This section provides a step-by-step guide on how to set up GAL Sync for Microsoft 365 Hybrid Tenants.
To begin at least two (2) hybrid tenants must be configured in Power365 Directory Sync. Each hybrid tenant will consist a cloud environment and a local Active Directory environment. At the end of this section there will be two (2) hybrid tenants with four (4) local and cloud environments fully configured.
An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target hybrid environments.
To create a cloud environment, an Office 365 Global Administrator is required during set up for each tenant. During the initial set up, Power365 Directory Sync will create a new unlicensed user account within each tenant. This account is used to orchestrate some of the PowerShell automation related to directory synchronization services. This account will be created with the Exchange, User and Team Administrator Roles to facilitate its designated jobs.
The Global Administrator account used to set up the environments, is required for directory synchronization services, as it is used to facilitate Graph API related automation activities. The account role can be safely lowered to User, Team and Exchange Administrator once the previously mentioned PowerShell account is created.
To create a local AD environment for the hybrid tenant, the following are required
One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.
One (1) Windows Server to install and host the Power365 Directory Sync Agent.
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Cloud as the environment type, Click Next
Name the environment, Click Next
The Global Administrator credentials should be in-hand and ready
Click the Connect button
Login to Microsoft 365
Accept the requested Application Permissions
Select any discovery group(s) that will be used to determine which objects are part of the environment (See Pro Tip 1)
Do not place a check in the “INCLUDE OBJECTS SYNCHRONIZED WITH A LOCAL ACTIVE DIRECTORY VIA AZURE ACTIVE DIRECTORY CONNECT” option as this is a cloud environment with hybrid objects that originate in an On-Premises Active Directory. For hybrid objects, we will be utilizing Local to Local setup to perform the GAL Sync.
Click Next, then Finish
Repeat steps 3 – 12 for the next cloud environment
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Local as the environment type, Click Next
Name the environment, Click Next
Name the local agent, Click Next
Note the agent registration URL and registration Key for later use, click Finish.
Install the agent in the Windows Server that is joined to the local AD domain. Refer to Power365 Online Help Center for detailed information about agent installation and set-up requirements.
Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.
Under General Tab, select the Microsoft 365 tenant from the tenant drop down list under ‘Which cloud environment should this environment associated with?” (See Pro Tip 18)
Click on the Organization Unit tab and define the OU filter based on your project scope.
Click on the Filters tab and define any LDAP filter based on your project scope.
Click Save.
Repeat steps 3 – 13 for the next local environment
Before we can build our workflow, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.
For the purpose of this guide, the following templates will need to be created GAL objects. Additional templates may be created for group membership synchronization.
Cloud to Cloud GAL Sync Source to Target
Cloud to Cloud GAL Sync Target to Source
Local to Local GAL Sync
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Source to Target”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = AS-IS (See Pro Tip 19)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MEU to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select User as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Target to Source”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 22)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select Contact as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Local to Local GAL Sync”, Click Next
Click Local as the source environment type, Click Next
Click Local as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 23)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW DEVICES AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Leave SYNCHRONIZE SID HISTORY unchecked, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘ExtensionAttribute1 and double click, enter the below expression under value field. (See Pro Tip 19)
“s.mail”
Select Contact as the Target Object Type
Select mapping for ‘DistinguishName and double click, enter the below expression under value field. (See Pro Tip 24)
GetDn(NewGuid())
Select mapping for ‘targetAddress’ and double click, enter the below expression under value field. (See Pro Tip 25)
prefix(S.mail, "SMTP:")
Select mapping for ‘msExchRecipientDisplayType’ and double click, enter the below expression under value field. (See Pro Tip 26)
"6"
Select mapping for ‘msExchRecipientTypeDetails’ and double click, enter the below expression under value field. (See Pro Tip 26)
"64"
Leave rest of the mappings as default or update them based on your project needs.
Click Next
Click Finish
Follow these steps to create one (1) new workflow for reading, matching, staging and writing data.
