Integrating the DirXML Driver for Exchange and the DirXML Driver for NT Domain

dv:  If you are using both the NT driver and the Exchange driver, you should complete the following procedure.

The DirXML Driver for NT Domain and the DirXML Driver for Exchange can both create users in the domain. To avoid a conflict, a mechanism can be set up using NsureTM Identity Manager policies to solve this problem.

The DirXML Driver for NT Domain has a User attribute called DirXML-NTAccountName. This attribute contains the DomainName/UserName attribute. This value is what the Exchange MailBox and Remote objects need to associate to a domain account. For that association to occur correctly, the value in DirXML-NTAccountName needs to be put in the MailBox attribute Assoc-NT-Account. Keep in mind that attribute names are case sensitive.

  1. Using DirXML Script, edit the existing Subscriber Create policy for the Exchange driver (or create a new policy) so that a new MailBox object is not created unless the DirXML-NTAccountName attribute is populated.

  2. Verify the DirXML-NTAccountName attribute is in both the Publisher filter on the DirXML Driver for NT Domain and the Subscriber filter on the DirXML Driver for Exchange.

  3. Restart both drivers.


Control Flow in the Drivers

These changes to the drivers will ensure the following control flow:

  1. A user is created in eDirectory.
  2. The DirXML Driver for NT Domain is handed a create request. The DirXML Driver for Exchange Create event is vetoed because of the absence of the DirXML-NTAccountName attribute.
  3. The DirXML Driver for NT Domain creates the NT account and feeds back the name of the NT account just created to the DirXML-NTAccountName attribute.
  4. The DirXML Driver for Exchange is now notified. It creates the mailbox and associates the mailbox with the NT account information stored in NDS.

:  The examples used DirXML-NTAccountName as the eDirectory attribute to hold the NT account information, but you can choose any attribute that works for you.