Quest® ActiveRoles™ Quick Connect for Exchange Resource Forests
Version 1.2.0
Release Notes
December, 2009
Welcome to ActiveRoles Quick Connect for Exchange Resource Forests
Resolved Issues and Enhancements
Many medium- and large-size companies find themselves in an environment that requires a multi-forest Active Directory deployment for security, business policy, or legal reasons, or because of autonomous business units.
Deployment of multiple forests introduces the need for inter-forest collaboration solutions, among which the most important is the Microsoft Exchange Server based messaging system. With multiple forests, one of the options for integrating Exchange with Active Directory is the resource forest model.
The resource forest model implies a single Exchange organization that serves multiple forests. The Exchange forest (also known as the resource forest) is dedicated to running Exchange and hosting mailboxes. User accounts are contained in one or more forests, referred to as the account forests, which are separate from the resource forest.
The ability to have user accounts and user mailboxes in separate forests requires that shadow (or proxy) versions of user accounts be created and maintained in the Exchange forest by a directory synchronization process. For example, provisioning a user account in an account forest involves creation of a shadow, mailbox-enabled user account in the Exchange forest. The account properties need to be synchronized between the account forest and the Exchange forest.
To automate the provisioning and synchronization processes involved with the resource forest model, you can use Quest ActiveRoles Quick Connect for Exchange Resource Forests—a solution that has the following capabilities:
For more information about this solution, refer to the ActiveRoles Quick Connect for Exchange Resource Forests Administrator Guide, which is part of the ActiveRoles Quick Connect documentation set.
The 1.2.0 version of ActiveRoles Quick Connect for Exchange Resource Forests (formerly ActiveRoles Exchange Resource Forest Manager) extends and enhances the capabilities of this solution which now include:
This section provides a list of issues that existed in earlier versions of
this solution and resolved with the 1.2.0 release of ActiveRoles
Quick Connect for Exchange Resource Forests.
Each item in the list includes an ID number and a
brief description of the issue.
TF00110431
Fixed: The "Associate with existing" policy option has no effect if the name (cn)
of the master account contains a comma character (,). Upon creation of a master
account with a name containing comma characters, the solution does not
establishes a link between the master account and an existing shadow account as
expected when the shadow account has the same name as the master account.
TF00018603
When searching a container in an account forest for user
accounts by using search criteria that include
Exchange-related properties, you may encounter the
following issue: The search returns no results
although the container does hold some user accounts that
meet your search criteria. This problem is due to the
fact that the search function does not take into account
the policy-based process of substituting
Exchange-related properties of the shadow accounts in
the resource forest for those properties of the master
accounts in the account forests.
When configuring Delivery Restrictions or Delivery
Options for a user account in an account forest, you may
encounter an empty list of objects in the "Select
Objects" dialog box. This problem is due to the fact
that the search function used to populate the list does
not take into account the policy-based process of
substituting Exchange-related properties of the shadow
accounts in the resource forest for those properties of
the master accounts in the account forests.
WORKAROUND
If you need to search by Exchange-related properties,
choose the scope of your search in the resource forest
rather than in an account forest.
If you need to select objects when configuring Delivery
Restrictions or Delivery Options, perform configuration
on the shadow account that is associated with the master
account you want to modify.
TF00018621
With the "Synchronized Attributes List" policy parameter
modified so that the list of synchronized properties includes the "manager"
attribute, the solution fails to update the "manager" attribute in the shadow
account upon modification of that attribute in the respective master account,
reporting a policy violation error event in the EDM Server event log.
WORKAROUND
To prevent this error, avoid adding the "manager"
attribute to the list of synchronized properties. The "manager" attribute holds
the distinguished name (DN) of the manager's user account. As such, the
"manager" attribute value is forest-specific and cannot be written to a user
account in a different forest. This limitation is due to the nature of the
Active Directory directory services.
