Cisco Unified Presence, Release 7.x -- How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2007
From DocWiki
Main page: Cisco Unified Presence, Release 7.x
Contents |
Previous Topic
Cisco Unified Presence requires an Exchange account with special permissions to query end-user calendaring data. The Exchange account must comply with the following minimum requirements:
- Be a member of the "Exchange View-Only Administrator" group.
- Have "Receive-As" permission on the end-user mailboxes. We recommend you to assign this permission at a higher level (such as mail storage group) to enable population of all the mailboxes in the mail storage group.
- We recommend that you do not install the mailbox role on the server running Client Access Server (CAS). When the mailbox role is installed on the same server as Client Access Server, it has been observed that calendaring presence does not work correctly. Use a standalone CAS.
Note: Accounts without a mailbox in the specified storage will not work, and the account will stop working if you remove the mailbox at any stage.
Creating an Account with a Mailbox
Before You Begin
Ensure that you have completed the prerequisites, and understand the requirements for integrating Cisco Unified Presence with Microsoft Exchange 2007.
Procedure
- Log on to an Exchange 2007 server using an account that is Exchange View-Only Administrator.
- Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.
- Click Recipient Configuration in the console tree.
- Click New Mailbox.
- Perform the following actions to complete the New Mailbox wizard:
Window Configuration Steps Introduction Window
Page 1 of 6- Click User Mailbox.
- Click Next.
User Type Window
Page 2 of 6- Click New User.
- Click Next.
User Information Window
Page 3 of 6- Complete the required fields as described in Table 1: User Information Configuration Parameters.
- Click Next.
Mail Settings Window
Page 4 of 6- Complete the required fields as described in Table 2: Mailbox Configuration Parameters.
- Click Next.
New Mail User Window
Page 5 of 6Verify your configuration, and complete the following actions:
- Click Back to correct an error.
- Click Next to proceed.
Completion Window
Page 6 of 6Click Finish.
Related Topics
What To Do Next
Delegating Roles and Receive-As Permissions to the Account
User Information Settings
Table 1: User Information Configuration Parameters describes the user information configuration parameters.
Table 1: User Information Configuration Parameters
Field | Description |
---|---|
Organizational Unit |
Displays the user container in Active Directory. To change the default organizational unit (OU), click Browse and select the OU you require. |
First Name |
[Optional] Enter the first name of the user. |
Initials |
[Optional] Enter the initials of the user. |
Last Name |
[Optional] Enter the last name of the user. |
Name |
Enter the first name, initials, and last name of the user. You can modify the name in this field. |
User Logon Name (User Principal Name) |
Enter the Microsoft domain name in which the user account resides followed by the name that the user requires to log on to the mailbox. Example: msoft-domain-name/username |
User logon Name (pre-Windows 2000) |
Enter the user name for the user that is compatible with versions of Microsoft Windows that existed prior to the release of Windows 2000 Server. This field is populated by default based on the User logon name (User Principal Name) field. |
Password |
Enter the password that the user requires to log on to his or her mailbox. |
Confirm Password |
Reenter the password that you entered in the Password field. |
User must change password at next logon |
Check to prompt the user to reset the password. |
Troubleshooting Tip
If the characters ~, #, %, +, &, |, *, or / are part of a user's email address, then Exchange calendar integration will not work for that user.
Mailbox Settings
Table 2: Mailbox Configuration Parameters describes the mailbox configuration parameters.
Table 2: Mailbox Configuration Parameters
Field | Description |
---|---|
Alias |
This field is automatically populated based on the User logon name (User Principal Name) of the user. You can modify the alias in this field.
|
Mailbox database |
Click Browse to open the Select Mailbox Database dialog box. Select the mailbox database you require, and click OK.
|
Managed folder mailbox policy |
Check to specify a messaging records management (MRM) policy. Click Browse to select the MRM mailbox policy to associate with this mailbox. |
Exchange ActiveSync mailbox policy |
[Optional] Check to select the Exchange ActiveSync mailbox policy to associate with this mailbox. Click Browse. |
Delegating Roles and Receive-As Permissions to the Account
Cisco Unified Presence needs an Exchange account to read Exchange calendaring data. The Exchange account must have "Receive-As" permission on all mailboxes. The Exchange account must also be an "Exchange View-Only Administrator" role.
