OIM Exchange Integration

Similar Messages

• OIM AD Integration - 'User must change password at next logon'

  Hi,
  These are the issues in OIM AD integration that we are stuck up on:
  Issue:
  1. When OIM Admin resets the password for User1 in OIM, the password is propagated to AD but the ‘User must change password at next logon’ attribute is not updated in AD. As a result, if the User1 logs into AD account (i.e. computer), there is no prompt to change the password.
  2. When AD Admin resets the password for User1 in AD and checks the ‘User must change password at next logon’ flag, the password is propagated to OIM but the ‘obpasswordchangeflag’ attribute (of oblixPersonPwdPolicy class) is not updated in OID. As a result, if the User1 logs into OIM account, there is no prompt to change the password.
  Research:
  1. For case 1 above: When OIM Admin resets the password for User1, the ‘User must change password at next logon’ attribute on the AD process form itself is not getting updated. So the AD Connector doesn’t propagate the attribute to AD.
  2. For case 2 above: When the AD Admin resets the password for User1 in AD, the AD Password Sync connector only sends the password to OIM and not other attribute. So, there is no way to fetch the ‘User must change password at next logon’ attribute and then copy it into ‘obpasswordchangeflag’ attribute in OID.
  Environment Details:
  1. OIM-OAM-OAAM 11.1.1.5 BP02 integrated using OVD-OID 11.1.1.5
  2. AD on WIN 2008 R2.
  3. OIM AD Connector 9.1.1.7.2
  4. AD Password Sync Connector 9.1.1.5
  Any help would be highly appreciated!
  Thanks,
  Kulesh...

  Thanks for your reply again.
  I did not get you completely here. Can you please elaborate on the "process task on the AD Process which passes along the USR_PWD_MUST_CHANGE and immediately sets it to 0 this should work". How many total additional tasks would be needed here?
  what all targets are you provisioning the password to?
  - AD and OID (through LDAPSYNC)
  where are end users allowed to change their passwords on (OIM,AD....??)
  - Both OIM and AD.
  Where can admins change the passwords?
  - Currently they use ARS for such purposes but this is something we need to clearly define. The thing is, they use ARS for whole lot of purposes and we can't dictate/restrict them to use OIM only for password resets. So they may use ARS or OIM.
  What do you suggest?
  Edited by: Kulesh Kane on Nov 8, 2012 11:43 AM

• OIM-OAM integration and LDAP Sync

  Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
  When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
  When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
  Please let me know your thoughts.
  Thanks.

  Hi,
  when I use url:
  http://idm1:14000/admin/faces/pages/Admin.jspx
  I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
  I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
  How can I change logon type in OIM?
  best
  mp
  Edited by: J23 on 2011-01-10 00:47

• OIM - AD integration info required

  Hello Experts,
  I want to integrate OIM with AD. For your information, I have installed OIM 11g on my windows system and all other things are like database are on my windows system only, Kindly suggest me about the about OIM-AD integration.
  Also tell me if I can create vm for AD???
  what is the difference between AD and OID?? Suggest which should I install?
  what are all the things which I can perform after this integration,??
  As am doing this for learning purpose and am a newbie please suggest from the basics.
  Any information about AD usage will be very helpful.
  Kindly suggest...
  Regards,
  KK

  I don't know how much RAM you have in your machine. If you have VM for AD again you required around 1-2 GB of RAM.There is no seprate installer of AD. For Active Directory(AD) you have to have the VM for windows 2003 or windows 2008 server. where you will configure and enable Active Directory for OIM integration.
  Better you can install OID in your Local windows machine if you have enough memory. Both AD and OID are directory server and based on LDAP protocol. Where OID is oracle product and AD is Microsoft product.
  You won't get much diff on functional level. But there are architectural diff is there. As OID use its own Database(oracle DB) internally where AD don't use DB.
  Once you setup with the target systems download online OOTB connectors and start with integration.
  Connector doc has all the required steps to move on.
  www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

• OIM - OIA integration documentation

  hi,
  i am facing some issues in OIM-OIA integration.
  version used:
  OIM ( Version: 9.1.0.1866.47 )
  OIA 11gR1 where we have applied bundle patch 11.1.1.3_bp04
  can anyone please share with me the link or guide for integrating OIM ( Version: 9.1.0.1866.47 ) and OIA 11gR1
  Thanks in advance.

