In this article:
Summary
Exchange management in Cayosoft Administrator is a complex topic due to the differences between Exchange environments and the fact that identical tasks must be handled using different methods depending on the environment. This document described Exchange management in Cayosoft Administrator for the following environments:
- On-premises Exchange for Active Directory users;
- Exchange Online for cloud-only users;
- Hybrid Exchange, with on-premises Exchange server(s) that are synced to Exchange Online;
- Serverless Hybrid Exchange, with AD schema extended by Exchange attribute, but no Exchange server deployed;
- Multi-forest environments.
On-premises Exchange, cloud-only Exchange Online, and Hybrid Exchange scenarios are supported by Microsoft and are relatively straightforward. The different scenarios are described in more detail below.
Statement from Microsoft: The question of whether a third-party management tool or ADSIEDIT can be used is often asked. The answer is you can use them, but they are not supported. The Exchange Management Console, the Exchange Admin Center (EAC), and the Exchange Management Shell are the only supported tools that are available to manage Exchange recipients and objects. If you decide to use third-party management tools, it would be at your own risk. Third-party management tools often work fine, but Microsoft does not validate these tools.
On-premises Exchange Server
This is the classic scenario where you are using on-premises Exchange Server(s) to manage the mailboxes of Active Directory users in the same forest.
Cayosoft Administrator prerequisites
- The following Exchange Server versions are supported:
- Exchange Server 2013, with Cumulative Update 21
- Exchange Server 2016, with Cumulative Update 10
- Exchange Server 2019
- The Active Directory extension must be enabled and configured in Cayosoft Administrator.
- The Exchange Extension must also be enabled and configured:
Cayosoft Administrator functionality
- All relevant mailbox-related automation rules are supported for Active Directory objects.
- All mailbox-related Active Directory Web actions are supported for Active Directory objects.
- No actions are supported for Microsoft 365 cloud users.
All management functionality is realized directly through the Exchange Server using the Exchange PowerShell, only local Active Directory user accounts are affected directly.
Exceptions to the above:
- "New Distribution Group” web action has the option to create Distribution Groups by setting Active Directory attributes directly.
- “Convert to Shared Mailbox” web action has an option to convert the mailbox by changing the relevant Active Directory attributes directly.
Exchange Online for cloud-only users
This is a very straightforward scenario where you manage mailboxes in Exchange Online for cloud-only Microsoft 365 users.
Cayosoft Administrator prerequisites
- The Microsoft 365 Extension must be enabled and configured.
Cayosoft Administrator Functionality
- All relevant automation rules are supported, including licensing automation rules for cloud-only Microsoft 365 (Azure AD) users.
Note: Exchange Online mailboxes are provisioned by assigning the relevant Exchange license. - All relevant Microsoft 365 Web actions are supported for cloud-only users.
All management functionality is realized directly through Exchange Online using the Exchange Online PowerShell V2 and MS Graph API.
Hybrid Exchange
In this scenario, you have an on-premises Exchange server and AD users similar to the first scenario, but these users are synced to the cloud and their mailboxes are stored either on the on-premise Exchange server or in Exchange Online and registered in the on-premise Exchange server as remote mailboxes.
Cayosoft Administrator prerequisites
- The following on-premises Exchange Server versions are supported:
- Exchange Server 2013, with Cumulative Update 21
- Exchange Server 2016, with Cumulative Update 10
- Exchange Server 2019
- The following Extensions must be enabled and configured in Cayosoft Administrator:
- Microsoft Exchange (this means that an on-premises server is available and working)
- Active Directory
- Microsoft Hybrid
- Microsoft 365
Cayosoft Administrator functionality:
- All relevant mailbox-related and licensing automation rules are supported for on-premise, hybrid, and cloud-only users.
- All mailbox-related Web actions are supported for both Active Directory on-premises, hybrid, and cloud-only users.
Management functionality is realized directly through Exchange Server using the Exchange PowerShell commands for remote mailboxes, directly through Exchange Online using Exchange Online PowerShell V2 commands and using other Microsoft 365 APIs. See “Hybrid functionality details” below
Hybrid functionality details:
The default Microsoft paradigm for this hybrid scenario is that all users are created and managed locally with these changes synced periodically to Microsoft 365.
This leaves several gaps in certain management scenarios. For example, to provision a remote mailbox in Exchange Online for a hybrid AD user, one must both enable a mailbox for this user using an on-premises Exchange command specific for this purpose (e.g., Enable-RemoteMailbox) and also assign an Exchange Online license, since this is the way a user mailbox is provisioned in Exchange Online. This assignment must be done as a separate step that is completely unrelated to your on-premises Exchange environment.
Cayosoft Administrator aims to close some of these management gaps by running “hybrid commands” that affect multiple systems at once from a single command or rule. For example, when you enable a remote mailbox in Cayosoft Administrator, you can select both the license to assign and the mailbox settings at the same time. These “hybrid actions” can affect some internal details of the way mailbox properties are managed in Cayosoft Administrator. See below for the most relevant details:
- Active Directory “New User” web action (with remote mailbox):
- When running the New User web action, a user is created simultaneously in Active Directory and Microsoft 365 with the correct mapping of attributes so that the two accounts will be correctly linked after sync.
- Active Directory “Mailbox” web action (user with remote mailbox):
- This is a hybrid action where certain properties such as "hide from GAL" and proxy addresses are updated using the on-premises Exchange and other properties such as mailbox permissions and some policies are read and set directly in the cloud using Exchange Online.
Serverless Hybrid Exchange
Exchange Management Tools
If all recipients are moved to Exchnage Online, you can shut down the Exchnage Server and manage recipients using Exchnage Management Tools. See Microsoft article for details: Manage recipients in Exchange Server 2019 Hybrid environments | Microsoft Learn.
