IMPORTANT:If you are using the Identity Manager Driver for NT Domain and the Identity Manager Driver for Exchange, edit the default policy or create a new one to resolve an account issue between the two drivers. This policy prevents the Exchange driver from attempting to create an NT Domain account before the NT Domain driver creates the account.
The Identity Manager Driver for NT Domain has a User attribute called DirXML-NTAccountName. This attribute contains the DomainName/UserName value. The Exchange MailBox object needs the value to associate to a domain account. For that association to occur correctly, the value in DirXML-NTAccountName needs to be put in the MailBox attribute Assoc-NT-Account. Keep in mind that attribute names are case sensitive.
Create a policy so that a new MailBox object isn’t created unless the DirXML-NTAccountName attribute is populated.
In iManager, select
> .Search for a driver set, then double-click the Exchange 5.5 driver.
Select the Creation Policies object on the Subscriber channel.
In the Creation Policies dialog box, click
.Click
.In the
section, click the drop-down list, then select .Click the Browse button by the
field, then select from the drop-down list.NOTE:This example uses the DirXML-NTAccountName as the attribute to hold the NT account information, but you can choose any attribute that works for you.
Click
.As the following expanded Required Attributes section illustrates, the action is placed in the Required Attributes section.
Verify that the DirXML-NTAccountName attribute is in the following locations:
The Publisher filter on the Identity Manager Driver for NT Domains
The Subscriber filter on the Identity Manager Driver for Exchange
Synchronize the Subscriber channel.
Restart both drivers.
After you have made these changes to the drivers, the following control flow occurs when you create a user in an Identity Vault:
The Identity Manager Driver for NT Domain is handed a create request.
The Identity Manager Driver for Exchange Create event is vetoed because of the absence of the DirXML-NTAccountName attribute.
The Identity Manager Driver for NT Domain creates the NT account and publishes the name of the NT account just created to the DirXML-NTAccountName attribute.
The Identity Manager Driver for Exchange is notified. It creates the mailbox and associates the mailbox with the NT account information stored in the Identity Vault.