Introduction
The HelloID Agent can perform actions on your local Exchange server, such as creating and updating user mailboxes. To allow this, you must grant the appropriate permissions on the server and account which are running Agent.
This configuration is a necessary prerequisite for using local Exchange integration in an on-premises target Active Directory system.
Note: In addition to the configuration steps in this article, you must configure the Exchange tab of your target AD system, including a security protocol and your username/password.
Set HelloID Agent permissions
Identify the service account
Make note of the service account under which your HelloID Agent services are running. This is shown under the Log On As column in the Windows Services Manager.
If your Agent services are not running in the context of a domain account (e.g., Local System), reassign them so that they are.
Add the Organizational Management group
Using the Active Directory Users and Computers console, find the HelloID Agent's service account and add it to the Organizational Management group.
Configure the Exchange server
Perform the following steps on your Exchange server.
Enable WinRM
From the Start menu, open the Exchange Management Shell as an administrator and type the following command:
winrm quickconfig
When prompted, type "Y" to confirm changes.
Enable remotely signed scripts
Next, also in the Exchange Management Shell, run the following command:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
When prompted, type "Y" to confirm changes.
Allow Remote PowerShell
Next, also in the Exchange Management Shell, run the following command:
Set-User -Identity {service account name} –RemotePowerShellEnabled $true
Replace {service account name} with the logon name of the HelloID Agent's service account.
Configure the HelloID Agent Server(s)
On each server where a HelloID Agent is installed, perform the following steps:
- Open the PowerShell console as an administrator.
- Run the following command, and type "Y" afterward to confirm changes:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned