In the source Active Directory there is a user with a mailbox, included in the scope of the synchronization and directory sync is started. What exactly is done in the target Active Directory to create a user with a mailbox?
For successful mailbox-enabling of the target object the following conditions have to be met:
1) Under the corresponding domain pair in the properties of Synchronization, the Apply Exchange Options checkbox should be checked on Specify Exchange Options page.
2) Source user should be mailbox-enabled and reside in the scope of the synchronization.
3) Corresponding target user to be synchronized to should already exist or Directory Synchronization should be allowed to create objects.
4) Exchange Recipient Update Service should be functioning properly in the target Exchange organization.
5) There should be no errors when creating the target user or synchronizing its password and setting sidhistory, otherwise directory sync will stop working on the user before reaching the mailbox-enabling stage.
For a one-way sync from source to target with all the above conditions met, the following actions are taken by Directory Synchronization Agent (DSA):
1) DSA scans the source active directory for modified objects and finds a mailbox-enabled user in the scope of synchronization.
2) If a matching user is found on the target side, DSA merges with existing user, if not, a new user is created.
3) If Merge objects with corresponding contacts option is enabled in the User Interface, the target contacts conflicting by targetAddress attribute will be deleted. Additionally the LegacyExchangeDN attribute of the contact being deleted is copied to the proxyaddresses of the new object as a secondary x500 address. Contact membership in groups located within the same domain is copied to the newly created object.
Please note that this option can only be used for contacts located in the domain DSA is synchronizing to. Attempt to remove a contact in another domain within the forest will return a referral and fail. More detail is available in solution SOL27288 -https://support.quest.com/SUPPORT/index?page=solution&id=SOL27288
4) All values in source proxyaddresses attribute except MBX: addresses are copied to the target. Primary SMTP and X400 addresses are copied as secondary. This is done to avoid potential conflicts with Recipient Update Service, as it is the RUS policy that determines which address should be primary. Directory Synchronization only synchronizes the addresses themselves but not their primary or secondary state.
5) A new x500 address is added to the source user and the value is a LegacyExchangeDN attribute of the target object. This is to establish the matching for the Mailbox and Calendar Synchronization Agents and allow resolution of the From: addresses in the emails going through the redirectors.
6) Mailnickname attribute is copied from source to target user.
7) LegacyExchangeDN attribute is created for the target user. Prefix is taken from the LegacyExchangeDN of the administrative group for the mailbox store selected on the Specify Exchange Options page in the Synchronization properties. The suffix cn=Recipients/cn=<username> where username is taken from the source obejct's primary smtp address prefix (everything before the @ sign).
Please see additional information on this process in the Quest Knowledge Base:
Solution SOL17813 - LegacyExchangeDN attribute of the objects created by DSA has random numbers at the end. -https://support.quest.com/SUPPORT/index?page=solution&id=SOL17813
Solution SOL18351 - Quest Migration Manager (QMM) DSA is looping while trying to resolve a conflict -https://support.quest.com/SUPPORT/index?page=solution&id=SOL18351
8) homeMDB and homeMTA attributes are set by DSA.
9) {26491CFC-9E50-4857-861B-0CB8DF22B5D7} value is removed from msExchPoliciesExcluded attribute if it exists, which is an equivalent of selecting Automatically update e-mail addresses based on recipient policy checkbox on the target user.
More information regarding this can be found in Microsoft KB article 318072: XADM: Update E-Mail Addresses Based on Recipient Policy -http://support.microsoft.com/default.aspx?scid=kb;en-us;318072
10) Redirection is set up from target to source user using targetAddress attribute and the redirection templates specified on the Specify Exchange Options page in the Synchronization properties. The targetAddress of the target object is set to <user alias>@<source.smtp.template> and a new smtp address <user alias>@<source.smtp.template> is added to the list of source objects proxy addresses.
More detail on the redirectors is available in Solution 14915 - How does the Mailbox redirection work in Quest Migration Manager for Exchange? - https://support.quest.com/SUPPORT/index?page=solution&id=SOL14915
11) RUS is processing system Mailbox Enable User policy. The filter that is placed on this policy by Exchange setup will match any user who has both mailnickname and any one of either homeMDB, homeMTA, or msExchHomeServerName attributes set. Since there are two attributes required by the Default policy, and these exist right after the DSA has processed the object (mailNickName and homeMTA or homeMDB), this policy is applied and RUS completes mailbox enabling of the target user via populating missing Exchange attributes.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center