Enabling Shared Mailbox Management
Note
By default, Shared Mailbox management is not enabled for the Active Directory application.
To enable shared mailbox management, complete the following:
-
Import the Shared Mailbox Schema to the Active Directory application.
Copy the following schema and paste it below Group Schema:<Schema aggregationType="group" descriptionAttribute="description" displayAttribute="msDS-PrincipalName" featuresString="PROVISIONING" hierarchyAttribute="" identityAttribute="distinguishedName" instanceAttribute="" nativeObjectType="Group" objectType="sharedMailbox">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known by</Description>
</AttributeDefinition>
<AttributeDefinition name="distinguishedName" type="string">
<Description>distinguished name for which the entity is known by</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="objectSid" type="string">
<Description>Windows Security Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="objectguid" type="string">
<Description>Object globally unique identifier </Description>
</AttributeDefinition>
<AttributeDefinition name="mailNickname" type="string">
<Description>Exchange alias for the Shared Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="msDS-PrincipalName" type="string">
<Description>Name of the entity in the format "NetBIOS domain name\sAMAccountName"</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="fullAccess" type="string">
<Description>List of user or group having full access permission on the Shared Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="sendAs" type="string">
<Description>List of user or group having 'Send As' permission on the Shared Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="sendOnBehalf" type="string">
<Description>List of user or group having 'Send on behalf' permission on the Shared Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="memberOf" schemaObjectType="group" type="string"/>
<AttributeDefinition name="sAMAccountName" type="string"/>
<AttributeDefinition name="homeMDB" type="string"/>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="[fullAccess, sendOnBehalf, sendAs]" />
</Map>
</Attributes>
</Schema> -
Update the User Account schema to represent an assigned Shared Mailbox.
Copy the following attribute definition and paste it in User Schema:Copy<AttributeDefinition entitlement="true" managed="true" multi="true" name="memberOfSharedMailbox" schemaObjectType="sharedMailbox" type="string">
<Description>List of Shared Mailboxes to which user is has permissions</Description>
</AttributeDefinition>The value of
schemaObjectTypecan be set to string if the Shared Mailbox object schema is not added in the application. -
Add Create and Update Provisioning policies. The connector supports updating attributes which are present in the Shared Mailbox schema.
Copy the following policies under the <ProvisioningForms> tag:-
Create Policy
Copy<Form name="Create Shared Mailbox" objectType="sharedMailbox" type="Create">
<Attributes>
<Map>
<entry key="pageTitle" value="Create Shared Mailbox"/>
</Map>
</Attributes>
<Section>
<Field displayName="con_prov_policy_ad_distinguishedName" helpKey="help_con_prov_policy_ad_distinguishedName" name="distinguishedName" required="true" type="string"/>
<Field displayName="con_prov_policy_ad_mailNickname" helpKey="help_con_prov_policy_ad_mailNickname" name="mailNickname" required="true" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ad_homeMDB" helpKey="help_con_prov_policy_ad_homeMDB" name="homeMDB" reviewRequired="true" type="string"/>
<Field displayName="Full Access" multi="true" name="fullAccess" type="string"/>
<Field displayName="Send As" multi="true" name="sendAs" reviewRequired="true" type="string"/>
<Field displayName="Send On Behalf" multi="true" name="sendOnBehalf" type="string"/>
</Section>
</Form>
-
Update Policy
Copy<Form name="Update Shared Mailbox" objectType="sharedMailbox" type="Update">
<Attributes>
<Map>
<entry key="pageTitle" value="Update Shared Mailbox"/>
</Map>
</Attributes>
<Section>
<Field displayName="con_prov_policy_ad_distinguishedName" helpKey="help_con_prov_policy_ad_distinguishedName" name="distinguishedName" required="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_ad_mailNickname" helpKey="help_con_prov_policy_ad_mailNickname" name="mailNickname" required="true" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ad_homeMDB" helpKey="help_con_prov_policy_ad_homeMDB" name="homeMDB" reviewRequired="true" type="string"/>
<Field displayName="msDS-PrincipalName" helpKey="msDS-PrincipalName" name="msDS-PrincipalName" reviewRequired="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="sAMAccountName" helpKey="sAMAccountName" name="sAMAccountName" reviewRequired="true" type="string">
</Field>
<Field displayName="objectSid" helpKey="cn" name="objectSid" reviewRequired="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="objectguid" helpKey="objectguid" name="objectguid" reviewRequired="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="Full Access" multi="true" name="fullAccess" reviewRequired="true" type="string"/>
<Field displayName="Send As" multi="true" name="sendAs" reviewRequired="true" type="string"/>
<Field displayName="Send On Behalf" multi="true" name="sendOnBehalf" reviewRequired="true" type="string"/>
</Section>
</Form>
-