Mitel 5000 Email Sync - Enhanced Integration User Accounts & Passwords

[it@afolino.com]

We currently have our 5000 email sync set to "forward & copy" but would like to change this to enhanced integration to take advantage of removing messages from the phone when we delete them from email and vice-versa. We are running Exchange 2010.

My question:
Can I setup an active directory account named say "MitelAdmin" and grant it full mailbox permissions in exchange, and use that username and password in each user's mailbox (but their email of course)?

It seems the default method is entering the user's username and password manually into the db programmer for each user. We enforce a strong password policy here and our users change their passwords frequently.

I would prefer to #1 - not know the user's passwords, and #2- to not have to manually change user's passwords in the db programmer everytime they change passwords.

What's the best practice on this? How are you guys doing it? I can't imagine an organization with hundreds of users entering and maintaining these passwords manually.

Thanks

[akuhn]

This is a great question.  The reason we didn't implement this is exactly as you say.  How can you update the password if you change it every 90 days? 

The thought of setting up a superuser with one password is an excellent idea, but you'd really need to be a good Exchange/AD person to know the answer.  I only know enough to be dangerous.

[Tech Electronics]

it@afolino.com,

The reason for using the individual user's username and password is so we can get and send information to and from the mailbox to keep it updated on changes. Your method would require that the account you are talking about be allowed to access and make changes to the user's account as though they were the user themselves. This kind of defeats the purpose of your user's needing to change their passwords every so often. You could set it up so that users can access their webpage for the phone system and change it themselves.

Thanks,

TE

[akuhn]

I just can't imagine a user changing their Mitel Password in order to match their AD password.  That would be an admin nightmare.  Changing your AD password is understood by staff.  But changing your phone password so the linkage between your phone and AD works...I just can't imagine that working.  That's why I'm intrigued by the idea of a Phone super user that works across all accounts.  But I don't know if that would even work, nor have I thought of the consequences.

For me personally, I do forward only.  No messages on the phone.

For staff, I offer that, but most folks don't take me up on it.  They have their VM on the phones, as well as email messages with audio files.  No one has complained about having to delete messages twice. 

[it@afolino.com]

Ok, I tested it and unfortunately it doesn't work.

I setup an AD account named "miteladmin" with a very strong password and granted it full rights to my mailbox in exchange. I then changed my mailbox in the 5000 to enhanced integration, entered the miteladmin username and password, but left my email.

I received the 'welcome to email synchronization' email from the controller which was promising, but the voicemails don't forward.

In hindsight, the controller is obviously using the username to open the mailbox like one would when logging into OWA and so this idea would never work. It's a shame that this is the case, as it means we will be leaving our org on forward & copy instead.

Way back when I was running an Exchange 2000 environment we ran BES (Blackberry Enterprise Server) against it, and it used the scheme I proposed in my original post. You would create a BESAdmin account, grant it rights across the exchange org, and then it would handle message administration across all the users. I believe it still works that way (although I've been lucky enough to not have to touch a blackberry in years.)  I was hoping for a similar scheme within the Mitel environment, but it looks like today isn't my day for it.


Thanks for everyone's input regardless, it is appreciated.

[akuhn]

Maybe Mitel can buy RIM and use that technology to do exactly what you're suggesting.  If they wait long enough, they'll be able to afford it, since RIM won't be worth much.

[bluewhite4]

it@afolino.com,
The method you describe is actually one of the ways that you can integrate full UM support with Mitel's NuPoint voicemail system with Exchange. You create a superuser account with privileges to all the other email accounts, and then its able to maintain sync.

Don't know if they'll bring that to the 5000, but its definitely something they should consider.

[gr8whtd0pe]

I came here looking for exactly this. We just implemented a password policy and I would really hate to make users change their passwords every 90 days. Also, our web is disabled thanks to getting hacked last month.

Any updates?