Using the Delegate Utility for Exchange 2003 or 2007

Overview

The Delegate Utility for Microsoft Exchange 2003 or Exchange 2007 provides a one-time process for on-boarding large groups of users with permissions assigned for Exchange integration. Contact your Deem Delivery Manager or email us at t ravelcustomersuccess@deem.com for more information.

The Delegate Utility sets Exchange Server permissions as a batch, and automatically applies these permissions to a group of enabled users.

Before you download and run the Delegate Utility, it is important to understand the system requirements:

In order for the utility to work correctly, the Delegate Utility must be installed on a machine within the same domain group as your Microsoft Exchange Server(s). However, since you should never install a MAPI client on an Exchange server, we recommend that you do not install this utility on one of your Exchange servers.
The machine can have any of the following operating systems: Microsoft XP with SP, Microsoft Server 2003/2008 or Microsoft Vista
The .NET framework 3.5. SP1
The utility uses MAPI interfaces in Microsoft Outlook to communicate with the Exchange Server. The machine will need to have Microsoft Outlook 2003 or 2007 installed.

Click to download the Delegate Utility (for Exchange 2003 or Exchange 2007)

Installing and Setting Up the Delegate Utility

Extract the compressed file to a folder of your choice. Upon extraction you will see the following files:

Readme.txt summarizes the installation steps.
The DeemDelegateutility.zip file is the compressed Delegate Utility executable.
The vcredist_x86.exe file has the C++ redistributable libraries that need to be installed before running the utility.

Install the C++ redistributable libraries by double clicking vcredist_x86.exe.

Extract the DeemDelegateUtlity.zip to a folder of your choice. Upon extraction, you will see folders. Each folder serves a specific purpose:

In case of errors with the utility, check \Logs\reardenerror.txt and \Log\reardenaudit.txt.
The input file for users that need the delegate account are placed in \ToBeProcessed folder. Upon a successful run of the utility, a file is created in \Processed folder that lists the processed user records. The permissions for the calendar and contact folders are backed up in the \Backup folder.
The \Config folder has configuration files that are needed to establish connectivity and run the utility.

Running the Utility

Make sure that you log in as an Exchange and Active Directory administrator to the computer that will run the utility. You must have permission to log into the Exchange server machine and have administrative rights for the Exchange server and Active Directory. You need to be able to modify permissions of the Active Directory accounts.

To run the utility, double-click the utility's ".exe" file. The Delegate Utility appears with the Set Permissions tab selected.

The Delegate Utility provides you with the ability to set permissions in bulk. It needs the following:

Connectivity information for your Exchange Server(s)
A list of users that need the delegate user added.

The utility applies the permissions needed for the delegate users to a list of specified Exchange users. You can also use the utility to remove the delegate user and restore the permissions to their original state.

Establishing Connectivity

Set your Exchange Server connectivity details by choosing File>Connect. The Connection Manager dialog appears.

Connectivity details for more than one Exchange Server can be saved. Square brackets (for example, “[Exchange2003]”) indicate the default connection that will be picked up. At any given time permissions can be managed for users in one domain. Your users can be on multiple Exchange servers -- as long as they belong to the same domain, only one connection needs to be established.

Adding a List of Users

The Delegate Utility can receive Exchange Users in two ways:

Text File: A list within a comma-seperated values (CSV) file such as one created by a spreadsheet program.
Profile Web Service: Use the service that pulls the users from the site.

Select your method by choosing File>User Profile Sources.

