Systems - Exchange: accounts management

Microsoft Exchange Server is a mail server and calendaring server running exclusively on Windows Server operating systems. Thanks to WinRM + AD connector we can manage Exchange.

Connector supports these operations in Exchange:

  • Create - Create mailbox and mail aliases
  • Search - Search mailbox
  • Update - Update mailbox or mail alias
  • Delete - Delete mailbox

For managing Exchange we need these cooperations from customer:

  • Running WinRM on windows server - Installed Windows Remote Management on the server with Active Directory
  • Installed Exchange Management Shell on the server - Client for Exchange
  • Information about server - IP, Endpoint, Ports, OS, etc.
  • Information about Exchange server - IP, Endpoint, Ports, etc.
  • HTTPS listener - Provide the Secure Socket configuration to the server to expose an HTTPS connection
  • CredSSP authentication - CredSSP lets an application delegate the user's credentials from the client to the target server for remote authentication.
  • Certificate for connection to WinRM
  • User to connect to WinRM and Exchange - User which will manage Exchange
  • Port for HTTP 5985 and for HTTPS 5986
User which will connect to WinRM and Exchange must have right permission set. It means that user has permissions to manage mailboxes on Exchange server from server where IdM is running. If user doesn’t have right permission, he won’t be able to connect and manage mailboxes.

To connect IdM to Exchange server, we will use remote connector server.

At first, we must install connector server on the server where IdM is running. For that, we will follow this tutorial

After finishing installation of connector-server we want to test if we can connect to WinRM. For test we will follow this tutorial

After connection test, we must insert scripts to connector server to folder /scripts. Example scripts can be found in: https://github.com/bcvsolutions/winrm-ad-connector (copy both the winrm_wrapper.py and the whole folder exchange).

Next, we must configure new system in IdM. Configuration is very similar to configuration of Active Directory. We will follow this tutorial for configuration

First, we set create via PowerShell to true in system configuration. Then we assign role to user. When assigning is approved, creating account for user in Active Directory will start. After creating account in Active Directory, creating mailbox will start. Result is a new mail-box for user.

  • by tsunami