Cisco Unified Presence, Release 7.x -- How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2007

From DocWiki

Revision as of 13:06, 31 May 2010 by Amclough (Talk | contribs)
Jump to: navigation, search

Main page: Cisco Unified Presence, Release 7.x

Contents

Previous Topic


Cisco Unified Presence requires an Exchange account with special permissions to query end-user calendaring data. The Exchange account must comply with the following minimum requirements:

  • Be a member of the "Exchange View-Only Administrator" group.
  • Have "Receive-As" permission on the end-user mailboxes. We recommend you to assign this permission at a higher level (such as mail storage group) to enable population of all the mailboxes in the mail storage group.
  • We recommend that you do not install the mailbox role on the server running Client Access Server (CAS). When the mailbox role is installed on the same server as Client Access Server, it has been observed that calendaring presence does not work correctly. Use a standalone CAS.


Note: Accounts without a mailbox in the specified storage will not work, and the account will stop working if you remove the mailbox at any stage.



Creating an Account with a Mailbox

Before You Begin

Ensure that you have completed the prerequisites, and understand the requirements for integrating Cisco Unified Presence with Microsoft Exchange 2007.


Procedure
  1. Log on to an Exchange 2007 server using an account that is Exchange View-Only Administrator.
  2. Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.
  3. Click Recipient Configuration in the console tree.
  4. Click New Mailbox.
  5. Perform the following actions to complete the New Mailbox wizard:
Window Configuration Steps

Introduction Window


Page 1 of 6

  1. Click User Mailbox.
  2. Click Next.

User Type Window


Page 2 of 6

  1. Click New User.
  2. Click Next.

User Information Window


Page 3 of 6

  1. Complete the required fields as described in Table 1: User Information Configuration Parameters.
  2. Click Next.

Mail Settings Window


Page 4 of 6

  1. Complete the required fields as described in Table 2: Mailbox Configuration Parameters.
  2. Click Next.

New Mail User Window


Page 5 of 6

Verify your configuration, and complete the following actions:

  • Click Back to correct an error.
  • Click Next to proceed.

Completion Window


Page 6 of 6

Click Finish.


Related Topics


What To Do Next

Delegating Roles and Receive-As Permissions to the Account



User Information Settings

Table 1: User Information Configuration Parameters describes the user information configuration parameters.


Table 1: User Information Configuration Parameters
Field Description

Organizational Unit

Displays the user container in Active Directory. To change the default organizational unit (OU), click Browse and select the OU you require.

First Name

[Optional] Enter the first name of the user.

Initials

[Optional] Enter the initials of the user.

Last Name

[Optional] Enter the last name of the user.

Name

Enter the first name, initials, and last name of the user. You can modify the name in this field.

User Logon Name (User Principal Name)

Enter the Microsoft domain name in which the user account resides followed by the name that the user requires to log on to the mailbox.

Example: msoft-domain-name/username

User logon Name (pre-Windows 2000)

Enter the user name for the user that is compatible with versions of Microsoft Windows that existed prior to the release of Windows 2000 Server. This field is populated by default based on the User logon name (User Principal Name) field.

Password

Enter the password that the user requires to log on to his or her mailbox.

Confirm Password

Reenter the password that you entered in the Password field.

User must change password at next logon

Check to prompt the user to reset the password.


Mailbox Settings

Table 2: Mailbox Configuration Parameters describes the mailbox configuration parameters.


Table 2: Mailbox Configuration Parameters
Field Description

Alias

This field is automatically populated based on the User logon name (User Principal Name) of the user. You can modify the alias in this field.


If any characters in the user logon name do not match the alias field, they are replaced by underscore characters (_). The alias must not exceed 64 characters and must be unique in the forest.

Mailbox database

Click Browse to open the Select Mailbox Database dialog box. Select the mailbox database you require, and click OK.


This dialog box lists all the mailbox databases in your Exchange organization. By default, the mailbox databases are sorted by name. Click the title of the corresponding column to sort the databases by storage group name or server name.

Managed folder mailbox policy

Check to specify a messaging records management (MRM) policy. Click Browse to select the MRM mailbox policy to associate with this mailbox.

Exchange ActiveSync mailbox policy

[Optional] Check to select the Exchange ActiveSync mailbox policy to associate with this mailbox. Click Browse.



