Skip to main content

Creating/Moving Exchange mailboxes

You can configure Bravura Security Fabric to use a profile/request attribute to prompt users for the destination mailbox database when creating or moving accounts on a target system that supports contexts.

When the Profile/request attribute to use as the container DN option is configured on the Target system information page (Manage the system >Resources >Target systems) , users can:

  • Set the destination mailbox database when creating new accounts.

    Users do this by setting the profile/request attribute value in the request form. By default, Bravura Security Fabric creates new accounts in the same mailbox database as the template. Without the profile/request attribute, you may need to set up identical templates for each mailbox database.

    If enabled when setting the target system address, Bravura Security Fabric can also create a container if a non-existing one is specified.

  • Move existing accounts on the target system to a different mailbox database.

    Users do this by setting the To container value – which is actually the profile/request attribute, but with a different name – on the move accounts page. Bravura Security Fabric only displays the move operation (the Move button) for users with accounts that can be moved between mailbox databases.

To allow users to select a mailbox database for a create account or move context operation:

  1. Add a profile attribute to provide a place to prompt the user for this information.

    It is recommended that you configure the profile attribute to have a set of restricted values, so that the requester or product administrator can select from a drop-down list.

  2. Ensure that you set read/write permissions for the profile attribute.

  3. Provide a group of users the "Move user from one context to another" rule.

  4. Update the Target system information page by typing the name of the profile attribute in the Profile/request attribute to use as the container DN field.

    This allows Bravura Security Fabric to use the profile attribute for this purpose.

Targeting specific domain controllers for Exchange connector operations with the DomainController attribute

When performing a create operation the Exchange agent (agtexg2k7 ) will:

  1. Submit Enable-Mailbox to create the mailbox

  2. Submit Get-RemoteMailbox to validate the mailbox exists

If either of the above fails, the request itself will fail. If Get-RemoteMailbox specifically fails, the request will be retried and will then fail Enable-Mailbox as the mailbox is already created.

An example of where Get-RemoteMailbox could fail is if:

  1. The Enable-Mailbox reached DC1 and succeeded.

  2. The Get-RemoteMailbox reached DC2, which had not yet had the new mailbox replicated to it, causing the Get-RemoteMailbox to fail.

Where replication between the DCs is responsive, the polltime target address attribute can be used.

Where replication between the DCs is not responsive the above scenario can be solved with the DomainController account attribute. The DomainController account attribute, when populated with a specific DC, will ensure that all connector operations are sent to that DC avoiding replication related delay issues above.

There are two ways to configure and use the DomainController attribute.

Utilize DomainController attribute via a mapped request attribute

  1. Include a request attribute on your workflow request to define a specific domain controller.

  2. Configure an override of the account attribute DomainController with the settings:

    • Action when creating account set to specified value

    • Action when updating account set to specified value

    • Map account attribute to profile/request attribute =request attribute X above

    • Sequence number for setting attribute -1

Utilize DomainController attribute via hardcoded value:

  1. Configure an override of the account attribute DomainController with the settings:

    • Action when creating account set to specified value

    • Action when updating account set to specified value

    • Sequence number for setting attribute -1

  2. At the bottom of the configurations for this account attribute set:

    • Value type Literal Value

    • Attribute value <the DC you want to create the mailbox for>

Room/Equipment/Shared mailbox types

You can configure the Bravura Security Fabric to allow users to request a mailbox of the following supported types:

  • Regular - UserMailbox

  • Shared - SharedMailbox

  • Room - RoomMailbox

  • Equipment - EquipmentMailbox

The mailbox type is controlled by the Type attribute. When attempting to create any type other than a regular user mailbox, Microsoft requires that the corresponding Active Directory user account is first in a disabled state. You must ensure that the Active Directory template account used for these requests is configured to be disabled, and that the accountDisabled attribute is configured to copy from the template during the create operation.

In this section: