Exchange Integration
The Setup Manager uses Exchange Autodiscover to populate the Exchange server settings. If Autodiscover is not enabled on the Exchange server, you must manually configure the settings. We recommend that Autodiscover be available in your environment before installation.
The product uses Autodiscover before making a call to Exchange to query an available Exchange server. This allows the product to continue functioning if a single Exchange server is offline.
The configured account, typically the the products service account’s, is used for the discovery process. Using the Autodiscover service to find the most appropriate URL for the specified user's mailbox instead of using a hard-coded EWS URL means that your workflow always uses the correct EWS URL for that particular mailbox. Autodiscover determines the best endpoint for a particular user (the endpoint that is closest to the user's mailbox server).
Microsoft announced plans to turn off Basic Authentication for Exchange Web Services (EWS) for Exchange Online in 2022. OAuth must now be used to integrate with Exchange Online. For information on how to configure this after product installation, see the Nintex Community article K2 and upcoming changes to Exchange Online authentication and the Exchange Online Feature Activation topic in the Nintex Automation User Guide.
Exchange Online always has Autodiscover available. Setup Manager asks you for an email address of one of the online accounts during the installation of the product. This account is used for the discovery process and to reply to SmartActions.
For Exchange Services (Meetings, Tasks, Mailboxes) for online integration the following rights are required:
- For Enable / Disable mailbox, the account must be a member of the Organizational Management or Recipient Management role. Alternatively you could create the account as a Global Administrator in Exchange Online. If the account is part of the Recipient Management role group, Setup Manager warns you that the account must be a member of the Organizational Management role but this warning can be ignored and you can proceed with the installation.
- Get Available Exchange Servers (https://technet.microsoft.com/en-us/library/bb123873(v=exchg.150).aspx)
- Get Available Mailbox Databases (https://technet.microsoft.com/en-us/library/bb124924(v=exchg.150).aspx)
- Get Available Storage Groups (https://technet.microsoft.com/en-us/library/aa998331%28v=exchg.80%29.aspx)
This list is not exhaustive since there may be other limitations in Exchange Online over time. Search Microsoft TechNet for details on Exchange cmdlets, see https://technet.microsoft.com/en-us/library/bb124413(v=exchg.150).aspx for more information.
Important: When Exchange Online is used for SmartActions, the online email address must be associated with a local Active Directory Account or email actions are not sent and the following error is logged:
System.Exception: No destinations could send the message Workflow item received.
Autodiscover provides the following values required by the Setup Manager:
- EWS URL
- TLS encryption setting
- SMTP Server
- Port
The Setup Manager automatically detects the Exchange server settings using the Windows Remote Management (Microsoft Exchange Server 2013) and pre-populates the integration page for new installations. If the prerequisite software is not detected or the installation is an upgrade, the page is not displayed.
The Exchange Server Configuration separates common Exchange activities, such as creating calendar items and meeting requests, from administrative tasks. Different Exchange permissions are required for each, however the installation account must have the following rights if one or both options are chosen so it can browse for Exchange servers, storage groups and mailbox databases.
If the standard integration is chosen during installation, the Exchange Management service instance is the service that performs the common Exchange functions and requires impersonation capabilities in Exchange. When used in a wizard, this service executes using the credentials as configured in the Run As dialog for the event, or as the product server service account if no credentials are configured. When used directly in a SmartObject call, the context is the current user’s credentials. In conjunction with the Exchange Management service instance, the Exchange Meta Data service instance is used by the SmartObjects and the Designer for SharePoint. This service executes under the identity of the product Server Service account. The authentication method can be changed in the Management Console and, if changed, may require some additional Exchange and / or Kerberos configuration.
For Exchange Services (Meetings, Tasks, Mailboxes) for Online Integration the following rights are required:
- K2HostServer (Service) Account needs ApplicationImpersonation rights
- For Enable / Disable mailbox the static account used to install with needs to be part of the Organizational Management or Recipient Management role. Or you can create the account as a Global Administrator in Exchange Online.
If the administrative integration is chosen, the Exchange Administration service instance is the service that performs the mailbox functions, specifically enabling and disabling mailboxes. The identity used for this service requires additional permissions in Exchange.
Depending on what you choose on the Setup Manager Exchange Integration page, the appropriate service instances are created with the information specified. An environment library field for the Exchange server is also configured.
The Setup Manager Exchange Integration page is optional and does not need to be completed for the installation to complete. The following logic applies when selecting Configure Exchange On-premises or Configure Exchange Online on the Exchange Server Configuration page:
If On-premises
- Selecting the Enable administrative Exchange Integration (Mailbox) option will create or enable the mailbox.
- Deselecting the Enable administrative Exchange Integration (Mailbox) option will disable the mailbox.
If Online
- Selecting the Enable administrative Exchange Integration (Mailbox) option will remove or restore access to a mailbox.
- Deselecting the Enable administrative Exchange Integration (Mailbox) option will not allow the Exchange wizard to remove or restore access to a mailbox.
For more information on integrating with Exchange Online after an install, see the Exchange Online Feature Activation topic in the User Guide.