Articles in this section

Configuration

Avatar
Alvin
  • Updated
Follow

Control Panel

  1. Log into the control panel, https://cp.emmcloud.com .
  2. Click "Directory Synchronization".
  3. Click "Service".
  4. Click the "Service Configuration" tab.

Here you find three sections.

Service User

Services assigned automatically: Exchange and or Sharepoint will show when their sections are enabled.

New Users: Defines what state new user are create in.

Synchronize Enabled/Disabled: Defines wheter to sync the users state from your AD.

Attempt to keep source domain: Will try to keep the users login(UPN) from your AD.

Default domain for login names: Will use this domain for users login.

Conflict Resolution Policy: Specifies how the conflicts will be revolved.

  • Resolve manually: The conflicting object will show in the Synchronized Objects Page. The conflict can be resolved in your AD, then run sync again.
  • Overwrite: The objects data will overwrite the corresponding hosting object.

Deleted Object Policy: Defines how to handle object deleted from external AD.

Exchange

Assign Automatically: Defines whether to assign the Exchange hosting automatically.

Automatically Create Mailbox: The mailbox for the synced user will be created automatically.

Primary E-mail Address Pattern: Defines hot the e-mail addresses will be named.

Secondary E-mail Address Pattern: Defines a second e-mail address.

Initial Mailbox size: The size of the created mailbox.

The following services can be enabled for a mailbox,

  • Outlook Web Access
  • Oullook Access
  • ActiveSync
  • IMAP4
  • POP4

Sharepoint

If enabled, It will add the user with the specified roll to all sharepoint sites.

Workstation with Directory Sync installed

All settings are kept in a text file called "ADSync.exe.config".

  • x64: "C:\Program Files\Parallels\Directory Integration"
  • x32: "C:\Program Files (x86)\Parallels\Directory Integration"

The best way to read this file is with Microsoft's XMLreader 2007. Its free.

Queries

Directory Sync uses LDAP queries to retrieve objects from AD. If you're not familiar with searching AD with LDAP queries, it highly recommended you read through the following Microsoft article. Especially the sections, "Basic Qeury Syntax" and "Doing a Search Using Active Directory Users and Computers.

LDAP Query Basics

This article will help you gain a better understanding of how LDAP queries are used by the synchronizatoin agent to find AD objects.

The default query can be found in ADSync.exe.config under Configuration > ADSync.Settings > OrganizationUnits > Units > Unit > Qeury. Multiple Unit sections can be added for customized queries.

Default Query:

(&(|(&(objectClass=contact)(|(targetAddress=*)(mail=*)))(objectClass=user))(|(displayName=*)(mailNickname=*)(givenName=*)(sn=*)))

This query will return all contacts who's targetAddress,mail,displayName,mailNickname,givenName,sn fields are populated. And it will return all users who's displayName,mailNickname,givenName,sn fields are populated. The base of the query is the entire domain.

Units

Each Unit can have all or one of following options.

Root: Specify the distingquished name of the Organizational Unit to use as the root of the LDAP query. If not specifed, the root of the domain will be used.

Query: Specify the LDAP query. If not specified all objects classes will be returned.

DomainController: Specify the DC FQDN to use. example dc01.mydomain.local .

Example:
Domain Hiearchy:
<screen shot>

Distinquised Names
DepartmentA: OU=DepartmentA,DC=beta,DC=local
DepartmentB: OU=DepartmentB,DC=beta,DC=local
Sales: OU=Sales,OU=DepartmentA,DC=beta,DC=local
Support: OU=Support,OU=DepartmentA,DC=beta,DC=local
Developement: OU=Developement,OU=DepartmentB,DC=beta,DC=local
Project Managers: OU=Project Managers,OU=DepartmentB,DC=beta,DC=local

Qeuries
Only Users:

(&(|(objectClass=user))(|(displayName=*)(mailNickname=*)(givenName=*)(sn=*)))

Only Contacts:

(&(|(&(objectClass=contact)(|(targetAddress=*)(mail=*)))(|(displayName=*)(mailNickname=*)(givenName=*)(sn=*)))

Only Users and Contacts where displayName begins in "John"

(&(|(&(objectClass=contact)(|(targetAddress=*)(mail=*)))(objectClass=user))(|(displayName=John*)(mailNickname=*)(givenName=*)(sn=*)))

DomainControllers
Root Domain: beta.local

SubDomain: customers.beta.local

Properties
The default properties synced for each object can be found under Configuration > ADSync.Settings > OptionalProperties > Properties. All properties supported are already listed. To customize, comment or remove any unwanted properties.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk