You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »


Wiki Home

Grouper Release Announcements

Grouper Guides

Grouper Deployment Guide

Community Contributions

Internal Developer Resources

University of Colorado Boulder

  • If you are reading this line, this document is still incomplete!

Office 365/Exchange

Overview

University of Colorado Boulder presented a lightning talk at 2015 Internet2 Technology Exchange on Grouper and Exchange / Office 365. See slides here (PDF format)

CU Boulder migrated from on-premise Exchange to Office 365 (O365) in June 2015. Here is a quick overview of the Active Directory environment relevant to Exchange and groups:

  • The Office of Information Technology's (OIT) Identity and Access Management (IAM) team has the Active Directory (AD) domain and enterprise admin rights
  • IAM creates top level OU's for the departments, schools, and colleges and delegates the full administration of these OU's to personnel (OU Admins) within these departments, schools and colleges.
  • OIT's Messaging and Collaboration team (M&C) managed the on-premise Exchange infrastructure and the creation of the mail distribution lists.
  • Many of the mail distribution lists were being used as security/access groups in AD
  • DirSync was going to be used to sync accounts and distribution lists from our AD to the Azure Active Directory which introduced mainly the following issue:
    • Because it is a one-way sync, end users lose the ability to manage their distribution lists using Microsoft's Outlook or Outlook Web Access .

Problem

  • Come up with a way to allow end users to continue managing their mail distribution lists without breaking the existing secondary functionality of the distribution lists as security/access groups in AD.
  • Membership of the distributions lists could be individual accounts, other distributions lists, or security/access groups within AD. Any solution implementation had to maintain this structure and allow for it to be carried forward in the future.

Solution

  • At that time, the IAM team has been looking into Grouper and what it could offer in terms of access management solutions for our users.
  • The decision was made to deploy Grouper in a phased approach with Phase 1 addressing the Office 365/Exchange mail distribution lists at hand.

  • Grouper Setup

    For an overview of our Grouper setup, please refer to slides 3-4 of this presentation

  • No labels