When using the Text File method:
Click here to expand...
When using the Text File (CSV list) method, the Delegate Utility uses the Email ID as the primary identifier. It does this by looking for a column header in the CSV file labeled “mail”. The Delegate Utility will ignore all other columns. The sequence in which the columns appear does not matter.
The CSV file can be populated by one of the following ways:
1. Create a distribution group within Exchange Server and extract the email-IDs of the group members. A commonly used tool to do this is with CSVDE.exe which comes preinstalled with Exchange and can also be downloaded from numerous sites that distribute freeware. The command would have arguments similar to:
csvde ‐f profiles.csv ‐r "memberOf=CN=DISTRIBUTION_GROUP_NAME,DC=DOMAINNAME,DC=com" ‐ l "givenName,mail"
You will need to change DISTRIBUTION_GROUP_NAME to your distribution name, DOMAINNAME to your Exchange domain name, and "com" to the appropriate domain suffix.
This list will pull a list of all members of the distribution group with their full given names and their email addresses. When it pulls this list, it will put the emails in a column labeled “mail” by default, and name the file profiles.csv for the Delegate utility.
2. Extracting profiles from the site. For this, you will need access to the Partner Dashboard with site administrator privileges. Depending on how you configure the Groupware integrations, you can extract all active users or extract those that are part of a Groupware rule that you plan to use for the integration. (If you are unsure how to do this, or do not yet have access to the Dashboard, or to any users uploaded to the Dashboard, you should use the first method.)
In either method, the utility expects the CSV file to be placed in the “ToBeProcessed” folder under the home or parent directory for the Delegate Utility. The file always needs to be named profiles.csv. Any other file name will be ignored by the utility.
When using the Profile Web Service:
Click here to expand...
The Profile Web Service in combination with the recurring scheduling feature is particularly useful for adding new users. It allows you to incrementally add permissions using the scheduling option that runs the Delegate Utility as a Windows task without requiring manual intervention.

Setting Permissions

When you are ready to apply the permissions, launch the utility. Provide the Delegate User email ID under the Set Permissions tab.

Applying Permissions Right Away

You can apply permissions immediately by choosing the Now option from the Schedule drop-down menu and clicking the Set Permissions button.

Click here to expand...

The “Run From” date and time on the right side shows the utility's last run date. You can ignore this if using the Text File method. If you use the Profile Web Service method, this is the date the list of modified users will be imported from. The "rearden_pnr_sync_id" field in the Profile We Service is used by the utility to keep track of which users have already been processed. If this date is manually reset to a previous date, the utility will ignore the PNR Sync ID and import modified users from the date listed in the Run From field. Changing to a previous date is useful if you need to process users that have already been processed from the Profile Web Service, but a failure occurred or a different delegate name was used. After you click the Set Permissions button, the utility shows a progress bar as it processes the records in the CSV file. Upon completion of processing, the Utility shows the number of records processed.

Creating a Schedule

You can schedule the utility to process permissions on a recurring basis either weekly or monthly.

Click here to expand...

For recurring options, the Delegate Utility creates a Windows scheduled task.

Note: You need to provide user credentials for the task to run. This user needs to have the same domain admin privileges as the user who can run the utility manually. This user would have a mailbox and be a part of the same Exchange Server for which the utility is running. This user also needs to be given admin privileges to the machine on which the utility runs.

When you click Set Permissions, a dialog appears confirming the creation of a scheduled task in the scheduled tasks list of the Windows Scheduler (choose Accessories>System Tools>Task Scheduler).

If you manually alter any settings for this task in the Windows Scheduler, it will operate on the altered schedule, but those changes will not reflect on the scheduling screen of the Delegate Utility, and the next time you create a schedule in the utility, the utility's settings will overwrite the modified Task Manager task settings. If you create a scheduled task, we highly recommend that you check that it works correctly the first time by right-clicking the task in the Scheduled Tasks list and selecting Run. If you do not see any entries in the processed log correctly showing delegate addition, check the error log to see if there was a problem. If all is well, you can assume the task will run at the set time, and you can check the logs on a periodic basis to see if all is fine.

The Processed Log

Upon successful completion the utility creates a file Processed.log in the \Processed folder. This is a list of all the members that were processed successfully. The utility also creates a log file in the “Logs” folder. The log file provides granular details on the success or failure of the utility.

Restoring Permissions

To remove the delegate user and associated permissions, click the Restore Permissions tab, and then click the Restore Permissions button.

Click here to expand...

The utility removes the delegate user and restores the user permissions to the state before using the utility.

Note: The utility backs up the user settings for the Calendar, Contact and Root object for the users. Successful addition of delegate permissions to any of these objects is contingent on a successful backup. If a backup fails, the user record is skipped and appears in the log file. Only one backup is stored from the last run of the tool.

If you cancel the tool while it is applying delegates, the number of users to which the delegate is added is the same number that the backup will be created for. It will not be for the entire user base listed in your CSV file or Profile Web Service. If you cancel the tool while it is restoring permissions, the remaining permissions will not be set. if you restart the restore process, it will repeat for all the users in the backup file.

The utility does not backup any other permission and as such should not be used as a backup tool. It is not intended to be used as a backup and restore tool.