OIM910 - Exchange 2007 Connector Create Mailbox Fail
I have OIM 9.1.0 installed, and I am using Exchange Connector 9.1.0, and I configured my exchange IT Resource to use Remote Manager, and I did the following steps to create mailbox.
1. Provision AD User account to OIM User.
2. Once I created the AD account, then I provision exchange 2007 account with the remote manager up, but I failed to create mailbox.
Here is the procedure how exchange connector create mailbox.
1. first it check if the mailbox is already present in the Exchange.
2. If it is not present then it execute the scripts createmailboxexchange2007.vbs script using the remote manager.
3. It then again checks if the mailbox is created.
The error log as shown below:
"DEBUG,19 Nov 2009 14:01:19,977,http://OIMCP.MEXC,com.thortech.xl.integration.Exchange.tcExchangeTasks : checkMailboxCreation : No value for homeMDB fetched
INFO,19 Nov 2009 14:01:19,978,http://OIMCP.MEXC,com.thortech.xl.integration.Exchange.tcExchangeTasks : checkMailboxCreation : Unable to execute the Power Shell command"
So basically step2 was failed, so in step 3, can not get attribute homeMDB, if step 2 succeed, in step3 , OIM should be able to get attribute value for homeMDB, as for now, I believe something wrong with the script "CreateMailboxExchange2007" .
Here is what I did on the remote manager host machine.
I manually execute the script "CreateMailboxExchange2007", and It worked!
so there is nothing wrong with the script, so I begun to believe there was something wrong with the Java and powershell, below are my spec for java and powershell.
Java: jdk-6u17-windows-i586 ---- 32bit
Powershell: WindowsServer2003.WindowsXP-KB926139-v2-x64-ENU ---- 64bit
OS: Window Server 2003 x64 Enterprise Edition
So I think the problem might be 32bit and 64bit powershell can not work together,
So I installed 64bit java (jdk-6u17-windows-x64) instead, and It turned out to be working an fix the problem.
Just for your information, below are a java program which can create mailbox with the help of "CreateMailboxExchange2007.vbs"
import java.io.*;
public class RunScript {
public static void main(String [] args){
try {
//String cmd ="cmd /c C:\\oracle\\xlremote\\scripts\\CreateMailboxExchange2007.vbs";
//String cmd ="C:/oracle/xlremote/scripts/CreateMailboxExchange2007.vbs";
String cmd ="C:\\oracle\\xlremote\\scripts\\CreateMailboxExchange2007.vbs test5@celcomdev.ad \"Mailbox Database\" \"C:\\oracle\\xlremote\\log\\Report.log\"";
//String cmd="PowerShell.exe -PSConsoleFile C:\Program Files\Microsoft\Exchange Server\Bin\exshell.psc1 -noexit ""&{""Enable-Mailbox test4@celcomdev.ad -Database \'Mailbox Database\'\;\exit 0\} >> \'C:\oracle\xlremote\log\Report.log\'";
//String cmd = "C:\\WINDOWS\\system32\\WindowsPowerShell\\v1.0\\PowerShell.exe -PSConsoleFile \"C:\\Program Files\\Microsoft\\Exchange Server\\bin\\exshell.psc1\" -noexit & {\"Enable-Mailbox test4@celcomdev.ad -Database \'Mailbox Database\'\";\"exit 0\"} >> \'C:\\oracle\\xlremote\\log\\Report.log\'";
//String cmd = "cmd /c powershell C:\\Program Files\\Microsoft\\Exchange Server\\bin\\exshell.psc1 & {\"Enable-Mailbox test4@celcomdev.ad -Database \'Mailbox Database\'\"}";
//String cmd = "PowerShell.exe -PSConsoleFile \'C:\\Program Files\\Microsoft\\Exchange Server\\bin\\exshell.psc1\' -noexit -command \". \'C:\\Program Files\\Microsoft\\Exchange Server\\bin\\Exchange.ps1\'; Enable-Mailbox test4 -Database \'Mailbox Database\'";
//String cmd = "PowerShell.exe -PSConsoleFile \"C:\\Program Files\\Microsoft\\Exchange Server\\bin\\exshell.psc1\" -noexit -command \". \'C:\\Program Files\\Microsoft\\Exchange Server\\bin\\Exchange.ps1\'; Enable-Mailbox test4 -Database \'Mailbox Database\'";
//String cmd = "C:\\Program Files\\Microsoft\\Exchange Server\\bin\\Exchange.ps1 Enable-Mailbox -Identity test4 -Database \'Mailbox Database\'";
//String cmd = "cmd /c mkdir test2";
File file = new File("C:\\oracle\\xlremote\\scripts\\CreateMailboxExchange2007.vbs");
if(!file.exists())
{
System.out.println("File not existed.");
}
Runtime runtime = Runtime.getRuntime();
