We have users that require e-mail addresses aliases, in Microsoft Exchange terminology, proxyAddresses. This works very well to give a user a temporary e-mail address for receiving specific e-mail messages when they do not need to reply using that temporary address. For example, HR places an employment ad in the paper or online, you can give them an address specifically for that listed ad, job1234@company.com. They do not have to worry about their normal address being posted and harvested by spammers, once the ad expires, remove the proxyaddress and no more e-mail will be accepted for that address.

The problem arises that while the e-mail address field in eDirectory is mutli-valued, AD doesn't have a multi-valued field for e-mail address of a user. Because we want to be able to do our primary user maintenance in eDirectory, we needed a way to enter multiple e-mail addresses for a user and have them be transfered to Exchange 2007. Exchange also requires there to be a primary address for users, and it only differentiates that by having the address prefix SMTP: in upper case, instead of smtp: lower case, which are the proxyaddresses. Also, eDirectory has no direct designation for which value in the e-mail address field is the primary address, so it is difficult to only use this field for setting the proxyaddress values. To work around this, we created a new attribute that can be associated with the users requiring alternate addresses. IDM then uses those values as the proxyaddresses in exchange.

Exchange: Turn off “Automatically update e-mail addresses based on e-mail address policy” for all users, or at least those who will use proxyAddresses or Exchange will reset the addresses to match the address policy.

Click to view.

Do these Creates on both primary eDirectory and Vault eDirectory.

create new attribute: EXProxyAddresses as Case Ignore String Sync immediate, public read.

iManager roles and tasks:


Schema: Create Attribute

Click to view.

name: EXProxyAddresses (leave ASN1 ID blank)

Click to view.

syntax: Case Ignore String

Click to view.

flags: Synchronize immediately, Public Read

Click to view.

Click Finish.

create new class: auxEXProxyAddresses with attribute as optional

iManager roles and tasks:

Schema: Create Class

Click to view.

name: auxEXProxyAddresses (leave ASN1 ID blank)

Click to view.

flags: auxiliary Class

Click to view.

inherit: none

Click to view.

mandatory: none

Click to view.

optional: EXProxyAddresses

Click to view.

naming: none

Click to view.

Click Finish.

Add the attribute to the Identity Manager Driver Filters:

[Do this on both Vault and eDirectory connector Driver set]

iManager Identity manager overview:

Select the eDir driver:

Click to view.

click the driver filter

Click to view.

Select the User Class:

Click to view.

click Add Attribute:

scroll to the bottom

Click to view.

click “Show all attributes"

Click to view.

Select the new EXProxyAddresses attribute

Click to view.

Set the synchronization methods:

Publish: Synchronize

Subscribe: Synchronize

Add the attribute to the Identity Manager ActiveDirectory Driver Filter:

(same screens as previous)

iManager:

  Identity manager overview:

    Select the MAD driver:

      click the driver filter

        Select the User Class:

          click Add Attribute:

            scroll to the bottom

              click “Show all attributes"

                Select the new EXProxyAddresses attribute

                  Set the synchronization methods:

                    Publish: Ignore (may choose synchronize as well)

                    Subscribe: Synchronize

Setup the proxy addresseses for AD driver- (you may need to use IE as some versions of FireFox had problems)

iManager:

  select the outputTransform from the AD driver (same place you would have the

  general setting of the exchange e-mail attribute)

    Create a Policy Rule for Primary proxy address for AD Driver [primary is SMTP:]

      Conditions:

          If class name equal "User"

          And if source attribute 'Internet EMail Address' available


      Actions:

          clear destination attribute value ("proxyAddresses",when="after")

          add destination attribute value ("proxyAddresses",when="after","SMTP:" Source
          Attribute("Internet EMail Address"))

    Create a Policy Rule for proxy E-mail addresses [these are smtp:]

      Conditions:

          if class name equal "User"

          And if source attribute 'Internet EMail Address' available

          And if source attribute 'EXProxyAddresses' available


      Actions:

          for each (nodeset(Attribute("EXProxyAddresses"))

          actions (add destination attribute
          value ("proxyAddresses",when="after","smtp:" Local Variable("current-node"))))

Click to view.

Add the class selected user objects:

iManager:

  Roles and tasks:

    Schema:

      Object Extentions

        Enter object: (can only do one at a time)

          current list: [if auxEXProxyAddresses is not listed, click Add]

            select auxEXProxyAddresses from the list and click ok.

Click to view.

iManager: alternative

  ViewObjects:

    Browse tab:

      Select the user: Select Object Extensions

        click OK to extend the selected object

          current list: [if auxEXProxyAddresses is not listed, click Add]

            select auxEXProxyAddresses from the list and click ok.

ConsoleOne:

  Select user to add the class to

    right click: select Extensions of this object

      Add Extension: auxEXProxyAddresses

        (click ok, to no template)

          (enter anything for name (even space))

Add proxy addresses to the User object:

iManager:

  ViewObjects: Browse

    select the user: Modify object (not modify user)

      Other tab: double click EXProxyAddress

        click the to add [- to remove, pencil to edit]

          add/remove/edit the proxy addresses

          (do NOT include the primary e-mail address here)

          click OK or apply to add them

ConsoleOne:

  Select user to add proxy addresses to (double click or right click: properties)

      Other tab:

        if EXProxyAddresses is not listed, click Add and select it)

          add values [ to add another, click EXProxyAddress and click Add]

          (do NOT include the primary e-mail address here)

          click OK or apply to save the changes.

IDM will then synchronize your EXProxyAddress entries to your Exchange ProxyAddress values in Active Directory.