  Hi,
  Those are not a really a document, but I think will be helpful for you, because helped me as well.
  1-http://cn.forums.oracle.com/forums/thread.jspa?messageID=9612293
  2-OIM & OIA 11g integration
  3--http://www.identigral.com/blog/2009/10/19/oracle-identity-analytics-11g
  I hope this help.
  Thiago Leoncio Guimaraes

• Essentials 2012 R2 Exchange Integration with Multiple Domain Controllers

  Attempting to integrate Exchange Server 2012 with the Essentials wizard results in the error message: "This task must be performed on the domain controller." I've found several threads that speculate this is because there are multiple domain controllers
  in the domain. Is there a workaround or patch available to resolve this issue? Why wouldn't Microsoft want the redundancy of multiple DCs?
  Thanks.

  Hi HartmannTek,
  I agree with Robert.
  We can get the following information from the article:
  Services Integration Overview for Windows Server 2012 R2 Essentials - Part 1. Please refer to.
  Currently, the Services Integration features, including Windows Azure Active Directory integration, Office
  365 integration, Windows Intune integration, and on-premises Exchange integration, are only supported in a single domain controller environment. In addition, the integration wizard must be run on a domain controller.
  Hope this helps.
  Best regards,
  Justin Gu

• What is required to Exchange integration work - (Can't connect to Exchange Web Server)?

  Hi guys,
  We have just 'beaten' our Lync installation until it decided to work with mobility, however the clients (IOS) complain that it "Can't connect to Exchange Web Server". Entirely possible its our own fault!
  My question is:
  What exactly do I need to configure to make this work?
  DNS records,
  Firewall rules,
  etc. 
  We are running:
  Exchange 2010 on-premise
  TMG 2010
  Cheers
  Dave
  Dave

  Hi Dave,
  The Lync 2010 mobile client for iPhone and iPad has a Meeting tab that lists meetings for the day from the Exchange calendar.
  The client uses simple Exchange Autodiscover processes to determine the location of the Exchange server of the user who is signed in. The SIP Uniform Resource Identifier (URI) of the user is used in the attempt to discover the Exchange Web Services (EWS) endpoint.
  However, if the user’s SIP URI and email address are different, the Autodiscover process will fail, the Meeting tab will be blank, and Exchange Unified Messaging (UM) voicemail in the Phone tab will not sync.
  For disjointed email and SIP URIs, the Lync 2010 mobile client for iPhone and iPad lets the user specify a different set of credentials for Exchange integration. For the Exchange Autodiscover process to work correctly, the necessary DNS records must be available.
  To confirm that Autodiscover is working, use Microsoft Remote Connectivity Analzyer at http://www.testexchangeconnectivity.com (http://www.testexchangeconnectivity.com/)
  In addition, please also refer to this document
  Lync 2010 Integration. Hope helps.
  Noya Liu
  TechNet Community Support

• Can you turn in hours worked on exchange task lists with project server exchange integration

  Can you turn in hours worked on the task list in Exchange if you turn on exchange integration?  We are using Project Server 2010 and Exchange 2010.  We want to turn on timesheets to report time and were wondering if you can use Exhange to
  turn in hours worked on a task that you were assigned.  Most people will use timesheets but for those individuals that only rarely work on a task in a project we want to allow them to turn the hours in on Exchange.
  Cletus51

  Hi
  As per my undersatnding you want the resource to fill his no of hours  worked in exchange server,
  but the problem is like
  The data you can update is not timephased, therefore you can only update the %complete or actual work.
  You need to do some customisation to achieve the same.
  Please go through the below link which may be helpful to you
  http://appleparkltd.wordpress.com/2010/07/13/project-server-2010-%E2%80%93-exchange-integration/
  Thanks
  Geeth If you feel that the answer which i gave you is Helpful please select it as Answer/helpful.

