Configuration Guide
Synchronizing the Exchange global address lists using GALSync Pro
Before starting, please make sure you have the latest version of GALSync Pro available – to check for the latest version, please refer to http://www.uidsystems.com.
Prerequisites
- GALSync Pro isinstalled (the dotNET 2.0 framework is required for GALSync to run)
- You have a little background of Active Directory and can call for help on issues like “creating an organizationalUnit”, …
Background Information
GALSync Pro works using the following principles:
- Finding address book entries, objects located in an Active Directory (either user objects, group objects, object representing public folders or contact object) – Optional GALSync Pro applies a delta analysis algorithm to find only those items that have been created or changed since the last run of GALSync Pro.
- Looking up matching items of the target address book to identify whether the object already has been synchronized and now only needs updating.
- Applying data checking rules, e.g. to verify that attributes with a unique constraint are not is use with more than one object at a time.
- Applying data transformation, e.g. for adjusting mail addresses whilst replicating the item from one mail domain to the other.
- Creating or updating o bject in the target address book.
- Logging and reporting.
With thisproduct you can not only configure, which Active Directory server to use, but also, you will be requested to supply an Active Directory container object for the source and for the target.
Source: By selecting a container, you can chose to only replicate items that are located within an area in the Active Directory, rather than looking for object in the entire domain.
Target: By selecting a container in the target, you can define where GALSync Pro isgoing to create / update the objects in the target address book holding Active Directory domain.
Technical Requirements
Synchronization user account rights required
When setting up GALSync Pro you will be requested to supply user credentials for the Active Directory server connections for both address book holding Active Directory servers.
User credentials can be different fro reading and for writing. You will need the following:
Synchronization from address book A to address book B
- User credentials with Read right for those objects that will be looked up in the address book holding Active Directory server A
- User credentials with Write rights (object creation, attribute change and object deletion) in that container where GALSync Pro is going to create / update objects. You will also be asked to select the container where objects are to be stored in the address book holding Active Directory server B, so write rights can be limited to exactly that container.
Note: You can select both, the object type that will be created and secondly, the attribute that will be written to, so rights can be limited to those if required.
Synchronization from address book B to address book A
- User credentials with Read right for those objects that will be looked up in the address book holding Active Directory server B
- User credentials with Write rights (object creation, attribute change and object deletion) in that container where GALSync Pro is going to create / update objects. You will also be asked to select the container where objects are to be stored in the address book holding Active Directory server A, so write rights can be limited to exactly that container.
Note: You can select both, the object type that will be created and secondly, the attribute that will be written to, so rights can be limited to those if required.
Active Directory attributes
Although you can select the attributes that will be replicated, GALSync Pro required the following attributes to store general synchronization information:
Description – GALSync Pro will use the field description to store change indicator information for that object, so GALSync Pro can determine whether object information has changed since the last synchronization run and will need updating.
Info – GALSync Pro will use the field info to store a unique ID of the synchronization. GALSync Pro will use this information to determine whether the object in question has been created by the current synchronization run and will use that information to determine object deletion requirements (deprovisioning). Objects with a unique ID other than of the current synchronization (created by other synchronization tasks, objects created manually in the target container, …) will not be deleted.
Synchronization Configuration
- GALSync Pro must be run as administrator
- Start GALSync Pro (there should be a link in the start menu)
- You will be greeted with an welcome window which enables you to see the license status of the product
You will see the configuration window you add or remove synchronization tasks for GALSync Pro to be carried out.
The default template already has two synchronizations predefined, one synchronizing objects from address book to address book B, and the other vice versa. None of these have been configured yet. If you start GALSync Pro at a later time, you will find that synchronizations that you have been setting up.
- Select the first synchronization ‘GAL Synchronization (from A to B)’ from the list and click configure – you will be presented with the window where all options for this synchronization (A->B) are defined. Later we will define the synchronization in the other direction.
Explanation of configuration options
Description
You can enter a brief description of this synchronization task which will also be shown in the list of synchronizations (previous screen)
Connection settings
Configure Source Connection
This is the server (Active Directory Domain Server) which will be used to query the items in the source address book.
You must click on the button to configure the connection details for GALSync Pro to connect to the server. When configuring the connection details you will be asked to first provide server name, username and password, and then to select a container object in the hierarchy of objects found on the domain server. This is the container from where GALSync Pro is starting its search for mail related objects downwards.
Configure Destination Connection(s)
This is the one server or the list of servers (Active Directory Domain Server) which will be used to create or update the items in the target address book.
You must click on the button to configure the connection details for GALSync Pro. A window where you add as many target address book holding servers as required is shown. Please add at least one target directory connection. When configuring each connection details you will be asked to first provide server name, username and password, and then to select a container object in the hierarchy of objects found on the domain server. This is the container where GALSync Pro will be saving the contact objects created in this example (Note: You can define for yourself whether GALSync Pro should create contact objects, user objects or group object in the target address book Active Directory).
Object specific options
You can select which type of objects to replicate (users, groups, public folder information or contacts) and also can define the type of object GALSync Pro is going to create in the target address book.
In this example we will be creating contact objects in the target address book (standard case).
