Previous Topic: AudienceNext Topic: File Locations

Identity Management ServiceConnectors GuideConnecting to EndpointsMicrosoft Office 365 ConnectorIntroductionLimitations

Limitations

The following table lists the limitations of Office 365 connector:

Limitation

Description

Suspension or Deletion

Identity Management keeps an Office 365 account that has been soft-deleted from the domain for 30 days. During this time, an administrator can restore the account, including the Exchange mailbox. The connector treats a soft-deleted account as a suspended account. The account is soft-deleted or restored when the Suspended checkbox is selected or cleared, respectively. You cannot modify account attributes when an account is suspended.

If you delete an account via the connector, the account, including the Exchange mailbox is permanently deleted. These accounts cannot be restored.

Account suspension and deletion should be exercised with caution as a suspended account will be permanently removed by Office 365 after 30 days and a deleted account will be permanently removed from the domain. The recommended approaches are:

  • Use the Block Credential checkbox to block or unblock user access to the portal.
  • Remove the license option assigned to an account to deny the user access to the service. For example, when the Exchange Online license option is removed from the account, the user will not be able to access the mailbox.

Setting Mailbox Attributes

Mailbox attributes are processed only when the mailbox exists. Assign the Exchange Online license option to the account to trigger mailbox creation. Since it takes a while for the Exchange server to create the mailbox, the connector waits until the mailbox is successfully created before setting the mailbox attribute. If the wait exceeds configured limits, the connector reports an error, informing the caller that the mailbox does not exist. You can configure the limits in the connect.xml file:

  • maxHaltExecution – The maximum number of wait period of the connector.
  • haltExecutionTimeMillis – The duration of each wait period in milliseconds.
  • keepConnectionWhileHalting – When true, the connector holds on to the connection during the wait period.

Left-behind PowerShell Processes

If CA IAM Connector Server is forcefully closed, the native PowerShell processes started by the connector continue to run on the machine. These processes are removed when the CA IAM Connector Server starts again.

Alternatively, you can end the process manually using Windows Task Manager. The process PIDs are stored in the following path:

cs_home\jcs\data\o365.

"Partner_Managed" Admin Role Groups

Admin role group that has the "Partner_Managed" capability is a read-only group. You cannot add a member to this group directly. The connector does not return these groups when performing an admin role groups search. For example, these groups are not returned during an explore operation, and therefore, cannot be assigned to an account.

License Options

Once the domain is set up, license options can change. To improve the connector performance, the connector caches license option data when a domain license plan changes. Explore the license options sub-tree again to get the latest license option data.

User Name

User Name of the account does not support non-ASCII characters (foreign characters).

User Password

Force Change Password must be set in conjunction with Password field otherwise the value does not apply.

Even when Strong Password Required is not selected, the account’s password must be 8-16 characters.