Get a Quote

Articles in this section

How to enable communication between HelloID and Exchange

  • Updated:

Introduction

If you plan to use HelloID to perform actions on your local Exchange server, such as creating and updating user mailboxes, you will need to perform several steps to allow communications to your Exchange server. By default, the server and account that are running the HelloID Agent will not have sufficient permissions to access Exchange.

HelloID Agent Permissions

All actions performed by HelloID within your network are done through the HelloID Agent, and in the context of its service account. Actions performed on your local Exchange server are no exception.

Identify the Service Account

Make note of the service account under which your HelloID Agent services are running, as shown under the Log On As column below. If your services are not running in the context of a domain account (e.g., Local System), you will need to update their credentials so that they are.

mceclip0.png

Add the Organizational Management group

In order to perform actions on your Exchange server, the HelloID Agent's service account will need to be in the Organizational Management group in Active Directory. Using Active Directory Users and Computers console, find the service account and add it to that group, as shown below.

mceclip1.png

Configure the Exchange server

Log on to your Exchange server to perform the following configuration steps. Make sure that you are logging on with an account that has permissions to perform configuration changes.+

Enable WinRM

From the Start menu, open the Exchange Management Shell as an administrator and type the following command:

winrm quickconfig

When prompted, type "Y" to confirm changes.

Enable remotely signed scripts

With the Exchange Management Shell still open as an administrator, run the following command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

When prompted, type "Y" to confirm changes.

Allow Remote PowerShell

With the Exchange Management Shell still open as an administrator, run the following command:

Set-User -Identity {service account name} –RemotePowerShellEnabled $true

Replace {service account name} with the logon name of the HelloID Agent's service account, as noted earlier in this article.

Configure the HelloID Agent Server(s)

On each server where a HelloID Agent is installed, perform the following steps:

  1. Open the PowerShell console as an administrator.
  2. Run the following command, and type "Y" afterward to confirm changes: 
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned