SCSM Exchange Connector and Exchange Server in different forests/domains

I have been asked to configure an instance of the Exchange connector to receive e-mails from a certain mailbox in order to create service requests. Have done that before, not a big deal. However, this time, the Exchange Server is sitting on a separate forest, other than where the SCSM Management server is. So, all the impersonation thing may not work properly.

image

The documentation doesn’t mention anything about it. I have found some information, but not really useful.

The problem is that in order to use impersonation, you need to leverage the SCSM workflow account. That account is sitting in forest A, for example. It would need then to be able to read the contents of another mailbox, sitting on a different forest, which is not possible. I found an article saying you could use two accounts with the same UPN, which is puzzling. I started trying to do that, but I don’t think it is exactly necessary.

So, here go the steps I took.

On the Exchange side(Domain/Forest B):

1. I have created a ‘fake’ scsmwf (workflow) account in domain B (where Exchange is) and mailbox-enabled it, and logged on, to test it.(scsmwf@domainB.com). I believe I could have created only the other account, but I’m assuming I may want to monitor other mailboxes, so, have an impersonating account for all the monitored MBs made more sense. You don’t have to call it workflow either!

2.I gave it rights to impersonate other accounts, as per MS recommendation.

image

3.I have created the mailbox I wanted to receive the e-mails, logged on to it to test (scsmrequest@domainB.com)

On the SCSM side (DomainForest A), when going through the Connector wizard:

1.Setup the URL (not autodiscover)

2.Setup the e-mail I have created in step 3 above.(scsmrequest@domainB.com).

image

3.For the run as account, I have used the account I created in step 1, using the UPN format: scsmwf@domainB.com (which ended up showing as domain.com\user in the Run As Account dialog):

image

Note that the domain dropdown is useless in this case, since the domain has been specified in the User Name field.

When you run Test Configuration, here’s an interesting message:

image

Note: image

Bingo! That’s all I wanted to see. When you test the account:

image

The rest of the configuration is the same as the normal connector.

Hope this helps!