Configuration Guide

Synchronizing the Exchange global address lists using GALSynch Advanced

Before starting, please make sure you have the latest version of GALSynch Advanced available - to check for the latest version, please refer to http://www.uidsystems.com.

Prerequisites

• GALSynch Advanced isinstalled (the dotNET 2.0 framework is required for GALSynch to run)
• You have a little background of Active Directory and can call for help on issues like "creating an organizationalUnit", ...

Background Information

GALSynch Advanced works using the following principles:

• Finding address book entries, objects located in an Active Directory (either user objects, group objects, object representing public folders or contact object) - Optional GALSynch Advanced applies a delta analysis algorithm to find only those items that have been created or changed since the last run of GALSynch Advanced.
• Looking up matching items of the target address book to identify whether the object already has been synchronized and now only needs updating.
• Applying data checking rules, e.g. to verify that attributes with a unique constraint are not is use with more than one object at a time.
• Applying data transformation, e.g. for adjusting mail addresses whilst replicating the item from one mail domain to the other.
• Creating or updating o bject in the target address book.
• Logging and reporting.

With thisproduct you can not only configure, which Active Directory server to use, but also, you will be requested to supply an Active Directory container object for the source and for the target.

Source: By selecting a container, you can chose to only replicate items that are located within an area in the Active Directory, rather than looking for object in the entire domain.

Target: By selecting a container in the target, you can define where GALSynch Advanced isgoing to create / update the objects in the target address book holding Active Directory domain.

Technical Requirements

Synchronization user account rights required

When setting up GALSynch Advanced you will be requested to supply user credentials for the Active Directory server connections for both address book holding Active Directory servers.

User credentials can be different fro reading and for writing. You will need the following:

Synchronization from address book A to address book B

• User credentials with Read right for those objects that will be looked up in the address book holding Active Directory server A
• User credentials with Write rights (object creation, attribute change and object deletion) in that container where GALSynch Advanced is going to create / update objects. You will also be asked to select the container where objects are to be stored in the address book holding Active Directory server B, so write rights can be limited to exactly that container.

Note: You can select both, the object type that will be created and secondly, the attribute that will be written to, so rights can be limited to those if required.

Synchronization from address book B to address book A

• User credentials with Read right for those objects that will be looked up in the address book holding Active Directory server B
• User credentials with Write rights (object creation, attribute change and object deletion) in that container where GALSynch Advanced is going to create / update objects. You will also be asked to select the container where objects are to be stored in the address book holding Active Directory server A, so write rights can be limited to exactly that container.

Note: You can select both, the object type that will be created and secondly, the attribute that will be written to, so rights can be limited to those if required.

Active Directory attributes

Although you can select the attributes that will be replicated, GALSynch Advanced required the following attributes to store general synchronization information:

Description - GALSynch Advanced will use the field description to store change indicator information for that object, so GALSynch Advanced can determine whether object information has changed since the last synchronization run and will need updating.

Info - GALSynch Advanced will use the field info to store a unique ID of the synchronization. GALSynch Advanced will use this information to determine whether the object in question has been created by the current synchronization run and will use that information to determine object deletion requirements (deprovisioning). Objects with a unique ID other than of the current synchronization (created by other synchronization tasks, objects created manually in the target container, ...) will not be deleted.

Synchronization Configuration

• Start GALSynch Advanced (there should be a link in the start menu)
• You will be greeted with an welcome window which enables you to see the license status of the product

• Click Next - You will see the configuration window you add or remove synchronization tasks for GALSynch Advanced to be carried out.

• Select the first synchronization ‘GAL Synchronization (from A to B)' from the list and click configure - you will be presented with the window where all options for this synchronization (A->B) are defined. Later we will define the synchronization in the other direction.

Explanation of configuration options

Description

You can enter a brief description of this synchronization task which will also be shown in the list of synchronizations (previous screen)

Connection settings

Configure Source Connection

This is the server (Active Directory Domain Server) which will be used to query the items in the source address book.

You must click on the button to configure the connection details for GALSynch Advanced to connect to the server. When configuring the connection details you will be asked to first provide server name, username and password, and then to select a container object in the hierarchy of objects found on the domain server. This is the container from where GALSynch Advanced is starting its search for mail related objects downwards.

Configure Destination Connection(s)

This is the one server or the list of servers (Active Directory Domain Server) which will be used to create or update the items in the target address book.

You must click on the button to configure the connection details for GALSynch Advanced. A window where you add as many target address book holding servers as required is shown. Please add at least one target directory connection. When configuring each connection details you will be asked to first provide server name, username and password, and then to select a container object in the hierarchy of objects found on the domain server. This is the container where GALSynch Advanced will be saving the contact objects created in this example (Note: You can define for yourself whether GALSynch Advanced should create contact objects, user objects or group object in the target address book Active Directory).

Object specific options

You can select which type of objects to replicate (users, groups, public folder information or contacts) and also can defined the type of object GALSynch Advanced is going to create in the target address book.

In this example we will be creating contact objects in the target address book (standard case).

If you require users to be created as users (e.g.: if you desire not to show them to be external contacts with a world icon, or need to enable them as Windows user account) you can select that user objects are to be created as user objects. Note, that user objects will require some specific attributes to be set, like the samAccountName, otherwise Active Directory will not allow them to be created (Constraint violation).

