Skip to main content

HelloID

Enable communication between HelloID and Exchange

The On-premises Provisioning Agent can perform actions on your local Exchange server, such as creating and updating user mailboxes. To allow this, you must grant the appropriate permissions on the server and account which are running Agent.

This configuration is a necessary prerequisite for using local Exchange integration in Active Directory target systems.

  1. Make note of the service account under which your HelloID Agent services are running. This is shown under the Log On As column in the Windows Services Manager.

    mceclip0.png
  2. If your Agent services are not running in the context of a domain account (e.g., Local System), reassign them so that they are.

  3. Using the Active Directory Users and Computers console, find the HelloID Agent's service account and add it to the Organizational Management group.

    mceclip1.png
  4. Perform the following steps on your Exchange server:

    1. Enable WinRM: From the Start menu, open the Exchange Management Shell as an administrator and type the following command: winrm quickconfig. When prompted, type "Y" to confirm changes.

    2. Enable remotely signed scripts: Also in the Exchange Management Shell, run the following command: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned. When prompted, type "Y" to confirm changes.

    3. Allow Remote PowerShell: Also in the Exchange Management Shell, run the following command: Set-User -Identity {service account name} –RemotePowerShellEnabled $true. Replace {service account name} with the logon name of the HelloID Agent's service account.

  5. On each server where a HelloID Agent is installed, perform the following steps:

    1. Open the PowerShell console as an administrator and run the following command: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned. When prompted, type "Y" to confirm changes.

  6. The final step is to Configure Exchange for your target AD system, including a security protocol and your username/password.