Identity Manager Exchange 2007 Scripts

Summary

Microsoft Exchange 2007 includes the Exchange Management Shell, a command and scripting shell based on Windows PowerShell.

Novell Identity Manager, with the Identity Manager Active Directory Driver, allows synchronization of identities to and from Microsoft Active Directory and Exchange. The Identity Manager Scripting Driver can be deployed with this project's scripts to allow custom functionality to be implemented for Exchange.

Features

The 'starter' scripts included create mailboxes and distribution groups in Exchange when users and groups are created in Novell eDirectory™. The scripts implement several options for mailbox placement. Mailboxes can be created in a specific mailbox database, a randomly assigned database, or a database indicated by an attribute.

What you Need

Evaluation downloads are available for the Novell products below.

• Novell Identity Manager 3.5 or higher and its prerequisites, namely Novell eDirectory and Novell iManager.
• Identity Manager Integration Module for Scripting 3.6 or higher, with the latest patches. (Also compatible with IDM 3.5.)
• Scripting Driver Documentation
• Exchange Management Shell running on a Windows system in one of the Exchange organization's domains.

Installation

See the relevant product documentation for help installing eDirectory, iManager, Identity Manager and Scripting Driver.

Where to Install

The Scripting Driver consists of two components: the Driver Object which runs on a eDirectory/Identity Manager server, and the Driver Shim which runs as a Windows service. The Windows system you use has the following prerequisites:

• Windows 2003 or higher, any Edition, x86 (32-bit) or x64.
• Exchange Management Shell installed (included with Exchange Management Tools).
• If you are running the x86 Exchange Management Shell, install the x86 Scripting Driver. Otherwise, use the x64 Scripting Driver.

Installing the AD Driver

When installing the AD Driver, use these settings:

• Configure Data Flow: Set to Bidirectional. If you don't intend to synchronize AD accounts to eDir, set the attributes to Ignore on the Publisher channel in the Driver Filter.
• If you intend to allow the Exchange 2007 starter scripts to create mailboxes, set the method for managing Exchange mailboxes to None.

If the AD Driver is already installed:

• In the Driver Filter, set the User and Group classes to Synchronize on the Publisher channel. The attributes can still be set to Ignore if you aren't synchronizing from AD.
• If you intend to allow the Exchange 2007 starter scripts to create mailboxes, set Use CDOEXM for Exchange to No.

Installing the Scripting Driver Shim

1. Install the Windows Scripting Driver, but do not import the default driver configuration. You will use a custom driver configuration from the script package.
2. Change the Novell IDM Windows Script Driver service to log on as an Exchange administrator rather than LocalSystem. Restart the service.
3. If you have modified the PowerShell scripts that come with the Scripting Driver, back them up.
4. Unzip Scripting-ExShell-20090923.zip to your Scripting Driver directory (usually C:\Program Files\Novell\WSDriver).

Pre-import Tasks

• Extend the eDirectory schema
  • Use the Extend Schema task in iManager to add the schema file Schema\exshell.sch from the installation directory.
  • Log out/log in to iManager to refresh your view of the schema.
• Extend the AD Driver filter
  1. Open the AD Driver's Driver Overview in iManager.
  2. Click the Driver Filter icon in the diagram to open the Driver Filter.
  3. Click the User class in the Filter. Click the Add Attribute button.
  4. Click the Show All Attributes link in the bottom of the window.
  5. Check the DirXML-ExShellState attribute and click OK.
  6. Set DirXML-ExShellState's Publish mode to Synchronize, and its Subscriber mode to Ignore.
  7. Click OK to save your changes.
• Extend the AD Driver policies
  1. In the AD Driver's Driver Overview, click the Publisher Channel's Event Transformation Policies icon.
  2. Click Insert to insert a new policy.
  3. Enter the Policy name 'Exchange Attribute Detection Policy' and click OK.
  4. Select 'Import an XML file containing DirXML Script' from the Insert menu.
  5. Select Rules\ADDriverPolicy.xml from the installation directory and click OK.
  6. Click OK on the two screens to save the changes. The policy should be the last policy in the sequence.

Importing the Driver Configuration

Import the file Rules\Scripting-ExShell-IDM3_6_0-V5.xml from your installation directory. See the Scripting Driver documenation for more details.

Configuring the Exchange 2007 Scripts

Post-configuration Tasks

• Fix your Exchange Management Shell path if necessary; if your Exchange Server is installed to C:\Program Files\Microsoft\Exchange Server, skip this task.
  1. Open your Exchange Management Shell Driver properties in iManager.
  2. Under Driver Parameters, edit the Script Command parameter to replace the path to exshell.psc1 with the correct path.
• If the AD Driver is running as a Remote Loader on the system, change the TCP/IP ports used by the Scripting Driver.
  1. The AD Driver uses ports 8090 (command) and 8091 (HTTP) by default. Choose different ports for the Scripting Driver, e.g. 9090 and 9091.
  2. Stop the Scripting Driver and Driver Shim.
  3. In iManager, edit Driver properties and change the port in Remote loader connection parameters to the new command port.
  4. On the Connected System, edit the file conf\wsdrv.conf. Change the port number in the -connection string to the new command port. Change the port number for the -httpport parameter to the new HTTP port.
  5. Restart the Driver and Driver Shim.
• If Windows Firewall is enabled on the system where the Driver Shim is installed, create a exceptions for the ports used by the AD Driver (if necessary) and the Scripting Driver Shim.
• Set the AD Name Mapping Driver Parameter to a value consistent with your AD Driver's Name Mapping Global Configuration Values. (E.g., use Logon Name Mapping if the AD Driver has Logon Name Mapping enabled.)

Configuring Mailbox Placement

The Exchange scripts can be configured to create mailboxes in a specific mailbox database, or to randomize placement for load balancing. The placement is controlled by three driver parameters in the driver's Subscriber Settings. These parameters are described below.

Mailbox Placement Mode	Mailbox Placement Scope	Mailbox Placement Identifier	Notes
Default	Not used	Not used	Place the mailbox in the default mailbox database, usually 'Mailbox Database' on the local server.
Specific	Not used	Path to desired mailbox database, e.g. MYSERVER\My Database	Place the mailbox in the specified mailbox database.
Random	Site, Server or Storage Group	Path to container of type specified by scope, or blank if 'Site' was specified.	Randomly places mailbox in one of the databases in the site, specified server or storage group.
By Attribute	Not used	Name of attribute to use	Place the mailbox in the database given by the specified attribute.

The randomization does not take into account the number of mailboxes already in a database; each database has an equal chance of selection.

Paths can be a GUID, or can be of the form [Server Name][\][Storage Group Name][\][Mailbox Database Name], depending on what type of container is specified.

Using the Script Service (IDM 4 or later)

If you wish to use the Script Service (see Scripting Driver documentation), make sure you have the latest release, then follow these additional steps:

1. Change services (Driver and Script Service) to log in as an Exchange administrator. They must log in as the same user.
2. Create WSDriver\conf\scriptservice.conf and this line: -command Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

Updates

2009-11-19	Updated scripts and XML configuration file to support Exchange 2010.
2009-09-23	Updated idm_trace function for 3.6.2 Driver beta compatibility.
2009-07-06	Updated XML configuration file with IDM 3.6.1 options for Windows EFS and script timeout.
2009-02-03	Added the sample script for disabling mailboxes (below).
2008-09-04	Added the AD Domain Controller optional Driver Setting to specify that the Driver use a specific DC.
2008-07-11	Initial release.

File Releases

Scripting-ExShell-20091119.zip

Source Code

Source Code (Subversion)

• Feedback
• Print
  •  
  • Full
  • Simple
•  
• Request a Call
• Follow Us
  •  
  • Facebook
  • YouTube
  • Twitter
  • LinkedIn
  • Newsletter Subscription
  • RSS