Login to Power365
Navigate to Workflows
Click the New button
Name and Describe the template, Click Next
Select the all four (4) environments (Cloud and Local environments per each hybrid tenant) created previously, Click Next
Select ONE-WAY SYNC, Click Next
The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. (Note, additional steps will be added as part of this guide to facilitate bi-directional synchronization.)
Start at the top of the steps, 1. Read From. Click the Select button
Select all four (4) environments created previously the click OK
Move to Match Objects
This is the step where you will decide on how to match existing objects across your hybrid tenant directories
Matching is conducted by pairing sets of attributes to find corresponding objects
Your four (4) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching
For the purpose of GAL Sync, it is most important that email addresses do not conflict before attempting to create new objects in either environment
Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment
Figure 1: Example Match Objects Criteria
Select your source cloud environment from the drop-down menu
Select your target cloud environment from the drop-down menu
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Cloud environment and source Cloud environment
Figure 2: Example Match Objects Criteria
Select your target cloud environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source cloud environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your source Local environment and target Local environment
Figure 3: Example Match Objects Criteria
Select your source local environment from the drop-down menu on the left.
Select your target local environment from the drop-down menu on the right.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Local environment and source Local environment
Figure 4: Example Match Objects Criteria
Select your target local environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source local environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Click the Select button to configure the first STAGE DATA workflow task for your Source Cloud to Target Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment as your source, Click Next
Select the target cloud environment as your target, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the second STAGE DATA workflow task for your target Cloud to source Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment, Click Next
Select the target cloud environment, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the third STAGE DATA workflow task for your source local to target local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the source local environment, Click Next
Select the target local environment, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Figure 5: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 6: Example Target OU setup.
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the target local environment as your source, Click Next
Select the source local environment as your target, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next
Figure 7: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 8: Example Target OU setup.
Click Finish
Click the Select button to configure the WRITE TO workflow task. Ensure all four (4) environments are selected, Click OK
Click Next
Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed. Click Next
Setup any workflow alert you may wish to configure, for now, Click SKIP
Click Finish
Follow these steps to create one test objects in each environment to validate the GAL Sync workflow.
Setup a Remote Mailbox in the source local environment and ensure it is part of the OU filter setup for the Local Environment.
DisplayName: Lab1RMBX1
PrimarySMTPAddress: Lab1RMBX1@Lab1.Leagueteam.us
Setup a Remote Mailbox in the target local environment it is part of the OU filter setup for the Local Environment.
DisplayName: Lab2RMBX1
PrimarySMTPAddress: Lab2RMBX1@Lab2.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab1CLDMBX1
PrimarySMTPAddress: Lab1CLDMBX1@Lab1.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab2CLDMBX1
PrimarySMTPAddress: Lab2CLDMBX1@Lab2.Leagueteam.us
Capture the LegacyExchangeDN value for the above test objects for later use.
Add the test cloud objects as a member of the filter group for the Cloud Environment if filter group is configured when the environment was first configured.
Follow the below steps to perform the GAL Sync workflow and validation.
Select the workflow configured and click on RUN.
Allow the workflow execution to complete.
Validate Lab1RMBX1 from source local environment will be created in target local environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as targetAddress
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Target Contact’s cn will be created as a random GUID to ensure there will be no name collisions.
Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress. Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail User. The Mail User should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Validate Lab2CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
This section provides a step-by-step guide on how to set up GAL Sync for Microsoft 365 Hybrid Tenants.
To begin at least two (2) hybrid tenants must be configured in Power365 Directory Sync. Each hybrid tenant will consist a cloud environment and a local Active Directory environment. At the end of this section there will be two (2) hybrid tenants with four (4) local and cloud environments fully configured.
An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target hybrid environments.
To create a cloud environment, an Office 365 Global Administrator is required during set up for each tenant. During the initial set up, Power365 Directory Sync will create a new unlicensed user account within each tenant. This account is used to orchestrate some of the PowerShell automation related to directory synchronization services. This account will be created with the Exchange, User and Team Administrator Roles to facilitate its designated jobs.