TF00110302
The "Linked account" entry that is added by this solution to the General tab on
the "Exchange Properties" page for user objects in the Web Interface does not
have the Properties button, so you cannot open the property pages for the linked
account from that entry.
WORKAROUND
Note down the name of the object that is displayed by the "Linked account" entry
and then specify that name in the "Quick Search" box to find the linked account.
Once the account has been found, you can access the property pages for the
account by clicking its name in the search results list.
Alternatively, you could use the customization functions of the Web Interface to
remove the "Read-only" flag from the "Linked account" entry. Removing the
"Read-only" flag causes the entry to reveal the Properties button. For
instructions on how to view or change the properties of an entry in the Web
Interface, see the "Quest ActiveRoles Server Web Interface - Administrator
Guide" document, section "Managing Properties of an Entry."
This solution requires ActiveRoles Server of version 6.5.0 and it is incompatible with the earlier versions of ActiveRoles Server.
To upgrade from an earlier version of this solution, you first need to uninstall the earlier version and then install the new version. For instructions on how to install or uninstall this solution, see "Deploying the Solution" in the ActiveRoles Quick Connect for Exchange Resource Forests Administrator Guide.
This solution runs on top of ActiveRoles Server, and requires the following to be deployed in your Active Directory environment prior to installing the solution:
Note that in addition to the main requirements for ActiveRoles Server, which can be found in the Release Notes document for ActiveRoles Server, the following requirements must be met in order for this solution to install and work:
For more information and instructions, see "Deploying the Solution" in the ActiveRoles Quick Connect for Exchange Resource Forests Administrator Guide.
This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.
This release has the following known capabilities or limitations: Globalization status is the same as for ActiveRoles Server 6.5.0 except that ActiveRoles Quick Connect for Exchange Resource Forests documentation is not localized.
Follow these steps to install and start working with ActiveRoles Quick Connect for Exchange Resource Forests:
For more information and instructions, see the ActiveRoles Quick Connect for Exchange Resource Forests Administrator Guide.
Get the latest product information, find helpful resources, and join a
discussion with the ActiveRoles Quest team and other community members. Join the
ActiveRoles Community at
http://activeroles.inside.quest.com.
| info@quest.com | |
| Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA |
|
| Web |
Refer to our Web site for regional and international office information.
Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract.
Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com.
From SupportLink, you can do the following:
View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures.
The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf.
This guide contains proprietary information protected by copyright. The
software described in this guide is furnished under a software license or
nondisclosure agreement. This software may be used or copied only in accordance
with the terms of the applicable agreement. No part of this guide may be
reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying and recording for any purpose other than the purchaser’s
personal use without the written permission of Quest Software, Inc.
© 2009 Quest Software, Inc.
ALL RIGHTS RESERVED.
Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles,
Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother, BusinessInsight,
ChangeAuditor, ChangeManager, DeployDirector, DirectoryAnalyzer,
DirectoryTroubleshooter, DS Analyzer, DS Expert, ERDisk, Foglight, GPOADmin,
Imceda, IntelliProfile, InTrust, Invirtus, iToken, I/Watch, JClass, Jint, JProbe,
LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, NBSpool,
NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Quest Central, Quest
vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, SelfServiceADmin,
SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL
Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad,
T.O.A.D., Toad World, vAutomator, vControl, vConverter, vFoglight, vOptimizer
Pro, vPackager, vRanger, vRanger Pro, vSpotlight, vStream, vToad, Vintela,
Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vBackup,
Vizioncore vEssentials, Vizioncore vMigrator, Vizioncore vReplicator, Vizioncore
vTraffic, Vizioncore vWorkflow, WebDefender, Webthority, Xaffire, and XRT are
trademarks and registered trademarks of Quest Software, Inc in the United States
of America and other countries. Other trademarks and registered trademarks used
in this guide are property of their respective owners.
If you have any questions regarding your potential use of this material, contact:
|
Quest Software World Headquarters
LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 Email: legal@quest.com |
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.