Also, if you want to create group objects as groups (e.g.: to show the members) you can do so, as well. Also, note, that group objects need specific attributes to be present for creation, like the groupType. It is recommended to create group objects with a groupType of ‘4' = universal distribution group, as it can not be used to assign Windows account rights. To replicate the members of the group, you will have to add members as an attribute in the attribute flow designer and need to select ‘Reference DN attribute". GALSynch Advanced will then replicate the members and look up each in the target address book, resolving the membership to a matching user/contact object in that Active Directory.

Additional Query options

GALSynch Advanced allows you to define additional search filters when looking up objects in the source address book. This enabled you to only replicate those objects required, e.g.: you can replicate only objects that are from a specific department, ...

Click on the display filter ‘Additional query:...' to open up the query designer. You will be presented with a window where you can enter you LDAP filter expression. After changing the filter expression you can preview the results of you filter, thereby checking first, whether the filter expression is valid, secondly, whether you have defined a filter that only includes those objects that you like to be replicated.

For the filter entered, GALSynch Advanced will display those objects matching and will show each of the attribute that have been included in the attribute flow designer. Please note: You will have to set the source connection details before previewing the filter results, otherwise you will encounter an error message, as GALSynch Advanced cannot connect to the address book holding Active Directory server.

Note: GALSynch Advanced will automatically add the filter for the object type, e.g.: users, groups, publicFolder or contacts.

Attribute flow

For each object type you can define the attributes to replicate: The default setup will already include the most commonly used communication attributes. You can add, change or deleted any attribute mapping as required (Note: Some attribute might be required for the selected object type to be created, e.g.: user:samAccountName, group:groupType, ...)

When adding or changing an attribute flow you have the option, to either use direct mapping of the attribute value. In this case GALSynch Advanced will replicate the value of the attribute from the source object to the target object, not changing the value during the synchronization. Alternatively, you can also cause GALSynch Advanced to perform rich calculations using VBScript, thereby calculating the new attribute value on the fly, e.g.: assigning a fixed value to an attribute, or adding string identifier.

Note: whilst running an evaluation version of GALSynch Advanced you cannot change the attribute mapping for givenName, sn and displayName.

Now, configure the same options for the replication from address book B to address book A - vice versa. Again, you will need to provide the connection details for source and target(s) and check filter, object tpye selection and attribute flows.

Finalizing synchronization setup

You have now setup connection details for the source address book, the destination address book(s), the filter when searching for objects in the source address book, the type of objects to create and the attributes to replicate.

When clicking the next button, you will be presented with additional options for your synchronization.

Additional Options

Reporting options

GALSynch Advanced has a built in reporting engine that can inform you using e-mail either when a changed occurred for every synchronization run. Note: GALSynch Advanced will send an e-mail for every synchronization task, e.g.: "Synchronizing User objects from A to B", ... It will also include the log file as an attachment to the reporting mail.

You can configure whether logging should be detailed (attribute level) or not (object level logging) and whether to send reporting e-mails. Note: Reporting e-mails can be send to more than one recipient by providing multiple recipient addresses, separated by colon ‘;'.

Print configuration report

If required you can view and print a configuration report than includes all configuration settings for the GAL synchronization. If you click the command a new internet browser window will open showing the report.

View license requirements

If you decide to purchase a license for GALSynch Advanced you can click the command to view the list of domains that will need licensing. Please copy the entire list and send it along you license request. Note: Licensing is based on domain context, so the list might contain more entries than the number of domains.

Create configuration backup

If you require backup of your current configuration, you can use this option to create and store a copy of your configuration. Also you can use this option if you want to try out different settings.

Revert to backup configuration

Use this command to load the configuration from a previously stored configuration file. Note: To finally enable and use the loaded configuration you must close the wizard by clicking finish.

Test synchronization

After all configurations have been made, you can use the Test Mode to check you settings. A new window will open, where you can view any task performed by GALSynch Advanced.

Not: Whilst running a test, no changes will be committed. This might result in that some errors (e.g.: constraint violations of the target directory) might not be shown yet.

If you encounter any error you might need to check your synchronization settings or contact us - we will be happy to assist you in setting up your synchronization (please include the log files for analysis)

Run synchronization

When configuration is finished and Tests have been successful you can run your synchronization. The Run Mode enables you to interactively run your synchronization whilst watching all change, equivalent to the Test Mode, but this time, changed will be committed.

Note: This option is only for interactively running your synchronization and to determine whether there are any errors. For repeated synchronizations you will use a scheduled task that will run your synchronization without GUI.

Finish

When finished configuring and testing your synchronization you must click Finish to save all changes performed. This includes the case when you revert to another configuration file.

Automated run of your synchronization

To run your GAL synchronization automatically, you will need to defined a scheduled task. Open control panel à schedules tasks and define a new task.

lt;/p>

Application to execute:

"[InstallationDirectory]\GALSynchAdvanced.exe" -RUN

User:

No specific user required, as you have defined those user accessing the directory within GALSynch Advanced. Provide a user that can access the installation directory of GALSynch Advanced with write rights, which can execute applications.

Interval:

GALSynch Advanced is very quick when synchronizing your address books, especially when running delta mode. You should easily be able to run synchronizations every 15 minutes if required. (Note: Active Directory and Exchange itself do have a replication interval of 15 minutes by default, so it does not make much sense having shorter intervals for GALSynch Advanced, even if possible)