Skip to main content

Preparation for Exchange 2007, 2010, 2013 and 2016+

It is recommended that you target Exchange using a proxy server installed on the Exchange server, for the following reasons:

  • Joining the main Bravura Security Fabric server to a domain presents security issues.

  • The proxy allows the Bravura Security Fabric server to communicate with multiple Exchange servers and domains.

Other preparation steps for targeting Exchange include:

  1. Installing client software for Exchange

    You do not need to install the client software if you target a particular Exchange server in the address line or for connecting to Exchange online.

  2. Configuring a target administrator

  3. For Bravura Identity implementations, creating at least one template account

Installing client software for Exchange

If you target a particular Exchange server in the address line, you do not need to install the client software for Exchange.

When installing client software for Exchange, ensure that the server is a member of a domain running in native mode.

Requirements for installing the client software for Exchange 2007 and 2010

You must have the following pre-requisites installed and configured:

  • Microsoft .NET Framework 2.0

  • Microsoft Management Console (MMC)

  • Microsoft Windows PowerShell

  • Exchange Management Tools, installed as follows:

    • Installation Type: Custom Exchange Server Installation

    • Server Role Selection: Management Tools

Requirements for installing client software for Exchange 2013

You must have the following pre-requisites installed and configured:

  • Microsoft .NET Framework 4.5

  • Windows Management Framework 3.0

  • Microsoft Windows PowerShell

  • Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

  • KB974405 (Windows Identity Foundation)

  • KB2619234 (Hotfix to enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008 R2)

  • KB2533623 (Insecure library loading could allow remote code execution)

  • Exchange Management Tools, installed as follows:

    • Installation Type: Custom Exchange Server Installation

    • Server Role Selection: Management Tools

Requirements for installing client software for Exchange 2016+

Note

Exchange 2019 support implemented in Connector Pack 4.3.0

You must have the following pre-requisites installed and configured:

  • Microsoft .NET Framework 4.5.2

  • Windows Management Framework 3.0

  • IIS 6 Metabase Compatibility component.

  • IIS 6 Management Console.

  • Exchange Management Tools, installed as follows:

    • Installation Type: Use recommended settings

    • Server Role Selection: Management Tools

    Caution

    The Exchange Management Tools version, where the instance is installed, must match the version of the Exchange server.

If you are targeting Exchange through a proxy, carry out the following steps on the proxy server. If you are not using a proxy, carry out the following steps on the main Bravura Security Fabric server.

To install the client software for Exchange:

  1. Join the server with the Active Directory domain.

  2. Ensure that DNS settings point to the Exchange server.

  3. Install the Exchange Management Tools.

    Consult your Microsoft documentation regarding proper installation of the Exchange Management Tools.

  4. Optionally, Install the Active Directory module for Windows PowerShell to list Active Directory account attributes.

    Consult your Microsoft documentation regarding proper installation of the Remote Server Administration Tools.

Configuring a target system administrator

Bravura Security Fabric manages Exchange mailboxes using an Active Directory domain administrator account. The administrative account must be a Domain user with membership in the local administrators group on the Exchange server and the Domain Admins group.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric .

After the account is created, the services that run the connector (Transaction Monitor Service (idtm) or Proxy Service (psproxy)) need to be updated to run under this Domain account. You must grant sufficient privileges to the Domain user on the Server member before it can run the service.

Provide the target system administrator account the required permissions to user mailboxes. For example; if you want to update profile and request attributes for mailboxes, run the following command from PowerShell to provide the target system administrator Full Access permissions to all mailboxes.

Get-Mailbox -ResultSize unlimited -Filter {RecipientTypeDetails -eq
'UserMailbox'} | Add-MailboxPermission -User John -AccessRights FullAccess
-InheritanceType All

Refer to Microsoft’s documentation for more PowerShell commands.

In this section: