• Home
  • Library
  • Wiki
  • Learn
  • Gallery
  • Downloads
  • Support
  • Forums
  • Blogs
Resources For IT Professionals
Microsoft Technet Image
United Kingdom (Proper English-like)
Skip to locale bar

    •  
    Wiki  >  TechNet Articles  > 
    • Article
    • History

    Using the FOPE Directory Sync Tool in a Non-Exchange Environment - TechNet Articles - United States (English) - TechNet Wiki

    If you do not have Exchange Servers in your environment, you might want to use Directory Edge Blocking but not want to use some data sync means like CSV or SFTP due to the overhead. If so, you can use an Active Directory Forest that is populated from a non Exchange Directory Service by using the Directory Syncronization Tool.  If so, there are certain necessary attributes in the AD Forest you must have to successfully use the Directory Sync Tool. Following are the attributes the tool uses in the AD query.
    •  givenName
    • sn (Surname)
    • proxyAddresses (The address must be in the form of "smtp:email@address.com" without the quotes in this attribute, also if you wish to control the Primary Email address within FOPE i.e. one used for Spam Quarantine access etc you should use a "SMTP:email@address.com" without the quotes for the primary and the uppercase SMTP will denote the primary to the DST tool)
    • msExchSafeSendersHash (not needed but we do sync it if available)
    • IsDeleted
    • objectClass
    • objectGuid
    • whenCreated

    The DST queries for those attributes for the following types of AD objects:

    • contact
    • group
    • inetorgperson
    • person
    • publicfolder
    • user

    To query to see what should be synced by DST run the following in your domain:

    dsquery * domainroot -filter "(proxyAddresses=*)" -attr proxyaddresses

    If you have more than 1 domain in your forest you may need to set the proxyAddresses attribute so that it replicates to the Global Catalog Partial Attribute Set as the DST only queries it's local DC/GC for accounts.  In order to do this you will need to do the following:

    • Open adsiedit.msc, in the Connection Settings modify the drop down for "Select a well known Naming Context" and select Schema.
    • Once this opens expand the top level and then click on the folder that starts with CN=Schema,CN=Configuration ... etc
    • Locate CN=Proxy-Addresses in the right hand window and right click and open properties for this item.
    • Scroll down and locate the isMemberOfPartialAttributeSet attribute and set this value to TRUE
    • Click OK through the rest and close out.  This may take a while to replicate through your forest depending on replication convergence times.
    • You should be able to run the following "dsquery * forestroot -filter "(proxyAddresses=*)" -attr proxyaddresses" to get a list of addresses that will be replicated by the DST from the entire forest following this change

    • C 2015 Microsoft Corporation. All rights reserved.
    • Terms of Use
    • Trademarks
    • Privacy Statement
    • [Copied from] v5.6.915.0
    • This page has been extacted by Pete Laker, Microsoft Azure MVP & Microsoft IT Implementer
    X