MPS Import::ImportOrganization
This procedure imports a customer or reseller organization into the Hosted Exchange system. This procedure attempts to import an organization into the Hosted Exchange and MPS systems by doing the following:
Creating all necessary child OUs for Hosting configuration.
Creating security groups.
Setting group memberships with parent organizations.
Setting security ACLs on object.
Creating a record for the organization in the plans database.
Allocating mail storage for the organization (Resource Manager).
Assigning an STMP domain (Plans Database).
Assigning available plans to the organization.
Arguments
| Input argument | Required | Description |
|---|---|---|
<path> |
Yes |
The Lightweight Directory Access Protocol (LDAP) path of the organization. |
<preferredDomainController> |
Yes |
|
<policyName> |
Yes |
Determines the security policy to apply to the object. The default is customer, which is appropriate for all hosted organizations beneath a reseller organization. Valid values are: Generally the supplied value should be reseller or customer. Default is used for child containers (such as departments), which simply inherit security policy from parent. |
Remarks
Prerequisites
Organization must be located in the hosting Active Directory tree at the proper level in the hierarchy depending on whether it is a reseller or customer.
If you are processing a large number of organizations in a batch, you can improve the performance of this procedure by not returning all the data, which is significant, from the procedure. If you review the usage examples below, the following before transform:
<after source="executeData" destination="data" mode="merge"/>
This results in all output data being returned in the response message. If, for example, you only need to know the path of the organization object, you can limit the amount of data that needs to be marshaled back with a transform as follows:
<after source="executeData" sourcePath="org/@path" destination="data" destinationPath="path" mode="merge"/>
Modifications from [Previous Version]
<mailStore algorithm="minStoreCount"> (optional) Only used when <sourceMailStores> is not supplied. Possible values of the "algorithm" attribute are "tightPack" and "minStoreCount", with "tightPack" as default. TightPack attempts to use the smallest number of mail stores for the system as a whole, with the tradeoff that each individual org may span more mail stores. MinStoreCount attempts to minimize the number of stores allocated to each org, with the tradeoff that the system as a whole may require more stores. MinStoreCount uses stores with the largest available space first, and tightPack uses stores with the smallest available space first. If the <shared> parameter is 0, then this parameter has relatively little effect, since every share considered is completely empty.
<mailStore><shared> If this parameter is 0, the organization is given one or more mail stores which will not be shared with other organizations. (Unshared mail stores are those which were added using AddExchangeResources with their <shared> parameter as 0.) If the <mailStore><shared> parameter is 1, mail storage will be allocated from one or more shared mail stores. Shared mail stores may or may not be shared with other organizations. This parameter is ignored if <sourceMailStores> is supplied.
<sourceMailStores> (optional) If this parameter is supplied, then the automatic allocation behavior is overridden, and the <mailStore><megabytes> parameter is ignored. The <sourceMailStores> parameter specifies a set of mail stores to be allocated to this org. If any of the specified stores is unavailable or has insufficient storage, then the entire call will fail. The total mail storage allocation for the org will be the total of the <megabytes> parameters in all of the supplied <sourceMailStore> parameters.
<sourceMailStore/serverName> The name of the explicitly allocated store's server.
<sourceMailStore/mailStoreName> The name of the mail store on the server.
<sourceMailStore/megabytes> The storage to allocate on this mail store.
<SMTPDomain> (optional) The primary SMTP domain for this organization.
<availablePlans>/<planName> (optional) One or more valid service plan names. Determines which service plans are available to users of the organization.
<properties>/<property>: One or more Active Directory attributes that are valid for an object of the oganizationalUnit class.
Procedure Steps
MPS Import::EnableOrganizationForHosting
MPS Import::EnableCustomerForPlans
Hosted Exchange::ExchangeEnableOrganization (conditional) if mailStore node is supplied.
Hosted Exchange::AddAvailablePlans (conditional) - If availablePlans node is supplied.
Managed Active Directory::ModifyOrganization (conditional) - If properties node is supplied.
Security
Impersonate caller
Sample Code
Example XML Request
<request> <procedure> <execute namespace="MPS Import" procedure="ImportOrganization" impersonate="1"> <executeData> <path>LDAP://OU=alpineskihouse,OU=consolidatedmessenger,OU=Hosting,DC=fabrikam,DC=Com</path> <policyName>customer</policyName> <preferredDomainController>AD01.fabrikam.com</preferredDomainController> <mailStore> <megabytes>100</megabytes> <shared>1</shared> </mailStore> <SMTPDomain>alpineskihouse.com</SMTPDomain> <availablePlans> <planName>BaseMail</planName> <planName>GoldMail</planName> <planName>PlatinumPlusMail</planName> </availablePlans> </executeData> <after source="executeData" destination="data" mode="merge" /> </execute> </procedure> </request>
Minimum XML Request
<request>
<procedure>
<execute namespace="MPS Import" procedure="ImportOrganization" impersonate="1">
<executeData>
<policyName>customer</policyName>
<path>LDAP://OU=alpineskihouse,OU=consolidatedmessenger,OU=Hosting,DC=fabrikam,DC=Com</path>
<preferredDomainController>AD01.fabrikam.com</preferredDomainController>
</executeData>
<after source="executeData" destination="data" mode="merge" />
</execute>
</procedure>
</request>
The minimal usage shown above will only have the following effects on the specified organization:
Creates all necessary child OUs for Hosting configuration.
Creates security groups.
Sets group memberships with parent organizations.