The Global Administrator account used to set up the environments, is required for directory synchronization services, as it is used to facilitate Graph API related automation activities. The account role can be safely lowered to User, Team and Exchange Administrator once the previously mentioned PowerShell account is created.
To create a local AD environment for the hybrid tenant, the following are required
One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.
One (1) Windows Server to install and host the Power365 Directory Sync Agent.
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Cloud as the environment type, Click Next
Name the environment, Click Next
The Global Administrator credentials should be in-hand and ready
Click the Connect button
Login to Microsoft 365
Accept the requested Application Permissions
Select any discovery group(s) that will be used to determine which objects are part of the environment (See Pro Tip 1)
Do not place a check in the “INCLUDE OBJECTS SYNCHRONIZED WITH A LOCAL ACTIVE DIRECTORY VIA AZURE ACTIVE DIRECTORY CONNECT” option as this is a cloud environment with hybrid objects that originate in an On-Premises Active Directory. For hybrid objects, we will be utilizing Local to Local setup to perform the GAL Sync.
Click Next, then Finish
Repeat steps 3 – 12 for the next cloud environment
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Local as the environment type, Click Next
Name the environment, Click Next
Name the local agent, Click Next
Note the agent registration URL and registration Key for later use, click Finish.
Install the agent in the Windows Server that is joined to the local AD domain. Refer to Power365 Online Help Center for detailed information about agent installation and set-up requirements.
Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.
Under General Tab, select the Microsoft 365 tenant from the tenant drop down list under ‘Which cloud environment should this environment associated with?” (See Pro Tip 18)
Click on the Organization Unit tab and define the OU filter based on your project scope.
Click on the Filters tab and define any LDAP filter based on your project scope.
Click Save.
Repeat steps 3 – 13 for the next local environment
Before we can build our workflow, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.
For the purpose of this guide, the following templates will need to be created GAL objects. Additional templates may be created for group membership synchronization.
Cloud to Cloud GAL Sync Source to Target
Cloud to Cloud GAL Sync Target to Source
Local to Local GAL Sync
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Source to Target”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = AS-IS (See Pro Tip 19)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MEU to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select User as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Target to Source”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 22)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select Contact as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Local to Local GAL Sync”, Click Next
Click Local as the source environment type, Click Next
Click Local as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 23)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW DEVICES AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Leave SYNCHRONIZE SID HISTORY unchecked, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘ExtensionAttribute1 and double click, enter the below expression under value field. (See Pro Tip 19)
“s.mail”
Select Contact as the Target Object Type
Select mapping for ‘DistinguishName and double click, enter the below expression under value field. (See Pro Tip 24)
GetDn(NewGuid())
Select mapping for ‘targetAddress’ and double click, enter the below expression under value field. (See Pro Tip 25)
prefix(S.mail, "SMTP:")
Select mapping for ‘msExchRecipientDisplayType’ and double click, enter the below expression under value field. (See Pro Tip 26)
"6"
Select mapping for ‘msExchRecipientTypeDetails’ and double click, enter the below expression under value field. (See Pro Tip 26)
"64"
Leave rest of the mappings as default or update them based on your project needs.
Click Next
Click Finish
Follow these steps to create one (1) new workflow for reading, matching, staging and writing data.
Login to Power365
Navigate to Workflows
Click the New button
Name and Describe the template, Click Next
Select the all four (4) environments (Cloud and Local environments per each hybrid tenant) created previously, Click Next
Select ONE-WAY SYNC, Click Next
The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. (Note, additional steps will be added as part of this guide to facilitate bi-directional synchronization.)
Start at the top of the steps, 1. Read From. Click the Select button
Select all four (4) environments created previously the click OK
Move to Match Objects
This is the step where you will decide on how to match existing objects across your hybrid tenant directories
Matching is conducted by pairing sets of attributes to find corresponding objects
Your four (4) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching
For the purpose of GAL Sync, it is most important that email addresses do not conflict before attempting to create new objects in either environment
Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment
Figure 1: Example Match Objects Criteria
Select your source cloud environment from the drop-down menu
Select your target cloud environment from the drop-down menu
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Cloud environment and source Cloud environment
Figure 2: Example Match Objects Criteria
Select your target cloud environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source cloud environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your source Local environment and target Local environment
Figure 3: Example Match Objects Criteria
Select your source local environment from the drop-down menu on the left.