• Exchange Integration with MSX-A on a Windows 2003 Server

  Hi
  We try to integrate Microsoft Exchange (Version 2003 SP1) into SAP Enterprise Portal 6.0 SR1. The MSX-A components are installed on the OWA System, a different Windows 2003 System with Outlook XP (SP3) on it.
  The error displayed in the Calendar iView on the Portal:
  "An internal error occurred while generating the XML from the MSX-A component"
  From the "SAP EP Test Exchange Transport Setup" Tool an error occures on the "Data Retrieval" Test:
  "An error occurred retrieving the data."
  and in detail:
  MAPI_E_LOGON_FAILED(80040111)
  MS KBase http://support.microsoft.com/kb/181739/en-us didn't help. To resolution 3: Policy "Log on Locally" on a Windows 2003 doesn't exist anymore (?). "Deny Log on Locally" isn't given to relevant groups.
  Thanks and best regards
  Nicolaj

  hi All
  i am illustrating the process of integration the central notes to be referred and constraints .hope this definitely helps you please do not forget to give full points for this effort
  with regards
  subrato kundu
  <b>Process</b>
  Microsoft outlook  Integration With SAP Enterprise Portal 6.0
  (Process description)
  These documents describe the entire process of integrating Exchange server with enterprise portal server to leverage the usage of lotus notes within the portal framework.
  Step1: Create a System
  o     Choose System Administration&#61664;System configuration&#61664;System Landscape&#61664;Portal Content&#61664;Content Provided by SAP. Right click on collaboration and then choose New From Par&#61664;System.
  o     Select com.sap.netweaver.col.app.gw and choose next.
  o     Select a server (Microsoft Exchange server) and then choose next.
  o     Enter the System Name and ID (for ex Exchange) and choose next and then finish.
  o     Enter System Aliases by choosing system Alias from the display drown list.
  o     Enter the system Alias in the alias field and choose add and then save.
  Step II: Create E-Mail Transport
  &#61607;     The email transport defines the SMTP server and other configuration required for sending e-mails. To configure an e-mail transport choose
  &#61607;     System Administration&#61664;System Configuration&#61664;Knowledge Management&#61664;Collaboration&#61664;GroupWare Transports&#61664;Mail Transport
  &#61607;     SMTP Sever: The address of the SMTPServer for sending e-mails
  &#61607;     Sent Messages: You specify the folder on the server where the sent e-mail is to be   store: -Sent Items on Microsoft Exchange Server.
  &#61607;     System Alias name: Alias that was defined for the groupware server in system configuration.
  Step III: Check E-Mailing Service
  This is a global service that is required for sending e-mails and which can be   located by choosing System Administration&#61664;System configuration&#61664;Knowledge Management&#61664;Content Management&#61664;Global services&#61664;Mailing Service. This service needs to be active and an email transport must already have been created.
  Microsoft Exchange Transports
  The overall transport consists of two parts: MSX-J on the portal server and the MSX-A on the Exchange Server or a machine near to the Exchange Server.
  MSX-J is the java part that runs on the portal server is deployed automatically on the portal server during installation, and implements the groupware API.It uses the Groupware APIs and repository development kit.
  MSX-A is the active server page and sap exchange connector.dll running on a n iis server with Microsoft Collaboration data objects (CDO) and in the same domain as the exchange server or in a trusting domain .The ASP and DLL are Collectively CALLED MSX-A and is installed as part of the Outlook Installation. This needs to be installed on every IIS SERVER dedicated to the MS Exchange Server
      The Process flow is
  1.TheMSX_J transport makes an HTTP(s) call to the MSX_A running on the IIS.
  2.Microsoft Internet Information Server (IIS) uses Basic Authentication to authenticate user based on NT user/password against the Microsoft Exchange Server.
  3.CDO uses the authentication token and fetches the data.
  4.MSX-A converts the data into XMl and returns it to MSX-J
  Installation of MSXA Components
  You have to carry out these steps for every IIS that accesses the exchange server or the Outlook WEB Access 5.5 SP Server in the system landescape:
  1.Locate the MSX-A component shipped with Exchange transport.
  The components can be found in<irj>\root\WEB-INF\PORTAL\PORTALAPPS\com.sap.netweaver.coll.appgw\WEB –INF\external\Exchange.
  2 Locate an IIS that is in the same domain as the Exchange Server or in a trusted domain.
  3.Create a folder on the IIS for example,c:\SAPExchangeTransport.
  4.Copy the MSX-A Components to the folder you just created.
  5.Register the DLL by using command regsrvr32 in the command prompt for example c:\winnt\sysytem32\regsvr32.exe c:\SAPExchangeTransport\SapExchangeConnector.dll
  6.Create a new Iis Website or if using Outlook Web Access 5.5 sp4 create a virtual directory
  Since most of configuration errors arise in the setup and configuration of the MSX-A components a separate test application is shipped with the connectivity, which allows you to check that the setup is correct.
  1.locate SAPPXchTest.exe which is shipped with the exchange transports.The components can be found at <irj>\root\portalapps\com.sap.netweaver.coll.appl.gw\external\exchange.
  2 copy the executable file to the machine on which the MSX-A component has been deployed.
  3.Test the CDO version by launching the executable file on the machine on which msx-a was deployed.Choose Test CDO-Version .You should receive a success message .if you recive an error message follow the instructions given
  4Test data retrieval by launching the executable file on the machine on which MSX-A was deployed choose Test&#61664;Data Retrieval Fill in necessary fields you should receive a success message but if you receive an error message follow the instructions given
  5.Choose Save Results
  6.open the log file indicted by the message
  <b>Notes</b>
  0000801234     Additional attachment in room created appointments
  0000788151     Post Installation Steps for Groupware after an upgrade
  0000763062     Problem creating an appointment with attachment
  0000738965     E-mail address is mandatory for Groupware Integration
  0000736644     Mandatory Steps for MS Exchange Integration
  0000736541     Support information for MS Exchange Integration
  0000732911     Integrating Outlook Web Access in Enterprise Portal 6.0
  0000712902     SSO to Outlook web access using user/password does not work
  <b>Constraints</b>
  Constraints of Microsoft Exchange Connectivity
  &#61607;     The Microsoft Exchange transport currently only support items with types appointment and meeting request .Other types such as discussion and not currently not supported.
  &#61607;     Deleting an instance of a recurring appointment affects only that particular instance
  &#61607;     Calendar items in personal folder are not supported. Users can only view and modify items located on the exchange server from the iviews
  &#61607;     Public folders on the exchange server are not supported
  &#61607;     Calendar items are delivered as such  if sent to recipients within the intranet .If the recipients is in different domain than the sender ,the format in which the items are delivered depends on the server responsible for sending the item in question