Sets security ACLs on object.
Creates a record for the organization in the plans database.
Example XML Response
Shown for format only; content may vary.
<response>
<data>
<path>LDAP://OU=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com</path>
<policyName>customer</policyName>
<preferredDomainController>AD01-Wh.fabrikam.Com</preferredDomainController>
<mailStore>
<megabytes>100</megabytes>
<shared>1</shared>
</mailStore>
<SMTPDomain>MPSImportOrg02.com</SMTPDomain>
<availablePlans>
<planName>BaseMail</planName>
<planName>GoldMail</planName>
<planName>PlatinumPlusMail</planName>
</availablePlans>
<org path="LDAP://ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="MPSImportOrg02">
<otherWellKnownObjects>
<obj wkName="ThisOrganizationRoot" name="LDAP://ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="ForeignOwnerOrg" name="LDAP://OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="UserCreators" name="LDAP://cn=Admins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="ChildOrgCreators" name="LDAP://cn=CSRAdmins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="OrgType" name="LDAP://cn=customer,cn=WatOrgTypes,cn=_Private,ou=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="MultiGroupPointer" name="LDAP://cn=MultiGroup,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
</otherWellKnownObjects>
<orgs>
<org path="LDAP://cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="_Private" class="container">
<otherWellKnownObjects>
<obj wkName="ThisOrganizationRoot" name="LDAP://ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
<obj wkName="OrgType" name="LDAP://cn=private,cn=WatOrgTypes,cn=_Private,ou=Hosting,DC=fabrikam,DC=com">
</obj>
</otherWellKnownObjects>
<orgs>
<org path="LDAP://cn=MultiGroup,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="MultiGroup" class="container">
<orgs>
<org path="LDAP://cn=UserN,cn=MultiGroup,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="UserN" class="container">
<orgs>
<org path="LDAP://cn=AllUsers@MPSImportOrg02,cn=UserN,cn=MultiGroup,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllUsers@MPSImportOrg02" class="container">
<otherWellKnownObjects>
<obj wkName="MultiGroupPointer" name="LDAP://cn=AllUsers@MPSImportOrg02,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</obj>
</otherWellKnownObjects>
</org>
</orgs>
</org>
<org path="LDAP://cn=ChildOrgN,cn=MultiGroup,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="ChildOrgN" class="container">
</org>
</orgs>
</org>
</orgs>
<groups>
<group path="LDAP://cn=AllUsers@MPSImportOrg02,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="AllUsers@MPSImportOrg02">
<memberOfGroup name="LDAP://cn=AllCustomers@MPSImportRes01,cn=_Private,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</memberOfGroup>
</group>
</groups>
</org>
</orgs>
<groups>
<group path="LDAP://cn=Admins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="Admins@MPSImportOrg02">
<memberOfGroup name="LDAP://cn=AllCustomerAdminsGroups@MPSImportRes01,cn=_Private,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</memberOfGroup>
</group>
<group path="LDAP://cn=CSRAdmins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=Com" name="CSRAdmins@MPSImportOrg02">
<memberOfGroup name="LDAP://cn=AllCustomerCSRAdminsGroups@MPSImportRes01,cn=_Private,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com">
</memberOfGroup>
<dacl>
<ace>
<inheritance>NO_INHERITANCE</inheritance>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<trusteeType>0</trusteeType>
<trusteeForm>0</trusteeForm>
<trustee>S-1-5-10</trustee>
<mode>GRANT_ACCESS</mode>
</ace>
</dacl>
</group>
</groups>
<dacl>
<ace>
<permission>ADS_RIGHT_DS_LIST_OBJECT</permission>
<trustee>LDAP://cn=AllUsers@MPSImportOrg02,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_ACTRL_DS_LIST</permission>
<permission>ADS_RIGHT_DS_READ_PROP</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=AllUsers@MPSImportOrg02,cn=_Private,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=Admins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<permission>ADS_RIGHT_DS_WRITE_PROP</permission>
<permission>ADS_RIGHT_WRITE_DAC</permission>
<permission>ADS_RIGHT_DS_SELF</permission>
<permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>
<permission>ADS_RIGHT_DS_CREATE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_TREE</permission>
<permission>ADS_RIGHT_DELETE</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=CSRAdmins@MPSImportRes01,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_DS_WRITE_PROP</permission>
<permission>ADS_RIGHT_READ_CONTROL</permission>
<permission>ADS_RIGHT_WRITE_DAC</permission>
<permission>ADS_RIGHT_DS_SELF</permission>
<permission>ADS_RIGHT_DS_CONTROL_ACCESS</permission>
<permission>ADS_RIGHT_DS_CREATE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_CHILD</permission>
<permission>ADS_RIGHT_DS_DELETE_TREE</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trustee>LDAP://cn=Admins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
<ace>
<permission>ADS_RIGHT_GENERIC_ALL</permission>
<inheritance>11</inheritance>
<inheritedObjectTypeName>{BF967ABA-0DE6-11D0-A285-00AA003049E2}</inheritedObjectTypeName>
<trustee>LDAP://cn=CSRAdmins@MPSImportOrg02,ou=MPSImportOrg02,OU=MPSImportRes01,OU=Hosting,DC=fabrikam,DC=com</trustee>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_OBJECTS_AND_SID</trusteeForm>
<mode>GRANT_ACCESS</mode>
</ace>
</dacl>
</org>
</data>
</response>
Applies To
- Hosted Messaging and Collaboration version 3.5