Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7423: Preventing the MSExchMailboxGuid from syncing during Office 365 Provisioning

Centrify Identity Service, App Edition ,   Centrify Identity Service, App Plus ,  

1 September,16 at 02:48 AM

Applies to: Centrify Identity Service with Office 365 Provisioning

Question:

How can the "MSExchMailboxGuid" attribute be ignored during Office 365 Provisioning?

Problem:

Some third party migration tools require that users be provisioned with a new mailbox in Office 365, in order to migrate the user's mail.  However, if the user still has a local Exchange mailbox, the "MSExchMailboxGUID" attribute will be populated.  If this attribute is populated, provisioning will not create a new mailbox for the user in Office 365. 

Answer:

Centrify has a workaround for this issue.  The workaround is to customize the Office 365 provisioning script to sync the attribute's contents as "null".  

In Cloud Manager, navigate to Apps > Office 365 > Provisioning > Provisioning Script, copy/paste the below script into the script editor, and change "@domain.com" to the actual UPN suffix of the users in question.  

For example, replace "Domain.com" with "@contoso.com":

if (isPerson()) {

var dnArray = getSourcePropertyByName("userPrincipalName");

if (dnArray && dnArray.Length) {
var dn = String(dnArray[0]).toLowerCase();
trace("source.dn=" + dn);
if (dn.indexOf("@domain.com")>=0) {
destination.MSExchMailboxGuid = null;
} else {
trace("user is not from domain.com");
}
}

The logic of the above script is as follows:
  1. If the user in question is from Active Directory, Centrify will get the user's UPN from AD.
  2. If the returned UPN is not 'null', Centrify will convert the UPN to all lowercase.
  3. Centrify will then check whether the converted UPN value contains "@domain.com".  If so, Centrify will set the user's MSExchMailboxGUID value to "null"
  4. If the user's UPN does not contain "@domain.com", Centrify will sync the contents of the attribute that reside in the user's object from AD.
After implementing the script, initiate a full sync by navigating to Cloud Manager > Settings > Users > Provisioning > Start Sync. 

After the sync completes, provisioned users should then have an in-cloud mailbox.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.