Select your target local environment from the drop-down menu on the right.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Local environment and source Local environment
Figure 4: Example Match Objects Criteria
Select your target local environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source local environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Click the Select button to configure the first STAGE DATA workflow task for your Source Cloud to Target Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment as your source, Click Next
Select the target cloud environment as your target, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the second STAGE DATA workflow task for your target Cloud to source Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment, Click Next
Select the target cloud environment, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the third STAGE DATA workflow task for your source local to target local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the source local environment, Click Next
Select the target local environment, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Figure 5: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 6: Example Target OU setup.
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the target local environment as your source, Click Next
Select the source local environment as your target, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next
Figure 7: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 8: Example Target OU setup.
Click Finish
Click the Select button to configure the WRITE TO workflow task. Ensure all four (4) environments are selected, Click OK
Click Next
Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed. Click Next
Setup any workflow alert you may wish to configure, for now, Click SKIP
Click Finish
Follow these steps to create one test objects in each environment to validate the GAL Sync workflow.
Setup a Remote Mailbox in the source local environment and ensure it is part of the OU filter setup for the Local Environment.
DisplayName: Lab1RMBX1
PrimarySMTPAddress: Lab1RMBX1@Lab1.Leagueteam.us
Setup a Remote Mailbox in the target local environment it is part of the OU filter setup for the Local Environment.
DisplayName: Lab2RMBX1
PrimarySMTPAddress: Lab2RMBX1@Lab2.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab1CLDMBX1
PrimarySMTPAddress: Lab1CLDMBX1@Lab1.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab2CLDMBX1
PrimarySMTPAddress: Lab2CLDMBX1@Lab2.Leagueteam.us
Capture the LegacyExchangeDN value for the above test objects for later use.
Add the test cloud objects as a member of the filter group for the Cloud Environment if filter group is configured when the environment was first configured.
Follow the below steps to perform the GAL Sync workflow and validation.
Select the workflow configured and click on RUN.
Allow the workflow execution to complete.
Validate Lab1RMBX1 from source local environment will be created in target local environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as targetAddress
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Target Contact’s cn will be created as a random GUID to ensure there will be no name collisions.
Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress. Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail User. The Mail User should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Validate Lab2CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
This section provides a step-by-step guide on how to set up GAL Sync for Microsoft 365 Hybrid Tenants.
To begin at least two (2) hybrid tenants must be configured in Power365 Directory Sync. Each hybrid tenant will consist a cloud environment and a local Active Directory environment. At the end of this section there will be two (2) hybrid tenants with four (4) local and cloud environments fully configured.
An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target hybrid environments.
To create a cloud environment, an Office 365 Global Administrator is required during set up for each tenant. During the initial set up, Power365 Directory Sync will create a new unlicensed user account within each tenant. This account is used to orchestrate some of the PowerShell automation related to directory synchronization services. This account will be created with the Exchange, User and Team Administrator Roles to facilitate its designated jobs.
The Global Administrator account used to set up the environments, is required for directory synchronization services, as it is used to facilitate Graph API related automation activities. The account role can be safely lowered to User, Team and Exchange Administrator once the previously mentioned PowerShell account is created.
To create a local AD environment for the hybrid tenant, the following are required
One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.
One (1) Windows Server to install and host the Power365 Directory Sync Agent.
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Cloud as the environment type, Click Next
Name the environment, Click Next
The Global Administrator credentials should be in-hand and ready
Click the Connect button
Login to Microsoft 365
Accept the requested Application Permissions
Select any discovery group(s) that will be used to determine which objects are part of the environment (See Pro Tip 1)
Do not place a check in the “INCLUDE OBJECTS SYNCHRONIZED WITH A LOCAL ACTIVE DIRECTORY VIA AZURE ACTIVE DIRECTORY CONNECT” option as this is a cloud environment with hybrid objects that originate in an On-Premises Active Directory. For hybrid objects, we will be utilizing Local to Local setup to perform the GAL Sync.
