When managing users, we usually also find that we need to manage e-mail settings, or even e-mail systems. Microsoft Exchange is a common on-premises enterprise e-mail system.
In order for MIM to also manage Exchange, there are some configuration settings and permissions required. Microsoft documentation recommends you to add your AD MA service account to the Recipient Administrators role group. However, you can eliminate unnecessary privileges by being more granular. Please see http://bit.ly/MIMExchangeRecipient for more information. There are no drawbacks, so please consider granting your service accounts the least privileges they need.
In order for us to manage the attributes used and required by Exchange, we will need some knowledge about Exchange. There are, for example, multiple types of recipients to deal with.
At The Financial Company, they have decided that all employees should have a mailbox (recipient type: UserMailbox
) but contractors should be mail-enabled users...