Azure AD 5.1.7 P3 not creating mailboxes correctly.

We are experiencing an issue with the Azure AD Driver version 5.1.7, where it is not creating User Mailboxes as expected. The users are visible in the tenant, but their mailboxes are not being provisioned correctly. We noticed that the Exchange Online service logs do not show the New-Mailbox command being sended. Any insights or solutions to resolve this would be appreciated.

Identity Manager Version 4.8.4

  • 0  

    Can you provide more information and if possible (anonymised) traces from the IDM remote loader and IDM Exchange Service?

  • 0 in reply to   

    Yeah sure!

    IDM Exchange online when creating the user:

    [09/12/2024 12:19:11.951] anon.com – XXX.X.X.XX:9001/.../<objectGUIDanonymized>
    [09/12/2024 12:19:11.954] anon.com – Invoking: Get-User
    Identity: <objectGUIDanonymized>

    [09/12/2024 12:19:12.006] anon.com – Operation Failed: The term 'Get-User' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    [09/12/2024 12:19:40.585] anon.com – XXX.X.X.XX:9001/.../<objectGUIDanonymized>
    [09/12/2024 12:19:40.588] anon.com – Invoking: Get-User
    Identity: <objectGUIDanonymized>

    [09/12/2024 12:19:40.648] anon.com – Operation Failed: The term 'Get-User' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    [09/12/2024 12:19:42.263] anon.com – XXX.X.X.XX:9001/.../psexecute
    [09/12/2024 12:19:43.085] anon.com – Invocation: Completed
    [09/12/2024 12:19:43.794] anon.com – Invocation: Completed
    [09/12/2024 12:19:43.798] anon.com – XXX.X.X.XX:9001/.../psexecute
    [09/12/2024 12:19:44.172] anon.com – Invocation: Completed
    [09/12/2024 12:19:44.608] anon.com – Invocation: Completed

    IDM Remote Loader before it sends the information to the shim:
    <nds dtdversion="4.0" ndsversion="8.x">
    <source>
    <product edition="Advanced" version="4.8.4.0">DirXML</product>
    <contact>NetIQ Corporation</contact>
    </source>
    <input>
    <add cached-time="20240912151907.990Z" class-name="user" event-id="idm#20240912151907#1#1:<anonymized>" qualified-src-dn="O=data\OU=users\OU=actives\CN=<anonymized>" src-dn="\<anonymized>\data\users\actives\<anonymized>" src-entry-id="38219" timestamp="1726154347#225">
    <add-attr attr-name="city">
    <value timestamp="1726154347#18" type="string"><anonymized></value>
    </add-attr>
    <add-attr attr-name="userPrincipalName">
    <value type="string"><anonymized>@<anonymized></value>
    </add-attr>
    <add-attr attr-name="country">
    <value timestamp="1726154347#33" type="string">Chile</value>
    </add-attr>
    <add-attr attr-name="companyName">
    <value timestamp="1726154347#38" type="string"><anonymized> S.a.</value>
    </add-attr>
    <add-attr attr-name="employeeType">
    <value timestamp="1726154347#37" type="string">Interno</value>
    </add-attr>
    <add-attr attr-name="displayName">
    <value timestamp="1726154347#13" type="string"><anonymized> <anonymized> <anonymized> <anonymized></value>
    </add-attr>
    <add-attr attr-name="givenName">
    <value timestamp="1726154347#34" type="string"><anonymized></value>
    </add-attr>
    <add-attr attr-name="otherMails">
    <value timestamp="1726154347#19" type="string"><anonymized></value>
    </add-attr>
    <add-attr attr-name="manager">
    <value association-ref="<anonymized>" timestamp="1726154347#22" type="dn"><anonymized></value>
    </add-attr>
    <add-attr attr-name="department">
    <value timestamp="1726154347#35" type="string">Consultoria</value>
    </add-attr>
    <add-attr attr-name="su
    DirXML: [09/12/24 12:19:10.27]: rname">
    <value timestamp="1726154347#16" type="string"><anonymized></value>
    </add-attr>
    <add-attr attr-name="businessPhones">
    <value timestamp="1726154347#32" type="teleNumber"><anonymized></value>
    </add-attr>
    <add-attr attr-name="jobTitle">
    <value timestamp="1726154347#12" type="string">Consultor</value>
    </add-attr>
    <add-attr attr-name="mailNickname">
    <value type="string"><anonymized></value>
    </add-attr>
    <add-attr attr-name="Login Disabled">
    <value type="state">true</value>
    </add-attr>
    <add-attr attr-name="usageLocation">
    <value type="string">CL</value>
    </add-attr>
    <add-attr attr-name="Type">
    <value type="string">UserMailbox</value>
    </add-attr>
    <add-attr attr-name="immutableId">
    <value type="string"><anonymized>/value>
    </add-attr>
    <add-attr attr-name="forceChangePasswordNextSignIn">
    <value type="string">false</value>
    </add-attr>
    <password><!-- content suppressed --></password>
    </add>
    </input>
    </nds>

    Execution:
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver: AZSubscriber.execute()
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver: AddHandler: Filtering out attribute 'Type' for class user.
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver: AddHandler: Filtering out attribute 'immutableId' for class user.
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: RESTSubscriptionShim.execute() :
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: Calling document modifier class com.novell.nds.dirxml.driver.azure.apiext.GraphAPIExtension.modifySubscriberRequest()
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: addHandler
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: addHandler: class-name == 'users'
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: Add: preparing POST to graph.microsoft.com/.../users
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: Setting the following HTTP request properties:
    Authorization: <content suppressed>
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: Content-Type:application/json
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: Trying to use existing token
    DirXML: [09/12/24 12:19:10.27]: TRACE: Azure AD Driver_Azure: Did a HTTP POST with 541 bytes of data to graph.microsoft.com/.../users
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Response code and message: 201 Created
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Calling document modifier class com.novell.nds.dirxml.driver.azure.apiext.GraphAPIExtension.modifySubscriberResponse()
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: RESTSubscriptionShim.execute() :
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Calling document modifier class com.novell.nds.dirxml.driver.azure.apiext.GraphAPIExtension.modifySubscriberRequest()
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: customHandler
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: customHandler: class-name == 'users'
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Custom: preparing PUT to graph.microsoft.com/.../$ref
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Setting the following HTTP request properties:
    Authorization: <content suppressed>
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Content-Type:application/json
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Trying to use existing token
    DirXML: [09/12/24 12:19:10.83]: TRACE: Azure AD Driver_Azure: Did a HTTP PUT with 96 bytes of data to graph.microsoft.com/.../$ref
    DirXML: [09/12/24 12:19:11.17]: TRACE: Azure AD Driver_Azure: Response code and message: 204 No Content
    DirXML: [09/12/24 12:19:11.17]: TRACE: Azure AD Driver_Azure: Calling document modifier class com.novell.nds.dirxml.driver.azure.apiext.GraphAPIExtension.modifySubscriberResponse()
    DirXML: [09/12/24 12:19:11.17]: TRACE: Remote Loader: SubscriptionShim.execute() returned:
    DirXML: [09/12/24 12:19:11.17]: TRACE: <nds dtdversion="2.0" ndsversion="8.x">
    DirXML Log Event -------------------
    Driver = \<anonymized>\system\driverset1\Azure AD Driver
    Thread = Subscriber
    Object = \<anonymized>\data\users\actives\<anonymized>
    Level = success

  • 0   in reply to 

    Looks like you have not done all the install/setup steps correctly.
    Would be interesting to see the same trace file showing driver startup and how it handles initialisation / connection to the AzureAD / IDM Exchange components.

    term 'Get-User' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    Have you completed all the config steps listed on this page? Particularly the specific one I have directly linked to?

    www.netiq.com/.../preparinginstallation517.html

  • 0 in reply to   

    I even recently re-installed IDM Exchange Service, and followed the update process detailed here: netiq.com/documentation/identity-manager-48-drivers/AzureADDriver_5170300readme/data/AzureADDriver_5170300readme.html#Upgrading_the_driver_files to the letter. We don't know what could've gone wrong here. We're still unable to get (I assume) any command running properly. This was after the upgrade process from .0100 to .0300.