Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
We have users that require e-mail addresses aliases, in Microsoft Exchange terminology, proxyAddresses. This works very well to give a user a temporary e-mail address for receiving specific e-mail messages when they do not need to reply using that temporary address. For example, HR places an employment ad in the paper or online, you can give them an address specifically for that listed ad, job1234@company.com. They do not have to worry about their normal address being posted and harvested by spammers, once the ad expires, remove the proxyaddress and no more e-mail will be accepted for that address.
The problem arises that while the e-mail address field in eDirectory is mutli-valued, AD doesn't have a multi-valued field for e-mail address of a user. Because we want to be able to do our primary user maintenance in eDirectory, we needed a way to enter multiple e-mail addresses for a user and have them be transfered to Exchange 2007. Exchange also requires there to be a primary address for users, and it only differentiates that by having the address prefix SMTP: in upper case, instead of smtp: lower case, which are the proxyaddresses. Also, eDirectory has no direct designation for which value in the e-mail address field is the primary address, so it is difficult to only use this field for setting the proxyaddress values. To work around this, we created a new attribute that can be associated with the users requiring alternate addresses. IDM then uses those values as the proxyaddresses in exchange.
Exchange: Turn off “Automatically update e-mail addresses based on e-mail address policy” for all users, or at least those who will use proxyAddresses or Exchange will reset the addresses to match the address policy.
Do these Creates on both primary eDirectory and Vault eDirectory.
create new attribute: EXProxyAddresses as Case Ignore String Sync immediate, public read.
iManager roles and tasks:
Schema: Create Attribute
name: EXProxyAddresses (leave ASN1 ID blank)
syntax: Case Ignore String
flags: Synchronize immediately, Public Read
Click Finish.
create new class: auxEXProxyAddresses with attribute as optional
iManager roles and tasks:
Schema: Create Class
name: auxEXProxyAddresses (leave ASN1 ID blank)
flags: auxiliary Class
inherit: none
mandatory: none
optional: EXProxyAddresses
naming: none
Click Finish.
Add the attribute to the Identity Manager Driver Filters:
[Do this on both Vault and eDirectory connector Driver set]
iManager Identity manager overview:
Select the eDir driver:
click the driver filter
Select the User Class:
click Add Attribute:
scroll to the bottom
click “Show all attributes"
Select the new EXProxyAddresses attribute
Set the synchronization methods:
Publish: Synchronize
Subscribe: Synchronize
Add the attribute to the Identity Manager ActiveDirectory Driver Filter:
(same screens as previous)
iManager:
Identity manager overview:
Select the MAD driver:
click the driver filter
Select the User Class:
click Add Attribute:
scroll to the bottom
click “Show all attributes"
Select the new EXProxyAddresses attribute
Set the synchronization methods:
Publish: Ignore (may choose synchronize as well)
Subscribe: Synchronize
Setup the proxy addresseses for AD driver- (you may need to use IE as some versions of FireFox had problems)
iManager:
select the outputTransform from the AD driver (same place you would have the
general setting of the exchange e-mail attribute)
Create a Policy Rule for Primary proxy address for AD Driver [primary is SMTP:]
Conditions:
If class name equal "User"
And if source attribute 'Internet EMail Address' available
Actions:
clear destination attribute value ("proxyAddresses",when="after")
add destination attribute value ("proxyAddresses",when="after","SMTP:" Source
Attribute("Internet EMail Address"))
Create a Policy Rule for proxy E-mail addresses [these are smtp:]
Conditions:
if class name equal "User"
And if source attribute 'Internet EMail Address' available
And if source attribute 'EXProxyAddresses' available
Actions:
for each (nodeset(Attribute("EXProxyAddresses"))
actions (add destination attribute
value ("proxyAddresses",when="after","smtp:" Local Variable("current-node"))))
Add the class selected user objects:
iManager:
Roles and tasks:
Schema:
Object Extentions
Enter object: (can only do one at a time)
current list: [if auxEXProxyAddresses is not listed, click Add]
select auxEXProxyAddresses from the list and click ok.
iManager: alternative
ViewObjects:
Browse tab:
Select the user: Select Object Extensions
click OK to extend the selected object
current list: [if auxEXProxyAddresses is not listed, click Add]
select auxEXProxyAddresses from the list and click ok.
ConsoleOne:
Select user to add the class to
right click: select Extensions of this object
Add Extension: auxEXProxyAddresses
(click ok, to no template)
(enter anything for name (even space))
Add proxy addresses to the User object:
iManager:
ViewObjects: Browse
select the user: Modify object (not modify user)
Other tab: double click EXProxyAddress
click the to add [- to remove, pencil to edit]
add/remove/edit the proxy addresses
(do NOT include the primary e-mail address here)
click OK or apply to add them
ConsoleOne:
Select user to add proxy addresses to (double click or right click: properties)
Other tab:
if EXProxyAddresses is not listed, click Add and select it)
add values [ to add another, click EXProxyAddress and click Add]
(do NOT include the primary e-mail address here)
click OK or apply to save the changes.
IDM will then synchronize your EXProxyAddress entries to your Exchange ProxyAddress values in Active Directory.