Click Next, then Finish
Repeat steps 3 – 12 for the next cloud environment
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Local as the environment type, Click Next
Name the environment, Click Next
Name the local agent, Click Next
Note the agent registration URL and registration Key for later use, click Finish.
Install the agent in the Windows Server that is joined to the local AD domain. Refer to Power365 Online Help Center for detailed information about agent installation and set-up requirements.
Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.
Under General Tab, select the Microsoft 365 tenant from the tenant drop down list under ‘Which cloud environment should this environment associated with?” (See Pro Tip 18)
Click on the Organization Unit tab and define the OU filter based on your project scope.
Click on the Filters tab and define any LDAP filter based on your project scope.
Click Save.
Repeat steps 3 – 13 for the next local environment
Before we can build our workflow, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.
For the purpose of this guide, the following templates will need to be created GAL objects. Additional templates may be created for group membership synchronization.
Cloud to Cloud GAL Sync Source to Target
Cloud to Cloud GAL Sync Target to Source
Local to Local GAL Sync
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Source to Target”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = AS-IS (See Pro Tip 19)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MEU to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select User as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Target to Source”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 22)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select Contact as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Local to Local GAL Sync”, Click Next
Click Local as the source environment type, Click Next
Click Local as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 23)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW DEVICES AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Leave SYNCHRONIZE SID HISTORY unchecked, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘ExtensionAttribute1 and double click, enter the below expression under value field. (See Pro Tip 19)
“s.mail”
Select Contact as the Target Object Type
Select mapping for ‘DistinguishName and double click, enter the below expression under value field. (See Pro Tip 24)
GetDn(NewGuid())
Select mapping for ‘targetAddress’ and double click, enter the below expression under value field. (See Pro Tip 25)
prefix(S.mail, "SMTP:")
Select mapping for ‘msExchRecipientDisplayType’ and double click, enter the below expression under value field. (See Pro Tip 26)
"6"
Select mapping for ‘msExchRecipientTypeDetails’ and double click, enter the below expression under value field. (See Pro Tip 26)
"64"
Leave rest of the mappings as default or update them based on your project needs.
Click Next
Click Finish
Follow these steps to create one (1) new workflow for reading, matching, staging and writing data.
Login to Power365
Navigate to Workflows
Click the New button
Name and Describe the template, Click Next
Select the all four (4) environments (Cloud and Local environments per each hybrid tenant) created previously, Click Next
Select ONE-WAY SYNC, Click Next
The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. (Note, additional steps will be added as part of this guide to facilitate bi-directional synchronization.)
Start at the top of the steps, 1. Read From. Click the Select button
Select all four (4) environments created previously the click OK
Move to Match Objects
This is the step where you will decide on how to match existing objects across your hybrid tenant directories
Matching is conducted by pairing sets of attributes to find corresponding objects
Your four (4) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching
For the purpose of GAL Sync, it is most important that email addresses do not conflict before attempting to create new objects in either environment
Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment
Figure 1: Example Match Objects Criteria
Select your source cloud environment from the drop-down menu
Select your target cloud environment from the drop-down menu
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Cloud environment and source Cloud environment
Figure 2: Example Match Objects Criteria
Select your target cloud environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source cloud environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your source Local environment and target Local environment
Figure 3: Example Match Objects Criteria
Select your source local environment from the drop-down menu on the left.
Select your target local environment from the drop-down menu on the right.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Local environment and source Local environment
Figure 4: Example Match Objects Criteria
Select your target local environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source local environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Click the Select button to configure the first STAGE DATA workflow task for your Source Cloud to Target Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment as your source, Click Next
Select the target cloud environment as your target, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the second STAGE DATA workflow task for your target Cloud to source Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment, Click Next
Select the target cloud environment, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the third STAGE DATA workflow task for your source local to target local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the source local environment, Click Next
Select the target local environment, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Figure 5: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 6: Example Target OU setup.
