<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
... however ... the .NET based AD and Exchange connectors are now
deprecated. The connectors consists of really old and very
Microsoft-bound code that originated somewhere in Sun Microsystems.
These were the times when Microsoft hated open source and LDAP was
not a viable way to communicate with AD. But these times are long
gone. We have been maintaining the old Sun code for quite a long
time. But last year we have finally realized that the old Sun
connectors in general and the .NET-based AD/Exchange connectors in
particular lead to a dead end. For us there is no point in investing
a single cent into these connectors.<br>
<br>
So last year we have re-written the old Sun JNDI-based LDAP
connector from scratch. It was a lot of work, but it was definitely
worth it. Now there is a brand new LDAP connector based on Apache
Directory API. Later we have added AD support into the LDAP
connector, which was finished and extended with a help of one of the
midPoint subscribers. So now we have new and really good LDAP-based
AD connector which does not need connector server to run. Since
midPoint 3.3.1 that connector is the recommended way to connect to
AD. And the old .NET-based connectors are no longer supported
(except for midPoint subscribers who still have an option to use
them if needed).<br>
<br>
So, that means we currently have a very good way to manage AD. But
we do not have a good way to fully manage Exchange. As most of
Exchange is reflected to AD schema then the LDAP-based AD connector
may be used to manage Exchange accounts with some success. And I
have seen that working acceptably well in practice. But there are
still some obvious details missing, such as ability to execute
powershell scripts that are often used to manage mailboxes. Another
area to explore is the management of Exchange contact information.
We are planning to add these features as soon as we can secure the
funding. And I really mean that: the work on that can start almost
immediately when someone puts the money on the table. Because I
really believe that this is the way forward when it comes it
AD/Exchange connectors.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
<div class="moz-cite-prefix">On 05/03/2016 02:56 PM, Ivan Noris
wrote:<br>
</div>
<blockquote
cite="mid:1547129533.645550.1462280181032.JavaMail.zimbra@evolveum.com"
type="cite">
<div style="font-family: times new roman, new york, times, serif;
font-size: 12pt; color: #000000">
<div>Hi Aivo,<br>
</div>
<div><br>
</div>
<div>Exchange connector contains the AD connector, so it's
enough to use Exchange connector.<br>
</div>
<div>AFAIK it uses ADSI for non-exchange provisioning and only
uses Exchange powershell URI for Exchange-related stuff.<br>
</div>
<div><br>
</div>
<div>Regards,<br>
</div>
<div>Ivan<br>
</div>
<div><br>
</div>
<hr id="zwchr">
<blockquote style="border-left:2px solid
#1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"
data-mce-style="border-left: 2px solid #1010FF; margin-left:
5px; padding-left: 5px; color: #000; font-weight: normal;
font-style: normal; text-decoration: none; font-family:
Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Aivo
Kuhlberg" <a class="moz-txt-link-rfc2396E" href="mailto:aivo.kuhlberg@rmit.ee"><aivo.kuhlberg@rmit.ee></a><br>
<b>To: </b>"midpoint" <a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Sent: </b>Tuesday, May 3, 2016 11:03:09 AM<br>
<b>Subject: </b>[midPoint] Connecting midPoint to AD and
Exchange<br>
<div><br>
</div>
<style style="display:none" data-mce-style="display: none;"><!--P{margin-top:0;margin-bottom:0;} --></style>
<p>I need to manage AD users and groups and Exchange users
with midPoint 3.3.1. How is the best way to do that? Should
I set up separate AD and Exchange resource connection (with
.NET connector server) or is Exchange connector sufficient
for managing both AD and Exchange?<br>
</p>
<p><br>
</p>
<p>Thanks,<br>
Aivo Kuhlberg<br>
</p>
<br>
<hr><span style="color: gray; font-family: Arial; font-size:
small;" data-mce-style="color: gray; font-family: Arial;
font-size: small;" face="Arial" color="Gray" size="2">Käesolev
e-kiri võib sisaldada asutusesiseseks kasutamiseks
tunnistatud teavet.<br>
This e-mail may contain information which is classified for
official use.</span><br>
_______________________________________________<br>
midPoint mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
<div><br>
<br>
</div>
<div><br>
</div>
<div>-- <br>
</div>
<div><span name="x"></span> Ing. Ivan Noris<br>
Senior Identity Management Engineer & IDM Architect<br>
evolveum.com evolveum.com/blog/<br>
___________________________________________________<br>
"Semper ID(e)M Vix."<br>
<span name="x"></span><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>