Process process = runtime.exec("cscript.exe " + cmd);
//Process process = runtime.exec("cmd /c " + cmd);
//Process process = runtime.exec( cmd );
int i = process.waitFor();
InputStream inputstream = process.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
String line;
PrintWriter printwrite = new PrintWriter(new FileWriter("test.txt", true));
while ((line = bufferedreader.readLine()) != null) {
System.out.println(line);
printwrite.println(line);
}
printwrite.close();
process.getOutputStream().close();
String response = i != 0 ? "EXCHANGE.REMOTE_SCRIPT_RUN_SUCCESS" : "EXCHANGE.REMOTE_SCRIPT_RUN_FAILURE";
System.out.println(response);
} catch(Exception ex) {
ex.printStackTrace();
}
}
}
=============================================================
Useful link to get started with Using powershell to administrate Exchange 2007
http://www.exchangeninjas.com/PSSCategories
Friday, November 20, 2009
Thursday, November 12, 2009
How OIM profile update trigger works.
How OIM profile update trigger works.
As you know the trigger lookup code is Lookup.USR_PROCESS_TRIGGERS ,
and a series of OIM USER attributes and process name mappings are
stored in this lookup code.
For Example,
We have a mapping as shown below:
USR_UDF_GROUP ---> Change User Group
so we have an user defined field "group" for OIM profile.
we aleady add process task "Change User Group" to AD User Process as
a conditional task.
we have created an adapter task, say getUserGroup, this adapter task
simple grab user group information from OIM profile (user definition data),
getUserGroup:
attribute: userGroup
return:userGroup
then what we do is to add this adapter to process task "Change User Group",
map attribute userGroup to user definition data "group", and map the adapter
return value to process data attribute "organization name".
As a result, once user changes his/her OIM profile attribute "group", process task
"Change User Group" will be triggered to run, after that, process task
"Organization Name Updated" runs afterward.
Summary: we use "Change User Group" task to convert user definition data "group" to
process data "Organization name", since we updated attribute "group" of OIM profile,
its mapped attribute "Organization name" will be triggered to run, as a result, AD user's
organization name will be updated.
As you know the trigger lookup code is Lookup.USR_PROCESS_TRIGGERS ,
and a series of OIM USER attributes and process name mappings are
stored in this lookup code.
For Example,
We have a mapping as shown below:
USR_UDF_GROUP ---> Change User Group
so we have an user defined field "group" for OIM profile.
we aleady add process task "Change User Group" to AD User Process as
a conditional task.
we have created an adapter task, say getUserGroup, this adapter task
simple grab user group information from OIM profile (user definition data),
getUserGroup:
attribute: userGroup
return:userGroup
then what we do is to add this adapter to process task "Change User Group",
map attribute userGroup to user definition data "group", and map the adapter
return value to process data attribute "organization name".
As a result, once user changes his/her OIM profile attribute "group", process task
"Change User Group" will be triggered to run, after that, process task
"Organization Name Updated" runs afterward.
Summary: we use "Change User Group" task to convert user definition data "group" to
process data "Organization name", since we updated attribute "group" of OIM profile,
its mapped attribute "Organization name" will be triggered to run, as a result, AD user's
organization name will be updated.
Friday, November 6, 2009
Adapters
Adatpers can be classified as below:
- Process Task
- Rule Generator
- Pre-populate Rule Generator
- Entity
- Task Assignment
To enable the adapter to automate a process task, select Process Task (T)
To incorporate business rules into an Oracle Identity Manager or user-defined form field, select Rule Generator (R)
example, for the User ID field of a form, you can configure Oracle Identity Manager to concatenate the initial letter of the user's first name with the user's last name.