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the target local environment as your source, Click Next
Select the source local environment as your target, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next
Figure 7: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 8: Example Target OU setup.
Click Finish
Click the Select button to configure the WRITE TO workflow task. Ensure all four (4) environments are selected, Click OK
Click Next
Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed. Click Next
Setup any workflow alert you may wish to configure, for now, Click SKIP
Click Finish
Follow these steps to create one test objects in each environment to validate the GAL Sync workflow.
Setup a Remote Mailbox in the source local environment and ensure it is part of the OU filter setup for the Local Environment.
DisplayName: Lab1RMBX1
PrimarySMTPAddress: Lab1RMBX1@Lab1.Leagueteam.us
Setup a Remote Mailbox in the target local environment it is part of the OU filter setup for the Local Environment.
DisplayName: Lab2RMBX1
PrimarySMTPAddress: Lab2RMBX1@Lab2.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab1CLDMBX1
PrimarySMTPAddress: Lab1CLDMBX1@Lab1.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab2CLDMBX1
PrimarySMTPAddress: Lab2CLDMBX1@Lab2.Leagueteam.us
Capture the LegacyExchangeDN value for the above test objects for later use.
Add the test cloud objects as a member of the filter group for the Cloud Environment if filter group is configured when the environment was first configured.
Follow the below steps to perform the GAL Sync workflow and validation.
Select the workflow configured and click on RUN.
Allow the workflow execution to complete.
Validate Lab1RMBX1 from source local environment will be created in target local environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as targetAddress
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Target Contact’s cn will be created as a random GUID to ensure there will be no name collisions.
Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress. Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail User. The Mail User should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Validate Lab2CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
This section provides a step-by-step guide on how to set up GAL Sync for Microsoft 365 Hybrid Tenants.
To begin at least two (2) hybrid tenants must be configured in Power365 Directory Sync. Each hybrid tenant will consist a cloud environment and a local Active Directory environment. At the end of this section there will be two (2) hybrid tenants with four (4) local and cloud environments fully configured.
An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target hybrid environments.
To create a cloud environment, an Office 365 Global Administrator is required during set up for each tenant. During the initial set up, Power365 Directory Sync will create a new unlicensed user account within each tenant. This account is used to orchestrate some of the PowerShell automation related to directory synchronization services. This account will be created with the Exchange, User and Team Administrator Roles to facilitate its designated jobs.
The Global Administrator account used to set up the environments, is required for directory synchronization services, as it is used to facilitate Graph API related automation activities. The account role can be safely lowered to User, Team and Exchange Administrator once the previously mentioned PowerShell account is created.
To create a local AD environment for the hybrid tenant, the following are required
One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows.
One (1) Windows Server to install and host the Power365 Directory Sync Agent.
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Cloud as the environment type, Click Next
Name the environment, Click Next
The Global Administrator credentials should be in-hand and ready
Click the Connect button
Login to Microsoft 365
Accept the requested Application Permissions
Select any discovery group(s) that will be used to determine which objects are part of the environment (See Pro Tip 1)
Do not place a check in the “INCLUDE OBJECTS SYNCHRONIZED WITH A LOCAL ACTIVE DIRECTORY VIA AZURE ACTIVE DIRECTORY CONNECT” option as this is a cloud environment with hybrid objects that originate in an On-Premises Active Directory. For hybrid objects, we will be utilizing Local to Local setup to perform the GAL Sync.
Click Next, then Finish
Repeat steps 3 – 12 for the next cloud environment
Follow these steps to setup the cloud environment endpoints.
Login to Power365
Navigate to Environments
Click the New button
Click Local as the environment type, Click Next
Name the environment, Click Next
Name the local agent, Click Next
Note the agent registration URL and registration Key for later use, click Finish.
Install the agent in the Windows Server that is joined to the local AD domain. Refer to Power365 Online Help Center for detailed information about agent installation and set-up requirements.
Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.
