Using FIM it’s easy to provision mailboxes for users. In my current project we also needed to provision mail enabled users. The difference between a mailbox enabled and mail enabled is that the latter only has an email address associated with it’s account. The mailbox is typically located at an external organization.
Here’s a table from Exchange Provisioning using ILM 2007 and FIM 2010
It shows which attributes to flow for each recipient type. As we are going to provision mail enabled users we only need to flow
- mailNickname
- targetAddress
I like to use the sAMAccountName for the mailNickname. The reason why we wanted to mail enable some users is that we’d want external users (like consultants) to appear in the GAL. The customer itself was using a (fictive) domain like @internalAD.local.
At first I had my rules configured as:
- sAMAccountName –> mailNickname
- TargetAddress –> targetAddress
Where TargetAddress has values like “thomas@setspn.com”.
The result:
While it looks ok at first sight, when you look for the user in the GAL, it will appear with an e-mail address of the customer his address space... Not exactly what we were looking for.
I did some testing using the Exchange Management Console, and the what I wanted to achieve seemed to be possible using the GUI, I must have done something wrong! It seems the targetAddress attribute in AD is supposed to contain “SMTP:emailaddress” and not merely “emailaddress”. So I changed the rules:
- sAMAccountName –> mailNickname
- TargetAddress –> “SMTP:”+targetAddress
And now my user looks like:
You can clearly see that the “primary” address is now the external address. And below you can see the difference in the GAL lookup. The first entry is bad, the second entry is OK.
No Response to "Provisioning Mail Enabled Users with FIM 2010"
Add Your Comment