Before You Begin
Create an account with a mailbox.
Procedure
- Add a user or group to an Administrator role using the Exchange Management console or Exchange Management shell:
If you want to use the: | Action |
---|---|
Exchange Management Console |
1. Log on to an Exchange 2007 server using an account that is an Exchange View-Only Administrator. 2. Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu. 3. Right-click Organization Configuration in the console tree. 4. Click Add Exchange Administrator. 5. Click Browse on the Add Exchange Administrator page. 6. Perform the following actions in the Select User or Groups to Delegate dialog box:
7. Select the Exchange View-Only Administrator role under Select the role and scope of this Exchange administrator. 8. Click Add. 9. Click Finish in the Completion window. |
Exchange Management Shell |
Run the Add-Exchange command with associated arguments from the Run line or from the Command Prompt in the Exchange Management Shell.
Syntax Add-ExchangeAdministrator -Role "role" -Identity "identity" Example Add-ExchangeAdministrator -Role ViewOnlyAdmin -Identity CUPSAdmin |
2. Run the Add-ADPermission command in the Exchange Management shell to grant Receive-As permission on the account, as follows:
- Syntax
- Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-As
- Example
- Add-ADPermission -Identity "First Storage Group" -User CUPSAdmin -ExtendedRights Receive-As
Note: You cannot use the Exchange Management Console to complete this step.
Related Topics
What To Do Next
Verifying Permissions on the Exchange Account
Verifying Permissions on the Exchange Account
After you have assigned the permissions to the Exchange account, you need to verify that the permissions propagate to mailbox level, and you can access the mailbox of the end-user.
On Exchange 2007, it takes some time for the permissions to propagate to mailboxes.
Before You Begin
- Delegate the appropriate roles and Receive-As permissions to the Exchange account.
- Assume, for the purpose of the examples in the following procedures, that the Exchange account is named "cupsadmin" and the mail storage group is named "First Storage Group".
Procedure
1. Open the Exchange Management shell for command line entry.
2. Perform the following actions to verify that the Exchange account is a member of "ExchangeView-Only Administrator" group:
- Run this command in the Exchange Management shell:
- ([ADSI]"LDAP://CN=CUPS Admin,CN=Users,DC=r7,DC=com").memberof
- Note: The "CN=CUPS Admin,CN=Users,DC=r7,DC=com" is the DN (Distinguished Name) of the Exchange account. You can use adsiedit.msc to determine the DN. You may also verify the DN with your Active Directory administrator.
- Ensure that the command output indicates the Exchange account is a member of "Exchange View-Only Administrator" group, as follows:
- Example: Command Output
CN=Exchange View-Only Administrators,
OU=Microsoft Exchange Security Groups,
DC=r7,
DC=com
3. Perform the following actions to verify that the Exchange account has permissions on the mail storage group:
- Run this command in the Exchange Management shell:
- <tt>Get-ADPermission "First Storage Group" -user cupsadmin | Format-Table -AutoSize </tt>
- Note: The "First Storage Group" is the name of the mail storage group. The "cupsadmin" is the Exchange account.
- Ensure that the command output indicates the Exchange account has "Receive-As" permission on the mail storage group, as follows:
- Example: Command Output
Identity User Deny Inherited Rights HTLUO-MAIL\First Storage Group
R7\cupsadmin
False
False
Receive-As
4. Perform the following actions to verify that the Exchange account has permissions on an end-user mailbox:
- Run this command in the Exchange Management shell:
- <tt>Get-MailboxPermission jdoe -user cupsadmin | Format-Table -autosize </tt>
- Note: The "jdoe" is the mailbox of the end-user. The "cupsadmin" is the Exchange account.
- Ensure that the command output indicates that the Exchange account has FullAccess permission on jdoe's mailbox, as follows:
- Example: Command Output
Identity User AccessRights IsInherited Deny r7.com/Dallas/John Doe
R7\cupsadmin
{FullAccess}
True
False
- Note: This permission is inherited from the higher-level permission, in this instance, from the "First Storage Group". If the above command returns no output, the permission has not yet propagated to the mailbox. Do not proceed until you see that the Exchange account has FullAccess on the mailbox of the end user.
Related Topics