You can attach a type of rule generator adapter to a user-created form field, so that it can:
◦Display the data, which is generated by the adapter, automatically or manually.
◦Use criteria that enable Oracle Identity Manager to determine which adapter is applied to the designated form field.
To attach the adapter to an Oracle Identity Manager or user-defined form field, and have Oracle Identity Manager trigger the adapter on preinsert, preupdate, predelete, postinsert, postupdate, or postdelete, select Entity (E).
To allow the adapter to automate the allocation of a process task to a user or group, select Task Assignment (A).
Thursday, November 5, 2009
Resource Object Process and Forms
Summary:
A Resource Object defines a resource in Identity Management System, and each resource object has several process associated with it, and one of the process is configured to be the default process for that resource object, moreover, a process can be associate with a from which helps process to collect data that will be used by the process tasks of that process.
Resource Object
Resource object definitions are templates for provisioning the resource. However, the approval and provisioning of the resource depends on the design of the approval and provisioning processes that you link to the resource object.
Process
A process is the mechanism for representing a logical workflow for approvals or provisioning in Oracle Identity Manager. Process definitions consist of tasks. Process tasks represent the steps that you must complete to fulfill the purpose of a process.
In an approval process, the tasks can represent individual approvals that are required for an action to take place.
In a provisioning process, tasks are used to enable a user or organization to access the target resource.
Form
From is the object that collects user inputs and make the inputs available to the process that the form is associated with.
Child From
We have already known that froms is meant to be associated with process, and the data that from collects will be available to the process tasks within that process.
For example, AD User From(UD_ADUSER) has a child form AD User Group Details(UD_ADUSRC). AD User Form is used to provision AD resource to OIM user, and AD User Group Detail form is used to assign AD user to specific AD group object as a member, thus there are actually two froms are associated with AD User process which is the default process for resource object AD User, then now the question is how the process tasks behaves after we submit AD User form with data filled in its child form AD User Group Detail from (where we select group from AD User). Once we submit that form to provision a AD account, all the unconditional tasks will be triggered to run, as well as the process tasks which has its child table attribute set to UD_USRC and trigge type to "insert" will be triggered to run also, for example the "Create User" process task which is unconditional, so it will be triggered to run, as well as process task "Add User To Group" will be triggered to run also, as is child table trigger type is "insert".
A Resource Object defines a resource in Identity Management System, and each resource object has several process associated with it, and one of the process is configured to be the default process for that resource object, moreover, a process can be associate with a from which helps process to collect data that will be used by the process tasks of that process.
Resource Object
Resource object definitions are templates for provisioning the resource. However, the approval and provisioning of the resource depends on the design of the approval and provisioning processes that you link to the resource object.
Process
A process is the mechanism for representing a logical workflow for approvals or provisioning in Oracle Identity Manager. Process definitions consist of tasks. Process tasks represent the steps that you must complete to fulfill the purpose of a process.
In an approval process, the tasks can represent individual approvals that are required for an action to take place.
In a provisioning process, tasks are used to enable a user or organization to access the target resource.
Form
From is the object that collects user inputs and make the inputs available to the process that the form is associated with.
Child From
We have already known that froms is meant to be associated with process, and the data that from collects will be available to the process tasks within that process.
For example, AD User From(UD_ADUSER) has a child form AD User Group Details(UD_ADUSRC). AD User Form is used to provision AD resource to OIM user, and AD User Group Detail form is used to assign AD user to specific AD group object as a member, thus there are actually two froms are associated with AD User process which is the default process for resource object AD User, then now the question is how the process tasks behaves after we submit AD User form with data filled in its child form AD User Group Detail from (where we select group from AD User). Once we submit that form to provision a AD account, all the unconditional tasks will be triggered to run, as well as the process tasks which has its child table attribute set to UD_USRC and trigge type to "insert" will be triggered to run also, for example the "Create User" process task which is unconditional, so it will be triggered to run, as well as process task "Add User To Group" will be triggered to run also, as is child table trigger type is "insert".
Subscribe to:
Posts (Atom)