none
Best way to provision Exchange 2013 / Lync 2013? RRS feed

  • Question

  • Hi Pros

    I'm trying to figure out which would be the best way to provision user accounts to have Exchange 2013 and Lync 2013 -enabled to their AD user account. I have one requirement for this:

    • If person get's married, last name changes, this should also change the email address

    For Exchange we're currently using a custom powershell activity (not the one everyone else is using...) to accomplish this with two sets and workflows, one for the provision (1st time) and one for the modification (if the name changes...). Although, this custom PS activity isn't so accurate as it should be... Is anyone else provisioning Exchange 2013 through workflow activity? If so, would someone care to throw some examples?

    Is it better way to do the Exchange / Lync with their own MA:s rather than using workflows to just enable the account with these two? If so, would someone please kindly help me to find some examples about Powershell MAs that can be used with Exchange / Lync?

    Thanks again.

    Saturday, June 7, 2014 5:07 AM

Answers

  • The PS MA does not care whether you use Sync Rules from the Portal or use classic flows; either will work.

    I hardly ever do Exchange provisioning using the standard MA anymore as customers typically always wants a little twist to the mailbox generation, so I use my PS MA for all Exchange-related MA stuff. That goes for Lync as well.

    I have posted some Exchange 2010 scripts on my blog - http://blog.goverco.com/p/psmadownloads.html that could guide you in the right direction with the Exchange part. I don't have any Lync scripts that are mine to publish yet.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Friday, June 13, 2014 5:09 AM

All replies

  • Hello Narcoticco,

    My suggestion would be to not use a PowerShell activity to do provisioning from within the workflow process. Although this is a possible solution it creates a lot of additional work for you (since you will have to cater for all kinds of changes within you PowerShell workflows now). The FIM sync engine can do all of this with a standard AD management agent that will solve you challenges.

    Refer to examples of how to do Exch provisioning using Sync Rule in FIM. Even if these are Exch 2010 exmaples that logic still applies. See: http://technet.microsoft.com/en-us/magazine/ff472471.aspx for exmaple.

    The logic is very simple:

    • Set up your sync rules: During provisioning conditions, you provide key fields to the sync rule (mailNickName, homeMDB, etc).
    • Set up you MA: You point the MA to a CAS server in your environment and specify an exchange version.
    • When provisioning takes places, FIM creates the AD object and then calls the Update-Recipient cmdlet to do the provisioning.
    • When any of the exchange fields changes in FIM and are exported in the future - the cmdlet is called AGAIN to update the exchange values. Thus is you change the surname, make sure the change is reflected on the mailnickname and FIM will do the rest

    Doing is this way means you do not do provisioning of objects outside the FIM Sync mechanism which opens a lot of state enforcement benefits - and you are not building the FIM Sync engine in FIM powershell workflow activities :).

    Hope this helps.



    Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster.]

    Monday, June 9, 2014 5:13 AM
  • Hi Almero

    First, thanks for the response. I'll check the things you provided, however I'd be more intrested in doing Exchange and Lync as their own MAs, with Powershell MA rather than using the AD MA to do Exchange However, I've not found any examples on how to do this with Lync / Exchange, specially the schema, import and export scripts that are required... 

    Monday, June 9, 2014 6:20 AM
  • You might want to check on Soren's Powershell MA which has some Lync example that might be useful for your scenario.

    http://blog.goverco.com/p/powershell-management-agent.html

    Scott


    Monday, June 9, 2014 1:34 PM
  • Soren's MA is the one I'm thinking of using... I didn't find any Lync examples from the website though...

    Monday, June 9, 2014 1:59 PM
  • Download the MA and then look in the scripts folder.  They are in there from what I recall.
    Monday, June 9, 2014 4:18 PM
  • I didn't find any example for Lync from the website, or the packages... Could you post example somewhere? Thanks.

    Tuesday, June 10, 2014 6:32 AM
  • Unfortunately I don't think that there are any Lync samples there. I've done it at a few customers but have not had the time to put the scripts online as of now.

    I basically read users from AD and export their SIP address which is controlled from the FIM Portal / Service. In the export scripts, I call the standard Lync CMDLets for Lync-enabling users

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Wednesday, June 11, 2014 6:05 PM
  • I would be really intrested to see how is it actually done... I'm pretty new to whole FIM so I'm still learning. Basically what we've got is HR -> FIM -> AD now working, all the AD provisioning or attribute mapping is done through the FIM portal with Synchronization rules and I was thinking to have the same kind of approach for Exchange and Lync....

    Thursday, June 12, 2014 10:26 AM
  • Yeah, sorry about that.  Now I remember the Soren's MA came with 0365 Powershell scripts.  The Lync stuff can be quite involved so I would suggest you check out the following to get you started:

    http://technet.microsoft.com/en-us/library/gg398711.aspx

    I did a project way back when to manage Lync users via Powershell from portal custom activities but not the Powershell MA.  Perhaps you could modify the out of the box 0365 scripts and fit them to Lync.  There are no C# libraries for Lync so it is a different animal to get up and going with FIM.  However, I would go the MA route and steer away from the custom activities if you are new to this.

    Scott

    Thursday, June 12, 2014 5:52 PM
  • We did try custom activities and you're right, it's just way too confusing... Some questions to Soren, is it possible to use your PowerShell MA as I described above? So that all the synchronization rules (or attribute flows) are defined in the FIM portal instead of the Synchronization Service?

    Am I the only one needing Lync scripts for this MA, and am I the only one who also wants to get Exchange things to be done the same way (with dedicated MA)?

    Thursday, June 12, 2014 8:30 PM
  • The PS MA does not care whether you use Sync Rules from the Portal or use classic flows; either will work.

    I hardly ever do Exchange provisioning using the standard MA anymore as customers typically always wants a little twist to the mailbox generation, so I use my PS MA for all Exchange-related MA stuff. That goes for Lync as well.

    I have posted some Exchange 2010 scripts on my blog - http://blog.goverco.com/p/psmadownloads.html that could guide you in the right direction with the Exchange part. I don't have any Lync scripts that are mine to publish yet.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt


    Friday, June 13, 2014 5:09 AM
  • Ok, so I got this almost working now... I've created the scripts needed, created sync rules etc. Import works fine, I do not use your AD search method, I prefer using the Get-Mailbox. My problem now is that if I want to sync stuff from my HR system to 1st AD, then 2nd Exchange the HR full sync fails because it cannot find 'parent object' for the imported objects of the Exchange PSMA... I'm really new to this all, could someone please guide me...
    Monday, July 14, 2014 10:56 AM