I am currently working on an automated customer provisioning solution encompassing Active Directory, Exchange 2010 SP1, Blackberry and Enterprise Vault 9 (Personal Archiving).
The solution uses Microsoft Forefront Identity Manager 2010 with some PowerShell scripts to sync users to a resource Active Directory (containing Exchange 2010 and Enterprise Vault 9) and based on a specific attribute in the users account different services are configured for that user in near real time (i.e. mailbox size, functionality, blackberry etc.)
The problem I am having is provisioning the Enterprise Vault archive for the user...
I have tried looking at EVPM and the associated API but this only allows me to enable / disable an archive if the user is included in a provisioning group and the provisioning task has run. This causes problems as I am bound to a scheduled task and cannot provision in near real time.
I have also looked at using LDAP provisioning groups based on group membership but this only allows me to automatically enable archives and not disable them... given that one of my requirements it to be able to automatically provision and de-provision users this is also a problem.
Does anyone out there have any thoughts on how I might be able to achieve this level of user management through a scripting type interface?
Any and all assistance will be most welcome...!
Solved! Go to Solution.
It is still potentially possible to achieve what you require if you could be a bit more flexible around when you need to enable/disable/provision your mailboxes. If you ran your scripts to enable/disable at predetermined periods after a provisioning run then you could set up a LDAP query that either sets mailboxes to be eligible for archiving or disables archiving depending on the order of the provisioning group as well as the LDAP query used to determine whether the mailboxes should be eligible or not (As you mention specific attributes being set these could form part of or be the basis for your query). A provisioning group has an option to provision a mailbox albeit that Archiving is disallowed by deselecting the checkbox on the Provisioning Group Properies 'Archive mailboxes in this provisioning group'.
You would probably need to play around with this a bit to determine whether its a feasible option for you.