Active Role Synchronization for GAL entries

Hello,

I'm hoping someone can provide any information or experience on syncing a GAL between two Exchange environments.

Right now I am just creating a contact in the target domain using a user account info from the source and giving the contact the target address of the source domain account. I create the contact but still need to run a script on the target side to mail-enable the contact. Has anyone ever used the sync between two Exchange environments to create a mail contact that is mail enabled? Or anyone know a easy way to sync the GAL?

I've mostly worked with the domain sync between two domains. I just need to sync one way for the GAL to have entries from the Source domain to the Target.

FYI: I'm not an Exchange Admin and inexperienced with Exchange side of the house.

Thanks for any advice or guidance in advanced.

Thank you,

Lu

Parents
  • Are you using Quick Connect or the Synchronization Service to create the Contacts in the Target environment? Assuming the follow-up script the you are running on the Target side Contact is Enable-MailContact with the ExternalEmailAddress parameter? Within the Source->Target sync process, along with Firstname, Lastname... have your sync process also populate the TargetAddress attribute on the Target Contact with the Source object's email address. This should allow you to not have to run any follow-up scripts.

Reply
  • Are you using Quick Connect or the Synchronization Service to create the Contacts in the Target environment? Assuming the follow-up script the you are running on the Target side Contact is Enable-MailContact with the ExternalEmailAddress parameter? Within the Source->Target sync process, along with Firstname, Lastname... have your sync process also populate the TargetAddress attribute on the Target Contact with the Source object's email address. This should allow you to not have to run any follow-up scripts.

Children
  • I missed the part in your post where you said you are already populating the TargetAddress attribute. Can you provide a little more info on how this GAL sync has been implemented and I can check how I've configured this previously and see what else may have been done.

  • Richard is on the right track here - the issue is likely the fact that the contacts are not actually being mail enabled in the target environment.  Populating the TargetAddress property alone is not enough.  You need to fire the Exchange cmdlet "Enable-MailContact" against each object.

    One way you could achieve this is to use a script activity contained in an Active Roles Change Workflow that is launched by the action of creating the contact.

    You can tell that a contact is "good" or "ready" by the fact that it has a LegacyExchangeDN property.

    Hope this helps.

  • You are correct JohnnyQuest. In going over some configuration notes I have when setting this up previously and I had configured a Post-Sync script in Quick Connect/Synchronization Service to mail enable the newly created Contacts. And as JohnnyQuest said, configuring a Change Workflow in Active Roles would also accomplish the same results. Therefore Lu, running a post-creation script against the newly created Contacts needs to be done to mail enabled them. And as you can see, there are a few ways you can automate the running of said email enablement script.

  • Thank you both for the advice. I will see the process on post-script on doing this. Have you ever had to run this type of post-script? The initial run for a new run will have around 44k contacts to mail-enable. After that the daily run will probably create 5 a day. I'm not worried about the 5 a day but will the initial run take some time on the Job Server? I guess I can plan to have the Exchange team run the initial sync with a script on the Exchange side. 

    I also notice with Active Roles Synchronization Service there is a Exchange connection and a option to create a mapping with Default Global Address list. I'm thinking that is the entire GAL and would not be something I should consider investigating. Is there anything documented or some advice on what the Exchange connector can be used for?

    Thanks again! Lu

  • Yes, running this type of post script is expected. It is necessary to complete the mail enablement of the Contact object in the target Exchange Org.

    I too would expect the initial sync to take some time to complete with 44k objects. You could consider breaking the initial sync into chunks of objects by populating a certain number of the source objects with a specific value on an attribute and use this attribute/value pair in source scoping for determining which objects to process.

    If you'd like to explore this route (which would need to be tested further in your environment), to possibly eliminate the need for a follow-up script, I was able to convert a Contact into a Mail Enabled Contact by utilizing the Exchange connector in the Sync Service. Create the Contacts in the target AD environment as currently implemented. Create a new Provisioning step and identify the source system as the target AD domain that contains the Contacts and the target system as the Exchange system, which is also in the same target environment. Mapping rule between these systems is mail=ExternalEmailAddress. Map the object types AD Contact to Exchange MailContact, and for the Creation Rules use mail->ExternalEmailAddress and displayName->Identity. This seemed successful at converting the Contacts into Mail Enabled Contacts in my lab, complete with the LegacyExchangeDN now being populated.

  • Richard,

    Awesome I will give that a try.

    Lu

  • This worked great... The only thing i had to add was after the creation of the contact I put in a powershell to sleep for 30 seconds. When provision was done it always did not see the user object right away.

    Thanks for the advice and helping out with this. I appreciate the support and help.

    Lu