The last couple of years a lot of Exchange administrators/consultants have been more than confused/frustrated, when it came to which Microsoft identity management (MIIS, IIFP, and ILM) solution had support for provisioning Exchange 2007 objects.
When Exchange 2007 RTM was released, we could use MIIS 2003, IIFP 2003, and ILM 2007 to synchronize Exchange mailbox users from an Exchange legacy organization to an Exchange 2007 organization as contact objects, but none of them had native support for Exchange 2007 provisioning.You could use one of these versions for synchronizing Exchange 2007 users as mail-enabled contacts, but it required that you either customized the GalSync agent or performed a semi-manual post step when users had been replicated. This was because these versions depended on the recipient update service (RUS) to perform two required tasks. RUS was responsible for setting the LegacyExchangeDN and ShowInAddressBook attributes on the mail-enabled contacts in the target organization. But since Exchange 2007 no longer uses RUS, you had to run the Set-MailContact cmdlet against the synchronized contact objects in the Exchange 2007 organization. See this KB article for a detailed explanation on this topic.
Then ILM 2007 FP1 was released and brought native support for Exchange 2007 provisioning to the ILM 2007 product (with ILM 2007 FP1 you could even provision Exchange 2007 Mailboxes if you wanted). This basically worked by installing the 32-bit version of the Exchange 2007 Management tools on the ILM server, and GalSync would then call the Update-Recipient cmdlet as part of the provisioning process.
Now that Exchange 2010 RTM has been released, we face a new issue. Yes correct! We don’t have any 32-bit version of Exchange 2010 Management tools at our disposal, which means we cannot install the Exchange 2010 Management tools on an ILM 2007 FP1 server since ILM 2007 only exists in a 32-bit version. Also, the next generation of ILM (now under the Forefront umbrella and therefore renamed Forefront Identify Management 2010 or FIM 2010) still is in a release candidate 1 status and doesn’t include support for Exchange 2010 provisioning yet (will be included with FIM 2010 RC1 update 3 which will be released early Q1 2010).
Since Exchange 2010 provisioning won’t make it into FIM 2010 before RC1 update 3 and since FIM 2010 RTM won’t release in the near future (expect around end Q1 2010), what do we do if we want to synchronize Exchange users form one Exchange organization to an Exchange 2010 organization as using ILM? Well, the ILM team has come to the rescue once again, because an ILM 2007 FP1 hotfix adding support specifically for Exchange 2010 is just around the corner. This hotfix will eliminate the requirement of installing the Exchange Management tools on the ILM server itself, and instead take advantage of the new remoting features included with PowerShell 2.0. More specifically, it will connect to a remote Exchange 2010 server and run the Update-Recipients cmdlet directly on the specified Exchange 2010 server.
When the hotfix has been installed on an ILM 2007 FP1 server there will be a minor UI change to the GalSync UI, so you can select Exchange 2010 provisioning and specify the URI to an Exchange 2010 server as shown below.
If you are planning to synchronize to an Exchange 2007 organization, this hotfix will not be of interest to you, as Exchange 2007 cannot take advantage of the remoting features in Windows PowerShell 2.0. It’s also worth mentioning that if you have a mix of Exchange 2010 and Exchange 2007 SP2 in the target Exchange organization, you can still use ILM 2007 FP1 with the Exchange 2007 SP2 Management tools installed on the ILM server itself.
Cheers,
Henrik Walther
Technology Architect/Writer
MCM: Exchange 2007 | MVP: Exchange Architecture