• ICS in POP accounts or Multiple Exchange Integrations

  Hi
  We have a few iPhones and run our email on a POP basis, we want to upgrade it to Exchange to resolve the issue of receiving ICS attachments, we work as consultants within companies and often access their exchange while under contract, so either need POP to process meeting requests or iPhone to support multiple Exchange integrations, any ideas how to solve this?

  The iPhone Mail app doesn't support .ics attachments, but the Calendar app does for Exchange accounts. Only one Exchange account can be active on the phone at a time. So, there's no real solution for you at this point. You can request that Apple support .ics attachments in the iPhone mail client.
  You can submit feedback to Apple: http://www.apple.com/feedback/iphone.html.

• What is the status of Sun B2B Suite eXchange� Integrator?

  Does anybody know the current status of "Sun B2B Suite eXchange� Integrator"?
  The only documentation I can find for it is the "Sun B2B Suite eXchange(TM) Integrator Developer's Guide "?
  Thanks
  Alex

  The first wave (B2B 5.1.0) was released several months ago (Q1) according to schedule.
  It contains OTDs and B2B Protocol Managers for HIPAA and X12 as well as the old familiar SEF Wizard and the Message tracker utility. Wave 2 (B2B 5.1.1) and the final wave (B2B 5.2) have so far not been released.

• Is it possible to disable Exchange integration on Lync Phone when not tethered?