Under General Tab, select the Microsoft 365 tenant from the tenant drop down list under ‘Which cloud environment should this environment associated with?” (See Pro Tip 18)
Click on the Organization Unit tab and define the OU filter based on your project scope.
Click on the Filters tab and define any LDAP filter based on your project scope.
Click Save.
Repeat steps 3 – 13 for the next local environment
Before we can build our workflow, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.
For the purpose of this guide, the following templates will need to be created GAL objects. Additional templates may be created for group membership synchronization.
Cloud to Cloud GAL Sync Source to Target
Cloud to Cloud GAL Sync Target to Source
Local to Local GAL Sync
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Source to Target”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = AS-IS (See Pro Tip 19)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MEU to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select User as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Cloud to Cloud GAL Sync Target to Source”, Click Next
Click Cloud as the source environment type, Click Next
Click Cloud as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 22)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = ENABLE
Click Next
Set CREATE OFFICE365 GROUPS AND TEAMS AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘EmailAddresses’ and double click, enter the below expression under value field. (See Pro Tip 20)
GetProxyAddresses(null, null, prefix(Result("WindowsEmailAddress"), "SMTP:"), prefix(LegacyExchangeDN, "x500:"))
Select Contact as the Target Object Type
Select mapping for ‘CustomAttribute1 and double click, enter the below expression under value field. (See Pro Tip 21)
“s.WindowsEmailAddress”
Select All as the Target Object Type
Leave rest of the mappings as default.
Click Next
Click Finish
Navigate to Templates
Click the New button
Name and Describe the template
In our example, we will name our template “Local to Local GAL Sync”, Click Next
Click Local as the source environment type, Click Next
Click Local as the target environment type, Click Next
Set CREATE NEW USERS AS = CONTACT (See Pro Tip 23)
Set UPDATE CREATED USERS= ENABLE
Set UPDATE MATCHED USERS= DISABLE
Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.
Click Next
Set CREATE GROUPS AS = SKIP
Set UPDATE CREATED GROUPS = DISABLE
Set UPDATE MATCHED GROUPS = DISABLE
Click Next
Set CREATE NEW CONTACTS AS = DO NOT CREATE
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Set CREATE NEW DEVICES AS = SKIP
Set UPDATE CREATED CONTACTS = DISABLE
Set UPDATE MATCHED CONTACTS = DISABLE
Click Next
Enter a default password, Click Next
Leave SYNCHRONIZE SID HISTORY unchecked, Click Next
Under mappings, we need to make several modifications to the default template in order to make the MailContact to be compatible with Power365 Tenant to Tenant.
Select mapping for ‘ExtensionAttribute1 and double click, enter the below expression under value field. (See Pro Tip 19)
“s.mail”
Select Contact as the Target Object Type
Select mapping for ‘DistinguishName and double click, enter the below expression under value field. (See Pro Tip 24)
GetDn(NewGuid())
Select mapping for ‘targetAddress’ and double click, enter the below expression under value field. (See Pro Tip 25)
prefix(S.mail, "SMTP:")
Select mapping for ‘msExchRecipientDisplayType’ and double click, enter the below expression under value field. (See Pro Tip 26)
"6"
Select mapping for ‘msExchRecipientTypeDetails’ and double click, enter the below expression under value field. (See Pro Tip 26)
"64"
Leave rest of the mappings as default or update them based on your project needs.
Click Next
Click Finish
Follow these steps to create one (1) new workflow for reading, matching, staging and writing data.
Login to Power365
Navigate to Workflows
Click the New button
Name and Describe the template, Click Next
Select the all four (4) environments (Cloud and Local environments per each hybrid tenant) created previously, Click Next
Select ONE-WAY SYNC, Click Next
The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. (Note, additional steps will be added as part of this guide to facilitate bi-directional synchronization.)
