Pass Sync and Exchange account
We need to connect Active Directory 2012 and Exchange 2013 (hosted on WS2012 R2) with IDM 4.8 (hosted on WS2019).
This Active Directory has 2 domains (2 different Forests) linked by a trust relationship, one used to user-related tasks like hosting users & password changes (domain “A”), and the other one by Exchange (domain “B”).
Where should we install remote loader to successfully (i) provision AD users (ii) provision Exchange accounts (iii) capture password changes?
According to the documentation:
- In order to capture password changes, RL must be installed on a member server of “Domain A”.
- To provision Exchange 2013 accounts, we do need to install Exchange management tools in the same server that holds the Remote Loader.
- Exchange 2013 Management Tools support up to Windows Server 2012 R2.
- IDM 48 Remote Loader requires a minimum WS2016 therefore we could not use it.
- RL 4.7.x is compatible with IDM 48 and simultaneously can be installed on a windows 2012 server.
- Would the following scenario work?
WS 2012 R2, member of “domain A”, with exchange management tools 2013 installed, Remote Loader 4.7.x.
- Can I provision Exchange 2013 accounts without installing the management tools?
It looks like you have a "Linked mailbox" scenario.
I'm not sure if "default" driver functionality covers this scenario.
Typical Powershell command that creates from accounts domain (Contoso) mailbox in Resource/Exchange domain (Fabrikam)
New-Mailbox -Name "Ayla Kol" -LinkedDomainController "DC1_FABRIKAM" -LinkedMasterAccount " FABRIKAM\aylak" -OrganizationalUnit Users -UserPrincipalName firstname.lastname@example.org -LinkedCredential:(Get-Credential FABRIKAM\administrator).
>Can I provision Exchange 2013 accounts without installing the management tools?
Installed Exchange management tools allow to "manage Exchange" thru EAC or Powershell. (you can try to copy all required modules/DLL/files from/into different locations manually, but this is a non-trivial task without any real benefits)
Is this task doable - absolutely!
Easy (default) - No!
If I have to do it, I will use a mix of AD drivers and CLE drivers, that manage executions of custom PowerShell scripts.