Exchange Admin Integration Pack for Orchestrator in System Center

Article
08/09/2023

Important

This version of Orchestrator has reached the end of support. We recommend you to upgrade to Orchestrator 2022.

Integration packs are add-ons for System Center - Orchestrator, a component of System Center. Integration packs help to optimize IT operations across heterogeneous environments. They enable you to design runbooks in Orchestrator that use activities performed by other System Center components, other Microsoft products, and other third-party products.

The Integration Pack for Exchange Admin helps to facilitate the automation of Exchange administration tasks, such as mailbox management, for on-premises, remote, or cloud-based environments in Microsoft Exchange and Microsoft 365.

Microsoft is committed to protecting your privacy while delivering software that brings you the performance, power, and convenience you want. For more information about Orchestrator-related privacy, see the System Center Orchestrator Privacy Statement.

System requirements

Before you implement the Integration Pack for Exchange Admin, you must install the following software. For more information on how to install and configure Orchestrator and the Exchange Admin Integration Pack, see the respective product documentation.

System Center 2016 integration packs require System Center 2016 - Orchestrator
System Center 2019 integration packs require System Center 2019 - Orchestrator
Microsoft .NET Framework 4.7 or above
Microsoft Exchange 2010 Service Pack 2 or Microsoft Exchange 2012 or Microsoft Exchange Online/Microsoft 365
Microsoft Exchange Management Shell
Microsoft PowerShell 2.0
Microsoft WinRM 2.0

Important

Exchange Admin Integration Pack (v10.19.16.0 or above) targets .NET Framework 4.5.2. Ensure that .NET Framework Runtime v4.5.2 or later is installed on Runbook Designer and Runbook Server machines. We recommend installing the latest available .NET framework version.
Create the following files with (identical) contents as shown below to update supportedRuntimeVersion to v4:
- %systemdrive%/Program Files (x86)/Microsoft System Center/Orchestrator/Runbook Designer/RunbookDesigner.exe.config
- %systemdrive%/Program Files (x86)/Microsoft System Center/Orchestrator/Runbook Designer/RunbookTester.exe.config
- %systemdrive%/Program Files (x86)/Microsoft System Center/Orchestrator/Runbook Server/PolicyModule.exe.config
Contents:
```
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <startup useLegacyV2RuntimeActivationPolicy="true">
    <supportedRuntime version="v4.0.30319"/>
  </startup>
  <system.xml.serialization>
    <xmlSerializer tempFilesLocation="C:\ProgramData\Microsoft System Center 2012\Orchestrator\Activities\XmlSerializers\"/>
  </system.xml.serialization>
</configuration>
```

Exchange on-premises
Exchange Online

System Center 2022 integration packs require System Center 2022 - Orchestrator
Microsoft .NET Framework 4.0 or higher (.NET 4.7.2 recommended)
Microsoft Exchange 2010 Service Pack 2 or Microsoft Exchange 2012 or Microsoft Exchange Online/Microsoft 365
Microsoft Exchange Management Shell
Microsoft PowerShell
Microsoft WinRM 2.0

Download the Integration Pack

To download the Exchange Admin Integration Pack for Orchestrator 2016, see the Microsoft Download Center for 2016.
To download the Exchange Admin Integration Pack for Orchestrator 2019, see the Microsoft Download Center for 2019.

To download the Exchange Admin Integration Pack for Orchestrator 2022, see the Microsoft Download Center for 2022.

Register and Deploy the Integration Pack

After you download the integration pack file, you must register it with the Orchestrator management server, and then deploy it to runbook servers and Runbook Designers. For the procedures on installing integration packs, see How to add an Integration Pack.

Configure the Exchange Admin Integration Pack connections

A connection establishes a reusable link between the Orchestrator and an Exchange server. You can specify as many connections as you require to create links to multiple servers. You can also create multiple connections to the same server to allow for differences in security permissions for different user accounts.