  Hi all,
  I know there are many other threads about this issue, but my question is a bit different.
  As we know, Lync phone edition gives the following message when not tethered to USB
  "connection to Microsoft Exchange is unavailable because you signed in directly on the phone"
  A customer of mine has lots of devices logged in by pin instead of USB tethering and end-users keep asking questions about this.
  Is it possible to to suppress this message with some kind of client policy ?
  Regards,
  Stefan van der Heijden - Advantive

  No, not really.  I can't take you up on your advice and use delegates.  The use case excludes PC all together - there is no computer nearby to be used.  In my case they need to make and receive phone calls, be able to transfer calls, and have
  a voice mail feature.  Lync Edition device does not accommodate this use case well.  Here are the issues so far.
  1. You can't transfer calls unless phone is unlocked.  There is a way to change that trough policy, but the phone lock policy works on per site basis.  On a small deployment like ours with a single site this means phone lock for everyone or no
  one. 
  2. Phone shows error about "Exchange integration" as we discussed above.  Due to interface design choices this means that "menu" button is obscured form view.  That makes it impossible for uninformed user to transfer a call.
  Here is the bottom line the way I see it: the Lync Edition Phone is great for an office (cubical farm) environment, but when time comes to deal with special use cases the assumptions Lync/Exchange team made backfire.  I'd have to go to Lync Server compatible
  phone like Polycom VVX to get around phone lock issue.  In Polycom world that is configurable on per phone basis, as, one would argue, it should be.  Polycom have bugs of their own though - you can't make "blind transfer" a default method of transfer. 
  So, no good solution so far.

• OIM-SOA integration

  Hi all,
  please provide me the document to know how the integration of OIM and SOA is done.
  thank you.

  OIM-SOA integration ????
  SOA is a required component before you install OIM 11g. Are you looking for how to install SOA before OIM install ?
  Thanks
  GK

• WMI High CPU Usage on Hyper-V VMs - Related to Data Exchange Integration Service

  Title pretty much says it all.  Some of my VMs have high CPU and moderate usage going to the WMI Integration Service.  I have tracked it down to the Data Exchange Integration Service.  If I de-select the service under the VM configuration,
  everything works normally.  Has anyone seen anything like this yet?
  Thanks, TJ

  Hi,
  Could you provide more information about your environment. for example,What is the exact text of any error messages that you received associated with this problem?  The server version of the problem on, when you experience this issue what are you trying
  to do, when  this problem occurs the system log record information, screenshots is the best information.
  More information:
  Event Logs
  http://technet.microsoft.com/en-us/library/cc722404.aspx
  If you are using Server 2008r2 or 2008r2 SP1 please confirm your hardware environment is not same with the following Hotfix described:
  Performance decreases in Windows Server 2008 R2 when the Hyper-V role is installed on a computer that uses Intel Westmere or Sandy Bridge processors
  http://support.microsoft.com/kb/2517329
  Thanks.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• OIM-OAM integration error

  Have the following:
  OAM - 11.1.1.5
  OIM - 11.1.2
  Following this guide - http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CHDHGEHJ
  While running idmConfigTool.sh -configOIM script, I get the following errors:
  Mar 13, 2013 10:43:03 AM oracle.idm.automation.impl.oim.handlers.OIMIntegrationHandler performConfigOIMOperations
  WARNING: java.lang.UnsupportedOperationException: Could not find MBean operation "registerThirdPartyTAPPartner(java.lang.String, java.lang.String, java.lang.String, java.lang.String)" for MBean registered un
  der "com.oracle.oam:name=OamWLST,type=oam.wlst,Application=oam_admin,ApplicationVersion=11.1.1.3.0" and implemented by "class oracle.security.am.wlst.management.FoundationConfigMXBeanImpl"
  ~
  Has anyone seen this? Please let me know. I confirmed from support earlier that OAM 11.1.1.5 is supported for integration with OIM 11.1.2.
  Thanks.

  This is a bug. Patch 12733108 (OAM BP02) has to be applied. The script worked fine after the patch.
  Sunil.