Delegating Roles and Receive-As Permissions to the Account

Cisco Unified Presence needs an Exchange account to read Exchange calendaring data. The Exchange account must have "Receive-As" permission on all mailboxes. The Exchange account must also be an "Exchange View-Only Administrator" role.


Before You Begin

Create an account with a mailbox.


Procedure
  1. Add a user or group to an Administrator role using the Exchange Management console or Exchange Management shell:
If you want to use the: Action

Exchange Management Console

1. Log on to an Exchange 2007 server using an account that is an Exchange View-Only Administrator.

2. Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.

3. Right-click Organization Configuration in the console tree.

4. Click Add Exchange Administrator.

5. Click Browse on the Add Exchange Administrator page.

6. Perform the following actions in the Select User or Groups to Delegate dialog box:

  • Select the installation account.
  • Click OK.

7. Select the Exchange View-Only Administrator role under Select the role and scope of this Exchange administrator.

8. Click Add.

9. Click Finish in the Completion window.

Exchange Management Shell

Run the Add-Exchange command with associated arguments from the Run line or from the Command Prompt in the Exchange Management Shell.


The following provides the syntax and example of the command used to add a user to an administrator role:

Syntax

Add-ExchangeAdministrator -Role "role" -Identity "identity"

Example

Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity CUPSAdmin

2. Run the Add-ADPermission command in the Exchange Management shell to grant Receive-As permission on the account, as follows:

Syntax
Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-As
Example
Add-ADPermission -Identity "First Storage Group" -User CUPSAdmin -ExtendedRights Receive-As

Note: You cannot use the Exchange Management Console to complete this step.


Related Topics


What To Do Next

Verifying Permissions on the Exchange Account


Verifying Permissions on the Exchange Account

After you have assigned the permissions to the Exchange account, you need to verify that the permissions propagate to mailbox level, and you can access the mailbox of the end-user.

On Exchange 2007, it takes some time for the permissions to propagate to mailboxes.


Before You Begin
  • Delegate the appropriate roles and Receive-As permissions to the Exchange account.
  • Assume, for the purpose of the examples in the following procedures, that the Exchange account is named "cupsadmin" and the mail storage group is named "First Storage Group".


Procedure

1. Open the Exchange Management shell for command line entry.

2. Perform the following actions to verify that the Exchange account is a member of "ExchangeView-Only Administrator" group:

  • Run this command in the Exchange Management shell:
([ADSI]"LDAP://CN=CUPS Admin,CN=Users,DC=r7,DC=com").memberof
Note: The "CN=CUPS Admin,CN=Users,DC=r7,DC=com" is the DN (Distinguished Name) of the Exchange account. You can use adsiedit.msc to determine the DN. You may also verify the DN with your Active Directory administrator.
  • Ensure that the command output indicates the Exchange account is a member of "Exchange View-Only Administrator" group, as follows:
Example: Command Output

CN=Exchange View-Only Administrators,

OU=Microsoft Exchange Security Groups,

DC=r7,

DC=com

3. Perform the following actions to verify that the Exchange account has permissions on the mail storage group:

  • Run this command in the Exchange Management shell:
<tt>Get-ADPermission "First Storage Group" -user cupsadmin | Format-Table -AutoSize </tt>
Note: The "First Storage Group" is the name of the mail storage group. The "cupsadmin" is the Exchange account.
  • Ensure that the command output indicates the Exchange account has "Receive-As" permission on the mail storage group, as follows:
Example: Command Output
Identity User Deny Inherited Rights

HTLUO-MAIL\First Storage Group

R7\cupsadmin

False

False

Receive-As

4. Perform the following actions to verify that the Exchange account has permissions on an end-user mailbox:

  • Run this command in the Exchange Management shell:
<tt>Get-MailboxPermission jdoe -user cupsadmin | Format-Table -autosize </tt>
Note: The "jdoe" is the mailbox of the end-user. The "cupsadmin" is the Exchange account.
  • Ensure that the command output indicates that the Exchange account has FullAccess permission on jdoe's mailbox, as follows:
Example: Command Output
Identity User AccessRights IsInherited Deny

r7.com/Dallas/John Doe

R7\cupsadmin

{FullAccess}

True

False

Note: This permission is inherited from the higher-level permission, in this instance, from the "First Storage Group". If the above command returns no output, the permission has not yet propagated to the mailbox. Do not proceed until you see that the Exchange account has FullAccess on the mailbox of the end user.


Related Topics


What To Do Next

Rating: 0.0/5 (0 votes cast)

Personal tools