid + "_SendAs" |
| Account - CBK | Lookup | BusinessKey=Identity |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", LinkedMasterAccount, Type, ExchangeGuid) |
| LinkedMasterAccount | Map | LinkedMasterAccount |
| AccessType | Map | Type |
- (third query) Create a new query using steps 1 and 2. Use the following configuration:
| Parameter | Value |
|---|---|
| Source | Mailboxes |
| Mailbox subtype | SharedMailbox |
| Filter | Type=="Send on behalf" |
| Description | Resource Assignment - SharedMailbox, EquipmentMailbox, RoomMailbox - SendOnBehalf |
- Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Expression | ExchangeGuid + "_SendOnBehalf" |
| Account - CBK | Lookup | BusinessKey=GrantSendOnBehalfTo |
| Business key | Expression | string.Format("<account>{0}</account><resource>{1}</resource><target>{2}</target>", GrantSendOnBehalfTo, Type, ExchangeGuid) |
| PRIMARY_EMAIL | Map | PrimarySmtpAddress |
| Identity | Map | Identity |
| RecipientTypeDetails | Map | RecipientTypeDetails |
| ExternalDirectoryObjectID | Map | ExternalDirectoryObjectID |
| GrantSendOnBehalfTo | Map | GrantSendOnBehalfTo |
Edit the Distribution Groups Resources query
-
In the Queries and mappings view, select the query with
Source = Distribution groups. Click Edit.
-
In the editor, update the content to match the configuration provided for the new Exchange Online connector:
Parameters:
| Parameter | Value |
|---|---|
| Source | Distribution groups |
| Distinct | Yes |
| Filter | Type=="DistributionGroups" && DistributionGroupIsDirSynced == "False" && !(Convert.ToString(DistributionGroupType).Contains("SecurityEnabled")) |
| Description | Distribution Groups |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | DistributionGroupGuid |
| Security resource business key | Map | DistributionGroupGuid |
| Name | Map | DistributionGroupName |
| Category | Constant | Distribution Group |
| Type | Constant | Exchange Distribution Group |
| Display name | Map | DistributionGroupDisplayName |
| Short name | Map | DistributionGroupName |
| Logical key | Expression | !string.IsNullOrEmpty(DistributionGroupCustomAttribute1) ? DistributionGroupCustomAttribute1 : DistributionGroupGuid |
| Distinguished Name | Map | DistributionGroupDistinguishedName |
| DistributionGroupType | Map | DistributionGroupType |
| DistributionGroupExternalDirectoryObjectId | Map | DistributionGroupExternalDirectoryObjectId |
| DistributionGroupIsDirSynced | Map | DistributionGroupIsDirSynced |
Edit the Distribution Resource Assignments query
-
In the Queries and mappings view, select the query named Distribution groups. Click Edit.
-
In the editor, update the content to match the configuration provided for the new Exchange Online connector:
Parameters:
| Parameter | Value |
|---|---|
| Source | Distribution groups |
| Distinct | Yes |
| Filter | Type=="DistributionGroupMembers" && MemberRecipientTypeDetails == "UserMailbox" && DistributionGroupIsDirSynced == "False" && !(Convert.ToString(DistributionGroupType).Contains("SecurityEnabled")) |
| Description | Online distribution groups members |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource business key | Map | DistributionGroupGuid |
| Account - CBK | Lookup | BusinessKey=MemberExternalDirectoryObjectId |
| Description | Map | MemberRecipientTypeDetails |
| MemberExternalDirectoryObjectId | Map | MemberExternalDirectoryObjectId |
Queries and mappings - import prerequisites
Before starting the import, create an event definition to populate the Prevent Self-Service field of the Shared Mailbox resources.
-
In Omada Identity, go to Setup > Administration > Process configuration > Event definitions. Click New. Enter the following details:1. - In Omada Identity, go to Setup > Administration > Process configuration > Event definitions. Click New. Enter the following details:
- Name: Exchange Online - Prevent self-service
- Event is triggered when: Select the A new object is created checkbox
- Triggers on objects of type: Resources
-
Click Apply.
-
At the bottom of the screen, click New to create a new Execute code method action.
-
Select Modify object. Use the following configuration:
-
Click OK.
-
Click Filter.
-
Create 3 new filters:
-
Left side: Resource Type
-
Right side (reference): Exchange Shared Mailbox
-
Left side: System
-
Right side(reference): Choose the name of your Exchange Online System
-
Left side: Name
-
Right side (value): Shared mailbox
- Click Close and OK.
- Run the import.
Provisioning - task mappings
-
Open and edit the MailboxAccess task mapping:
-
In the Task Mappings screen, locate the row MailboxAccess.
-
Select the MailboxAccess row checkbox (it should be the first in the list). Click Edit.
-
In the configuration window, adjust the following settings:
| Destination | Operator | Source |
|---|---|---|
| Object Id | Map | ObjectId |
| Object type | Constant | MailboxAccess |
| Operation | Map | Operation |
| Identity | Map | ROPE_AccountName |
| mailboxPermission | Expression | ROPE_Resource.ToUpper() |
| userMailboxGuid | Map | ROPE_ATTR_MAILBOXREF |
- Go back to the Task mappings screen. Locate the DistributionGroup row.
- Select the DistributionGroup row checkbox. Click Edit.
- In the configuration window, adjust the following settings:
| Destination | Operator | Source |
|---|---|---|
| Object Id | Map | ObjectId |
| Object type | Constant | DistributionGroup |
| Operation | Map | Operation |
| Identity | Expression | Operation == "Create" || Operation == "CreateIfNotExists" ? RLM_NAME : RLM_ODWBUSIKEY.Substring(RLM_ODWBUSIKEY.IndexOf("_") + 1, RLM_ODWBUSIKEY.LastIndexOf("<") - RLM_ODWBUSIKEY.IndexOf("_") - 1) |
| Name | Map | RLM_NAME |
| DisplayName | Map | RLM_NAME |
| Type | Constant | Distribution |
| bundledAttributes | Expression | string.Format("CustomAttribute1={0}", RLM_ODWLOGICKEY) |
- Go back to the Task mappings screen. Locate the DistributionGroupAssignment row.
- Select the DistributionGroupAssignment row checkbox. Click Edit.
- In the configuration window, adjust the following settings:
| Destination | Operator | Source |
|---|---|---|
| Object Id | Map | ObjectId |
| Object type | Constant | DistributionGroupAssignment |
| Operation | Map | Operation |
| Identity | Map | ROPE_DistinguisedName |
| distributionGroupGuid | Expression | ROPE_ResourceCBK.Substring(ROPE_ResourceCBK.IndexOf("_") + 1, ROPE_ResourceCBK.LastIndexOf("<") - ROPE_ResourceCBK.IndexOf("_") - 1) |