Start at the top of the steps, 1. Read From. Click the Select button
Select all four (4) environments created previously the click OK
Move to Match Objects
This is the step where you will decide on how to match existing objects across your hybrid tenant directories
Matching is conducted by pairing sets of attributes to find corresponding objects
Your four (4) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching
For the purpose of GAL Sync, it is most important that email addresses do not conflict before attempting to create new objects in either environment
Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment
Figure 1: Example Match Objects Criteria
Select your source cloud environment from the drop-down menu
Select your target cloud environment from the drop-down menu
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Cloud environment and source Cloud environment
Figure 2: Example Match Objects Criteria
Select your target cloud environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source cloud environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria
Choose the WindowsEmailAddress attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding three (3) additional attribute pairings to our criteria
UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist
ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address
WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your source Local environment and target Local environment
Figure 3: Example Match Objects Criteria
Select your source local environment from the drop-down menu on the left.
Select your target local environment from the drop-down menu on the right.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above. Click the Select button to configure the Match Objects criteria for your target Local environment and source Local environment
Figure 4: Example Match Objects Criteria
Select your target local environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.
Select your source local environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.
Choose your first attribute pairings, we will use mail for our first match criteria
Choose the mail attribute for the source and target fields
To add more attribute pairs, click the Add Attribute button
Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.
In our case we are adding two (2) additional attribute pairings to our criteria
Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.
Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Power365 DirSync.
Ensure Match Across all object types is checked in this case.
Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches
There is no need in this guide to Add Another Pair, click OK to close this configuration
Click the Select button to configure the first STAGE DATA workflow task for your Source Cloud to Target Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment as your source, Click Next
Select the target cloud environment as your target, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the second STAGE DATA workflow task for your target Cloud to source Cloud synchronization rule.
Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next
Select the source cloud environment, Click Next
Select the target cloud environment, Click Next
Select the default target domain name, Click Next
Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the third STAGE DATA workflow task for your source local to target local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the source local environment, Click Next
Select the target local environment, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next (See Pro Tip 8)
Figure 5: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 6: Example Target OU setup.
Click Finish
Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.
Select the “Local to Local GAL Sync” template, Click Next
Select the target local environment as your source, Click Next
Select the source local environment as your target, Click Next
Select the default target domain name, Click Next
Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,
In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.
Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation. Click Next
Figure 7: Example Source OU setup.
Select the default OU for newly created objects for Users, Groups, Contacts, and Devices. In our case, we can select the same OU for all object types as we are only syncing user as contact.
Figure 8: Example Target OU setup.
Click Finish
Click the Select button to configure the WRITE TO workflow task. Ensure all four (4) environments are selected, Click OK
Click Next
Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed. Click Next
Setup any workflow alert you may wish to configure, for now, Click SKIP
Click Finish
Follow these steps to create one test objects in each environment to validate the GAL Sync workflow.
Setup a Remote Mailbox in the source local environment and ensure it is part of the OU filter setup for the Local Environment.
DisplayName: Lab1RMBX1
PrimarySMTPAddress: Lab1RMBX1@Lab1.Leagueteam.us
Setup a Remote Mailbox in the target local environment it is part of the OU filter setup for the Local Environment.
DisplayName: Lab2RMBX1
PrimarySMTPAddress: Lab2RMBX1@Lab2.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab1CLDMBX1
PrimarySMTPAddress: Lab1CLDMBX1@Lab1.Leagueteam.us
Setup a Mailbox in the source cloud environment.
DisplayName: Lab2CLDMBX1
PrimarySMTPAddress: Lab2CLDMBX1@Lab2.Leagueteam.us
Capture the LegacyExchangeDN value for the above test objects for later use.
Add the test cloud objects as a member of the filter group for the Cloud Environment if filter group is configured when the environment was first configured.
Follow the below steps to perform the GAL Sync workflow and validation.
Select the workflow configured and click on RUN.
Allow the workflow execution to complete.
Validate Lab1RMBX1 from source local environment will be created in target local environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as targetAddress
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Target Contact’s cn will be created as a random GUID to ensure there will be no name collisions.
Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The target Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress. Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail User. The Mail User should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
Validate Lab2CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact. The Mail Contact should have the following set:
Source Mailbox’s PrimarySMTPAddress will be added as external email address
Source Mailbox’s LegacyExchangeDN will be added as x500 address.
Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.
© ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center