I know there is hopefully a solution coming soon as an updated driver
but wanted to know if there is a solution or workaround for the current

We have Idm 3.61 with ad driver 3.5.16 and exchange 2010.

I want to create mail enabled security groups.
Ok, I start adding a bunch of attributes, works great until I get to
the mailNickname. It simply will not let me create it.
Then I stumbled upon an article by geoffry that was really good (as
always) if you just skip over the many words he uses


This was the most important bit:
Anyway, it turns out that on an <add> event, the Active Directory
driver knows that a couple of attributes are really Exchange
attributes, and for Exchange 2007 and 2010, are managed via PowerShell
instead of via direct mapping. Therefore it strips them out. The
latest (well 3.5.10 version used to be latest, as I write this, 3.5.13
was out already) version of the driver (Which I was actually running)
will not strip them out, if you are set to use the default Exchange
provisioning model.
Well it turns out, I had Exchange provisioning disabled, but
nonetheless the Global Configuration Variable (GCV) that controlled this
setting was still set to Exchange 2007 in the configuration I was
using. So I had to go enable Exchange provisioning via the GCV, set the
type of Exchange server to Default and save it. Then go back, and
Disable Exchange provisioning.
Additionally what worked was changing the set destination attribute
for mailNickname to be set after the current operation."

So I have to change exch-2010 to use-cdoexm, save, deploy, disable,
deploy and then the mailNickname gets created/added.

My problem is that I want to have exchange enabled and use exch-2010 to
provision the users as designed.
I also want the groups to work at the same time but as I see it right
now it is one or the other.

Any suggestions?

joakim . ganse_@_ accept-it . se
joakim_ganse's Profile: http://forums.novell.com/member.php?userid=6236
View this thread: http://forums.novell.com/showthread.php?t=455152