Adding Exchange

If your environment has Microsoft Exchange, you can configure EmpowerID to inventory and enforce permissions for your Exchange organization. If you are using Exchange, EmpowerID automatically discovers the organization during the initial Active Directory forest scan, categorizes it as a Resource System, and creates a record within the ExchangeMailbox table of the EmpowerID Identity Warehouse for each mailbox within the organization. To work with Exchange after the initial inventory requires that you enable the Exchange Management Host WCF Service job on an EmpowerID Web server and configure the Exchange Resource System to talk to the host on the specified EmpowerID Web server.

EmpowerID directs all traffic for Exchange through the EmpowerID Exchange Services Web site and application pool in IIS.

To configure EmpowerID for Exchange Management

  1. From Configuration Manager, click the EmpowerID Servers and Roles node, scroll to the Exchange Management Host WCF Service job in the Configuration Manager grid, and tick the job so that it is enabled on at least one EmpowerID server. This job must be enabled for EmpowerID to execute the PowerShell cmdlets necessary for managing Exchange, such as creating, deleting, and moving mailboxes.
  2. In Configuration Manager, click the Resource Systems node in the application navigation tree on the left of the screen. You should see the Exchange Organization as a Microsoft Exchange system type in the Configuration Manager grid.
  3. From the Configuration Manager grid, double-click the Exchange Organization, or right-click it and select Edit from the context menu.
  4. This opens the Exchange Organization configuration screen, which has several setting that you set as desired. A description of these settings as they appear in each of the panes of this screen follows below.


    Exchange Pane

    Use this pane to make general configuration settings for the Exchange organization.

    • Account Store Name - This is the name of the account store in which the Exchange Organization resource system resides. This field is populated with the name of your Active Directory.
    • Resource System Name - This is the name of the Exchange resource system. To change this name, click the Edit button, enter a new name in the Resource System Friendly Name window that appears and click OK.
    • Organization Name - This is the display name of the Exchange Resource System. This value is supplied from the value entered into Resource System Friendly Name window.
    • Exchange Management Host - This is the EmpowerID server running the Exchange Management Host WCF Service. This server must have the EmpowerID Web Role Windows service installed.
      • To set the host
        1. Click the Exchange Management Host Edit button.
        2. In the Choose Servers window that opens, toggle the icon beside the server or servers running the Exchange Management Host from a red sphere to a green check and then click OK to close the window.
    • Load-Balancing Scheme - This is the method used to determine how mail is distributed to mailbox stores. The following options are available:
      • Random - Selects mailbox stores randomly.
      • QuotaBased - Compares the amount of storage space allocated for existing mailboxes against the value set as the maximum capacity for the mailbox store and selects the mailbox store within the load-balancing groups specified with the most unallocated space.
      • MailboxCount - Finds the mailbox store within the specified load-balancing group with the least number of existing mailboxes.
      • Custom - Allows you to define your own load-balancing scheme. Scheme can be defined by modifying the Custom_ExchangeMailboxStoreView_GetByCustomerGroupCustomLogic stored procedure in the EmpowerID Identity Warehouse.
        • To set the scheme
          1. Click the Load-Balancing Scheme Edit button.
          2. In the Change Load-Balancing Scheme window that opens, select the desired scheme from the drop-down list and then click OK to close the window.


    Rights Enforcement for Resource Role Groups Pane

    Use this pane to enable or disable and schedule rights enforcement for Resource Role Groups for Exchange. This process is used to determine who should have access to what in Exchange based on their assignments to Access Levels in EmpowerID and is enforced using domain local groups (Resource Role Groups).

    • Account Store Name - This is the name of the account store in which the Exchange Organization resource system resides. This field is populated with the name of your Active Directory.
    • Resource System Name - This is the name of the Exchange resource system. To change this name, click the Edit button, enter a new name in the Resource System Friendly Name window that appears and click OK.
    • Organization Name - This is the display name of the Exchange Resource System. This value is supplied from the value entered into Resource System Friendly Name window.
    • Exchange Management Host - This is the EmpowerID server running the Exchange Management Host WCF Service. This server must have the EmpowerID Web Role Windows service installed.
      • To set the host
        1. Click the Exchange Management Host Edit button.
        2. In the Choose Servers window that opens, tick the icon beside the server or servers running the Exchange Management Host from a red sphere to a green check and then click OK to close the window.
  • Load-Balancing Scheme - This is the method used to determine how mail is distributed to mailbox stores. The following options are available:
    • Random - Selects mailbox stores randomly.
    • QuotaBased - Compares the amount of storage space allocated for existing mailboxes against the value set as the maximum capacity for the mailbox store and selects the mailbox store within the load-balancing groups specified with the most unallocated space.
    • MailboxCount - Finds the mailbox store within the specified load-balancing group with the least number of existing mailboxes.
    • Custom - Allows you to define your own load-balancing scheme. Scheme can be defined by modifying the Custom_ExchangeMailboxStoreView_GetByCustomerGroupCustomLogic stored procedure in the EmpowerID Identity Warehouse.
      • To set the scheme
        1. Click the Load-Balancing Scheme Edit button.
        2. In the Change Load-Balancing Scheme window that opens, select the desired scheme from the drop-down list and then click OK to close the window.