Cayosoft Administrator prerequisites
- Active Directory schema must be extended with Exchange attributes.
- All mailboxes must be located in Exchange Online.
- The Exchange Server must be shut down.
- Management tools must be installed locally on the Cayosoft Administrator Server.
- The following Extensions must be enabled and configured in Cayosoft Administrator:
- Active Directory
- Microsoft Hybrid
- Microsoft 365
- 'Enabled for remote recipients only, using Exchange Management Tools' option must be enabled in the forest settings:
Unsupported functionality
The current release does not support the following web actions in a Serverless Hybrid Exchange environment with Exchange Management Tools mode:
Web Actions:
- Disable Mailbox
- Mail-enable user (Note: not the same thing as Enable Mailbox)
- User Mail Properties (for mail-enabled users without Exchange mailbox)
- Rename Distribution Group
Direct Attributes Update in Active Directory
In this scenario, you also no longer have an on-premises Exchange server, but the users are still hybrid Active Directory users with mailboxes in Exchange Online. This scenario is not officially supported by Microsoft. Managing such mailboxes poses the most problems in terms of provisioning and ongoing management of mailboxes and their properties. Cayosoft Administrator aims to provide limited support for these environments through direct attribute updates in Active Directory.
Important! When the Direct Attributes Update mode is enabled for an Active Directory (AD) forest, Cayosoft Administrator directly modifies the necessary attributes in Active Directory without invoking on-premises Exchange Management Shell commands.
In this mode, the Remote Mailbox type is automatically updated to Office 365 on Cayosoft forms. This approach ensures streamlined attribute management for hybrid environments, where the changes are applied directly to the AD schema without the overhead of executing Exchange on-premises commands.
This method is particularly useful in scenarios where on-premises Exchange commands are unavailable or unnecessary, providing a faster and more efficient way to manage mailbox attributes.
Cayosoft Administrator prerequisites
- Active Directory schema must be extended with Exchange attributes.
- All mailboxes must be located in Exchange Online.
- The following Extensions must be enabled and configured in Cayosoft Administrator:
- Active Directory
- Microsoft Hybrid
- Microsoft 365
- Exchange management for remote recipients must be enabled in the forest settings:
The lack of an on-premises Exchange Server means that:
- On-premises properties for a remote mailbox must be set directly in Active Directory by writing to the relevant attributes.
- All Exchange-specific complexity tied to the correct functioning of the on-premises server is ignored as this server doesn’t exist and Exchange Online uses only those AD attributes that are synced.
Each Exchange function supported in this way must be individually implemented, tested, and supported by Cayosoft, which currently limits support to the following actions and rules:
Supported functionality
Only the commands and rules listed below support the Serverless Hybrid Exchange environment.
Commands | Details |
---|---|
New User, Clone AD User |
|
New Shared/Room/Equipment Mailbox |
|
Enable Mailbox (remote mailbox only) |
|
Rename User |
|
AD User web query “Mailbox” action |
|
AD Users “Convert to Shared Mailbox” action |
|
AD Groups “New Distribution Group” action |
|
AD Groups “Group Mail Properties” |
|
Suspend |
|
Unsupported functionality
The current release does not support the following actions and rules in a Serverless Hybrid Exchange environment with a direct attribute write method:
Web Actions:
- Disable Mailbox
- Mail-enable user (Note: not the same thing as Enable Mailbox)
- User Mail Properties (for mail-enabled users without Exchange mailbox)
- Enable Distribution Group
- Rename Distribution Group
- Contacts actions
- Priority booking
- Calendar Permissions
- New Linked Mailbox
- New User with Linked Mailbox
Automation rules
- On-premises Exchange Automation Rules (e.g. AD User | Set Office365 Mailbox setting) are not yet supported.
Multi-forest environments
Exchange management across multiple forests in Cayosoft Administrator has several particularities due to the single Exchange connection Cayosoft Administrator is currently limited to.
Multiple forests, multiple Exchange Organizations
An environment with multiple Exchange Organizations across multiple forests is supported on the level of Local Exchange/Hybrid Exchange server for one Exchange Organization (with the use of Exchange API method described in the previous sections) and on the level of Serverless Hybrid for the other Exchange Organizations (with the direct attribute update method for remote mailboxes).
Since the Serverless Hybrid scenario presupposes that the mailboxes are always remote and located in Exchange Online, it is currently possible to manage on-premise mailboxes located in a single Exchange Organization and manage remote mailboxes in all Exchange Organizations.
Configuring multi-forest Exchange management
- Select which Exchange Organization (if any) will be managed directly through the Exchange API and within the full scope of Cayosoft Administrator Web Actions and automation rules for both local and remote mailboxes.
- Configure the Cayosoft Administrator Exchange Extension with the corresponding connection parameters for the selected Exchange Organization:
- Configure the other Exchange Organizations to be managed (for remote recipients) in the settings of the related forest:
- Leave Exchange management disabled for the remaining forests where no Exchange management for remote mailboxes is required.
Result
- One selected Exchange Organization will be managed as described in the “On-premises Exchange” or “Hybrid Exchange” sections.
- The other Exchange Organizations where management is enabled will be managed as described in the “Serverless Hybrid Exchange” section.
- Forests with Exchange management disabled will have no mailbox management actions available for Active Directory objects.
Resource forest
In this type of environment, there is generally one Exchange resource forest for multiple account forests and mailboxes are created as “linked mailbox” or “remote linked mailbox” types.
These scenarios are described in greater detail in the following article: provisioning linked mailboxes.
Comments
0 comments
Please sign in to leave a comment.