Copyright 2012 SAP AG. All rights reserved.

SAP NetWeaver

Identity Management
Identity Center:
Implementing and configuring the template for
Microsoft Exchange 2007 and 2010
Version 7.2 Rev 1
Introduction
This document describes how to implement and configure the template task CreateExchange2007User
or CreateExchange2010User in the Management Console of the Identity Center, in order to be able to
use the Provisioning Framework for SAP Systems to create and mail-enable users in Microsoft
Exchange 2007 or Microsoft Exchange 2010 respectively.
Prerequisites
Before installing and configuring the template, the following is a prerequisite:
SAP NetWeaver Identity Management 7.1 or newer, or SAP NetWeaver Identity Management 7.2 or
newer, is installed and configured.
Provisioning Framework for SAP Systems is imported and configured.
Combination of versions
The following combinations are possible:
Template for MS Exchange 2007 Template for MS Exchange 2010
SAP NW IdM 7.1 X X
SAP NW IdM 7.2 X X

In case the procedure is different for the different combinations, there are separate sections for each of
them.
In the document, the procedures are described for all legal combinations as shown in the table above.
Implementing the template
Note:
It is assumed that the files CreateExchange2007User.mcc and CreateExchange2010User.mcc, both
available on the SDN together with this document, are downloaded.
To implement the template in the Management Console, the following implementation process needs to
be completed:
Import the .mcc file containing the template task.
Disable the current task for creating/provisioning of the Exchange user in the Provisioning
Framework for SAP Systems.
Link the imported template task to replace the old one.

Page 2 of 6 SAP NetWeaver Identity Management Identity Center: Implementing and configuring the template for Microsoft Exchange 2007 and 2010
Copyright 2012 SAP AG. All rights reserved.
Importing the template task
This implementation step is the same for both SAP NetWeaver Identity Management 7.1 and 7.2. To
import the template task CreateExchange2007User or CreateExchange2010User, do the following:
1. Verify that the import options are defined correctly. Select the Identity Center's "Options" tab and
make sure that "Enable imported jobs" is selected. This will ensure that the imported jobs are
enabled. Also make sure that a valid dispatcher is defined in the "Default dispatcher" field.
2. Import either the CreateExchange2007User or CreateExchange2010User template (depending on
whether you want to create and mail-enable users in Microsoft Exchange 2007 or 2010 respectively)
to a suitable place in your provisioning hierarchy (e.g. provisioning group, task group etc) in the
Identity Center Management Console. Select the node in the console tree where you want to place
the task template and choose "Import" from the context menu.
Browse to and select the previously downloaded file CreateExchange2007User.mcc/
CreateExchange2010User.mcc.
3. Choose "Open". This opens the "SAP NetWeaver Identity Center Syncutility" dialog in a new
window.
Make sure that "Import" is selected in the "General" tab and that the dispatchers are assigned in the
"Advanced" tab.
4. Choose "Next >".
5. Select "Import" and then "Finish" to close the window. Select "View logfile" before choosing
"Finish" to view the log file produced during import.
6. Verify that the tasks and the job are enabled and that the dispatcher is defined.
SAP NetWeaver Identity Management Identity Center: Implementing and configuring the template for Microsoft Exchange 2007 and 2010 Page 3 of 6
Copyright 2012 SAP AG. All rights reserved.
Disabling the existing CreateExchangeUser task
The current task in the SAP Provisioning Framework needs to be disabled. There are different
procedures for SAP NetWeaver Identity Management 7.1 and 7.2.
SAP NetWeaver Identi ty Management 7.1
Do the following:
1. Select the task CreateExchangeUser in the SAP Provisioning Framework in the console tree. It
should be located in the node under System Type Specific Tasks\LDAP Tasks\ADS Tasks\Provision
ADS\CheckProvisionedEntryType\MX_PERSON\ProvisionExchangeUser.
2. In the "Options" tab of the task's details pane, disable the task by deselecting the checkbox
"Enabled" in the top left corner:

3. Choose "Apply".
Now that the current CreateExchangeUser task is disabled, it needs to be replaced by the imported task.
Page 4 of 6 SAP NetWeaver Identity Management Identity Center: Implementing and configuring the template for Microsoft Exchange 2007 and 2010
Copyright 2012 SAP AG. All rights reserved.
SAP NetWeaver Identi ty Management 7.2
Do the following:
1. Select the task CreateExchangeUser in the SAP Provisioning Framework in the console tree. It
should be located in the node under CONNECTORS\AD Connector\Application
Actions\CreateExchangeUser.
2. In the "Options" tab of the task's details pane, disable the task by deselecting the checkbox
"Enabled" in the top left corner:

3. Choose "Apply".
Now that the current CreateExchangeUser task is disabled, it needs to be replaced by the imported task.