Exchange on-premises
Exchange Online

Set up an Exchange Configuration connection

In the Orchestrator Runbook Designer, select Options > Exchange Admin. The Exchange Admin dialog appears.
On the Configurations tab, select Add to begin the connection setup. The Add Configuration dialog appears.
In the Name box, enter a name for the connection. This can be the name of the Exchange server or a descriptive name to differentiate the type of connection.
Select the (...) button and select Exchange Configuration.
Select the (...) button for Exchange Environment and select On-Premise.
In the Exchange Server Host box, enter the name or IP address of the Exchange server. To use a computer name, you can enter the NetBIOS name or the fully qualified domain name (FQDN).
In the Exchange Server Port box, enter the port that is used to communicate with the Exchange server. If you use SSL, ensure to select the appropriate port.
In the Exchange PowerShell Application box, enter the application name segment of the connection URI.
In the Exchange User Name and Exchange User Password boxes, enter the credentials that Orchestrator will use to sign in to the Exchange environment. The configured user must have the appropriate Exchange permissions.
Configure the Exchange Environment as necessary for connecting to an on-premises installation or to Office.
Set the Use SSL property to True to have all communication between the runbook server and the Exchange server encrypted over HTTPS.
If you use SSL:
- The Skip CA Check property specifies whether the client doesn't validate that the server certificate is signed by a trusted certification authority (CA).
- The Skip CN Check property specifies that the certificate common name (CN) of the server doesn't need to match the hostname of the server.
- The Skip Revocation Check property specifies whether the revocation status of the server certificate won't be checked for validity.
Select OK and add additional connections if applicable.
Select Finish.

Configure IP with Exchange Online:

Exchange Admin 2022 supports App-only based modern (OAuth) authentication to Exchange Online. For more information on setting up app-only authentication for Exchange Online to provision an Azure AD application in your tenant, see setup app-only authentication.

In the Orchestrator Runbook Designer, select Options > Exchange Admin. The Exchange Admin dialog appears.
In the Name box, enter a name for the connection. This can be the name of the Exchange server or a descriptive name to differentiate the type of connection.
Select the (...) button and select Exchange Configuration.
Select the (...) button for Exchange Environment box and select Online. While the other parameters are optional, below are the four mandatory parameters:
- CertificateFilePath - provide the path to store the pfx file locally. The pfx file was generated while setting up App-only authentication.
  
  Note
  
  CertificateFilePath is case sensitive.
- CertificatePassword - provide the password with which the pfx file was generated.
- ApplicationId - provide your Azure App ID generated above.
- EXOOrganization - provide details in the format <organization name>.onmicrosoft.com

Configure Windows PowerShell and WinRM for the Exchange Admin Integration Pack

Exchange on-premises
Exchange Online

Configure PowerShell to run scripts

On the computer where Orchestrator runbooks are executed, ensure that PowerShell scripts can be run:

Start the Windows PowerShell command line.
To determine whether PowerShell scripts can be executed, run the following command:
```
    Get-ExecutionPolicy
```
If Execution Policy is Restricted, you must change it to RemoteSigned. Run the following command:
```
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
```

Configure remote PowerShell rights for the Exchange user

The configured user must be granted remote PowerShell rights on the Exchange server.

On the Exchange server, start the Exchange Management Shell.
To determine whether the user has remote PowerShell rights, run the following command, and check the value in the RemotePowerShellEnabled field:

      Get-User <UserName>

To grant the user remote PowerShell rights, run the following command:

      Set-User <UserName> -RemotePowerShellEnabled $true

Configure Windows PowerShell to allow Basic Authentication on the Exchange server

On the Exchange server, ensure that PowerShell Basic Authentication is enabled:

Start Internet Information Services (IIS) Manager.
Navigate to the PowerShell site.
Open the Authentication settings, and ensure Basic Authentication is enabled.

Configure WinRM for HTTP unencrypted communication

On the machine where Orchestrator runbooks are executed, configure WinRM trusted hosts, and to allow unencrypted traffic:

Open the Local Group Policy user interface: Windows Start Button > Run > gpedit.msc.
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Client.
Ensure that Allow unencrypted traffic is enabled.
Add the targeted computer that runs Exchange Server to the Trusted Hosts list.

On the Exchange server, ensure that PowerShell doesn't require SSL:

Start Internet Information Services (IIS) Manager.
Navigate to the PowerShell site.
Open SSL Settings and ensure that the Require SSL checkbox isn't selected.