If you require users to be created as users (e.g.: if you desire not to show them to be external contacts with a world icon, or need to enable them as Windows user account) you can select that user objects are to be created as user objects. Note, that user objects will require some specific attributes to be set, like the samAccountName, otherwise Active Directory will not allow them to be created (Constraint violation).
Also, if you want to create group objects as groups (e.g.: to show the members) you can do so, as well. Also, note, that group objects need specific attributes to be present for creation, like the groupType. It is recommended to create group objects with a groupType of ‘4′ = universal distribution group, as it can not be used to assign Windows account rights. To replicate the members of the group, you will have to add members as an attribute in the attribute flow designer and need to select ‘Reference DN attribute”. GALSync Pro will then replicate the members and look up each in the target address book, resolving the membership to a matching user/contact object in that Active Directory.
Additional Query options
GALSync Pro allows you to define additional search filters when looking up objects in the source address book. This enabled you to only replicate those objects required, e.g.: you can replicate only objects that are from a specific department, …
Click on the display filter ‘Additional query:…’ to open up the query designer. You will be presented with a window where you can enter you LDAP filter expression. After changing the filter expression you can preview the results of you filter, thereby checking first, whether the filter expression is valid, secondly, whether you have defined a filter that only includes those objects that you like to be replicated.
For the filter entered, GALSync Pro will display those objects matching and will show each of the attribute that have been included in the attribute flow designer. Please note: You will have to set the source connection details before previewing the filter results, otherwise you will encounter an error message, as GALSync Pro cannot connect to the address book holding Active Directory server.
Note: GALSync Pro will automatically add the filter for the object type, e.g.: users, groups, publicFolder or contacts.
Attribute flow
For each object type you can define the attributes to replicate: The default setup will already include the most commonly used communication attributes. You can add, change or deleted any attribute mapping as required (Note: Some attribute might be required for the selected object type to be created, e.g.: user:samAccountName, group:groupType, …)
When adding or changing an attribute flow you have the option, to either use direct mapping of the attribute value. In this case GALSync Pro will replicate the value of the attribute from the source object to the target object, not changing the value during the synchronization. Alternatively, you can also cause GALSync Pro to perform rich calculations using VBScript, thereby calculating the new attribute value on the fly, e.g.: assigning a fixed value to an attribute, or adding string identifier.
Note: whilst running an evaluation version of GALSync Pro you cannot change the attribute mapping for givenName, sn and displayName.
Now, configure the same options for the replication from address book B to address book A – vice versa. Again, you will need to provide the connection details for source and target(s) and check filter, object tpye selection and attribute flows.
Finalizing synchronization backup
You have now setup connection details for the source address book, the destination address book(s), the filter when searching for objects in the source address book, the type of objects to create and the attributes to replicate.
Additional options
Reporting options
GALSync Pro has a built in reporting engine that can inform you using e-mail either when a change occurred for every synchronization run. Note: GALSync Pro will send an e-mail for every synchronization task, e.g.: “Synchronizing User objects from A to B”, … It will also include the log file as an attachment to the reporting mail.
You can configure whether logging should be detailed (attribute level) or not (object level logging) and whether to send reporting e-mails. Note: Reporting e-mails can be send to more than one recipient by providing multiple recipient addresses, separated by colon ‘;’.
Create configuration backup
If you require backup of your current configuration, you can use this option to create and store a copy of your configuration. Also you can use this option if you want to try out different settings.
Revert to backup configuration
Use this command to load the configuration from a previously stored configuration file. Note: To finally enable and use the loaded configuration you must close the wizard by clicking finish.
Print configuration report
If required you can view and print a configuration report than includes all configuration settings for the GAL synchronization. If you click the command a new internet browser window will open showing the report.
View license requirements
If you decide to purchase a license please contact sales@uidsystems.com.
Test synchronization
After all configurations have been made, you can use the Test Mode to check you settings. A new window will open, where you can view any task performed by GALSync Pro.
Not: Whilst running a test, no changes will be committed. This might result in that some errors (e.g.: constraint violations of the target directory) might not be shown yet.
If you encounter any error you might need to check your synchronization settings or contact us – we will be happy to assist you in setting up your synchronization (please include the log files for analysis)
Run synchronization
When configuration is finished and Tests have been successful you can run your synchronization. The Run Mode enables you to interactively run your synchronization whilst watching all change, equivalent to the Test Mode, but this time, changed will be committed.
Note: This option is only for interactively running your synchronization and to determine whether there are any errors. For repeated synchronizations you will use a scheduled task that will run your synchronization without GUI.
Finish
When finished configuring and testing your synchronization you must click Finish to save all changes performed. This includes the case when you revert to another configuration file.
Automated run of your synchronization
To run your GAL synchronization automatically, you will need to defined a scheduled task. Open control panel à schedules tasks and define a new task.
lt;/p>
Application to execute:
“[InstallationDirectory]GALSynchAdvanced.exe” -RUN
User:
No specific user required, as you have defined those user accessing the directory within GALSync Pro. Provide a user that can access the installation directory of GALSync Pro with write rights, which can execute applications.
Interval:
GALSync Pro is very quick when synchronizing your address books, especially when running delta mode. You should easily be able to run synchronizations every 15 minutes if required. (Note: Active Directory and Exchange itself do have a replication interval of 15 minutes by default, so it does not make much sense having shorter intervals for GALSync Pro, even if possible)
|