Linking the imported template task
The process for this implementation step is somewhat different for SAP NetWeaver Identity
Management 7.1 and 7.2.
SAP NetWeaver Identi ty Management 7.1
To link the imported CreateExchange2007User or CreateExchange2010User task in the SAP
Provisioning Framework and replace the old one, do the following:
1. Select "ProvisionExchangeUser" node in the console tree:

2. Select New/Link to existing task from the context menu.
3. In the "Select task" dialog box, browse to and select the imported CreateExchange2007User or
CreateExchange2010User task, and then choose "OK".
4. Make sure that the task is enabled.
SAP NetWeaver Identity Management Identity Center: Implementing and configuring the template for Microsoft Exchange 2007 and 2010 Page 5 of 6
Copyright 2012 SAP AG. All rights reserved.
Now, the imported task has replaced the old CreateExchangeUser task in the SAP Provisioning
Framework.
SAP NetWeaver Identi ty Management 7.2
To link the imported CreateExchange2007User or CreateExchange2010User task in the SAP
Provisioning Framework and replace the old one, do the following:
1. Select "ProvisionExchangeUser" node in the console tree:

2. Select New/Link to existing task from the context menu.
3. In the "Select task" dialog box, browse to and select the imported CreateExchange2007User or
CreateExchange2010User task, and then choose "OK".
4. Make sure that the task is enabled.
Now, the imported task has replaced the old task in the SAP Provisioning Framework.

Configuring the template
To configure the template, the following steps need to be completed:
Create a standard Microsoft Exchange user (for Microsoft Exchange 2010 template only)
Setting the repository constant LDAP_TEMPLATE_MAILBOX
Configuring the Microsoft Exchange attributes
The steps are relevant and the same for both SAP NetWeaver Identity Management 7.1 and 7.2.
Create a standard Microsoft Exchange user (for Microsoft Exchange 2010 template
only)
As of Microsoft Exchange version 2010 there is no longer the concept of a template user. To be able to
use the job sample (the template for Microsoft Exchange 2010), a standard Microsoft Exchange user that
will take the role of the template user needs to be created. This mailbox can be disabled and hidden in
the Active Directory, but it has to exist.
Creating and setting the repository constant LDAP_TEMPLATE_MAILBOX
The tasks CreateExchange2007User and CreateExchange2010User depend on a repository definition
constant LDAP_TEMPLATE_MAILBOX that has to be created in the repository definition defining the
Active Directory where the users will be created.
The LDAP_TEMPLATE_MAILBOX constant should be set to be the CN of the template mailbox, e.g.
given the template mailbox DN: cn=Templ at e Mai l box, cn=User s, DC=exampl e, dc=com, the value of the
constant LDAP_TEMPLATE_MAILBOX should be set to "Template Mailbox".
The template mailbox is mandatory. It does not have to be enabled, just created. Any configuration
change made to this mailbox will affect the mailboxes enabled after this change.
Page 6 of 6 SAP NetWeaver Identity Management Identity Center: Implementing and configuring the template for Microsoft Exchange 2007 and 2010
Copyright 2012 SAP AG. All rights reserved.
Configuring the Microsoft Exchange attributes
The attributes added to Active Directory in this template, are the attributes that are added by default by
the Microsoft Exchange system when enabling a mailbox. In some cases, attributes have to be added or
removed in order for this template to work.
The best way to determine which attributes will be needed for your system is to inspect the attributes
added to the Template Mailbox user when this is created. You can do this with the tool ADSIEDIT.
The tool is also useful if you don't want to use the Template Mailbox, and instead want to specify the
attributes directly/hardcode. Then you can use the tool to retrieve the attributes like HomeMDB,
homeMTA, and other attributes that normally don't change (from Mailbox to Mailbox).