Chat now with support
Chat with Support

Binary Tree Directory Sync Pro for Notes 20.11 - User Guide

Additional Configuration Options

Changing the attribute used for "Created by Dirsync" or "Updated by Dirsync"

By default, the adminDescription attribute (for Active Directory) or $BTAction (for Domino) is stamped on objects on the Target that are created or updated by Directory Sync Pro for Notes with "Created by Dirsync" or "Updated by Dirsync" to define which objects can be safely deleted from the Target. An app setting is available in the config file to allow you to define a different attribute/field for this purpose.

To use an attribute other than adminDescription or $BTAction, define a new DirSyncAttribute setting in the <appSettings> section of the config file. For example, the below setting will use adminDisplayName instead of adminDescription:

Warning: This must be configured before the initial sync.

<appSettings>

<add key="DirSyncAttribute" value="adminDisplayName"/>

</appSettings>

Setting msExchRecipientDisplayType and msExchRecipientTypeDetails Exchange attributes

A configuration option to allow you to set msExchRecipientDisplayType and msExchRecipientTypeDetails Exchange attributes based on the value of a configurable attribute is available. This option is only applied to target objects not created by Directory Sync Pro for Notes.

The configuration option must defined in the <appSettings> section of the config file, as shown below. “Value=” should be contain the attribute to be used. (proxyAddresses shown below). If the value of the target attribute is null, msExchRecipientDisplayType and msExchRecipientTypeDetails will be populated. See the list below for the values that will be populated.

<appSettings>

<add key="RecipientType_MailEnabledAttribute" value="proxyAddresses"/>

</appSettings>

Mail Enabled Users in the source:

  • msExchRecipientDisplayType = 6
  • msExchRecipientTypeDetails = 128

Room Mailbox in the source:

  • msExchRecipientDisplayType = 7
  • msExchRecipientTypeDetails = 16

Resource Mailbox in the source:

  • msExchRecipientDisplayType = 8
  • msExchRecipientTypeDetails = 32

Shared Mailbox in the source:

  • msExchRecipientDisplayType = 0
  • msExchRecipientTypeDetails = 4

Allow objects with remote mailboxes to be treated as mailbox-enabled objects

A setting that allows objects with connected O365 remote mailboxes to be treated as mailbox-enabled objects is available. To enable this feature, add the RemoteMailboxAsMailboxEnabled option to the <appSettings> section of the BinaryTree.DirSync.Exchange.exe.config file as displayed below.

<appSettings>

<add key="RemoteMailboxAsMailboxEnabled" value="True"/>

</appSettings>

If this setting is set to any value other than True or if omitted from the file, objects with remote mailboxes will be treated as non-mailbox-enabled. If set to True, objects with remote mailboxes will be treated as mailbox-enabled.

Specify a timeout for password sync

A configuration option in the appSettings section of the config file to specify a timeout for password sync is available. In large environments, it may take longer than the default 300 second timeout to complete the password sync process and may need to be lengthened.

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="PasswordSyncTimeoutSeconds" value="300"/>

</appSettings>

Set the value to configure the timeout to a specific number of seconds. If this setting is omitted, or set to an invalid value, the timeout will be set to 300 seconds (5 minutes). To disable the timeout functionality, set to -1 (or any negative value).

Disable the caching of group members

A configuration option can be used in the appSettings section of the config file to disable the caching of group members.

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="OptimizeGroupSyncMemoryUsage" value="true"/>

</appSettings>

Valid values are true and false. If this setting is omitted, or set to an invalid value, the value defaults to false. If set to false, group members will be cached during push and pull. If set to true, group members will not be cached during push and pull.

Disable the initialization of the sync report

A configuration option can be used in the appSettings section of the config file to disable the initialization of the sync report. If disabled, a sync report will still be recorded, but it will not be initialized between syncs. The result will be that an object will show data from the last time it was processed by Directory Sync Pro for Notes, rather than just the most recent time it was processed. In other words, if an object is inserted during a sync, it will show in the sync report as Inserted. Assuming a second sync does not touch this object, then if the sync report is initialized, a second sync will show this object as No Change, but if the sync report is not initialized, the object will still show as Inserted.

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="DisableSyncReportInitialization" value="true"/>

</appSettings>

Valid values are true and false. If this setting is omitted, or set to an invalid value, the value defaults to false. If set to false, the sync report will be initialized. If set to true, the sync report will not be initialized.

Note that this must be implemented on Domino and the Directory Sync Pro for Notes console server.

Set the maximum number of users and groups synced simultaneously

During pull processing, Directory Sync Pro for Notes will sync multiple Active Directory user and group objects simultaneously into the target AD. The maximum number of users and groups synced simultaneously can be changed using the ThreadCount setting in the config file. If this configuration option is not specified, the ThreadCount will be set to the same number of logical processor cores of the server on which Directory Sync Pro for Notes is running.

The configuration option is not included by default. To add, modify the BinaryTree.DirSync.Exchange.exe.config file located at C:\Program Files\Binary Tree\DirSync and add a new key to the <appSettings> section as follows:

<appSettings>

<add key="ThreadCount" value="4"/>

</appSettings>

This option should never be set to a number greater than the number of processor cores on the server. However, you may need to specify a lower number if other applications also running on the server require a specific number of cores set aside for processing. Best practice is to leave the setting at the default value and lower it only if additional processing power is needed for other applications on the server.

Multiple passes will be needed to make sure all data is synchronized to the target when multi-threading is used. An example scenario is:

  • User B is the Manager of User A.
  • User A is synchronized first.
  • Then, User B is synchronized.
  • Another sync is needed for User B to be the Manager on User A.

Passwords are copied if a prior sync failed

A configuration option can be used in the appSettings section of the config file to ensure passwords are copied even if a prior sync failed.

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="RepushAllPasswords" value="true"/>

</appSettings>

Valid values are true and false. If set to true, Directory Sync Pro for Notes will process passwords for all users during the push. Any users with changed passwords will be processed on the pull. Using this option will increase the sync time, but ensure that all passwords are made current. If set to false or the setting is omitted, this option is disabled.

Set the number of objects selected when the user selects all (Ctrl+A)

A configuration option can be added to control how many objects are selected when the user selects all (Ctrl+A):

<appSettings>

<add key="SelectAllLimit" value="1000"/>

</appSettings>

If this configuration option is omitted, the default value is 1000. Setting this option to a high number may cause performance issues when selecting and marking objects.

Setting select all limit when marking objects as Ready to Sync

Selecting objects to mark as Ready to Sync can be done from the Objects tab within the Sync Report, which contains all object types.

A configuration option can be used in the appSettings section of the config file to control how many objects are selected when the user selects all (Ctrl+A):

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="SelectAllLimit" value="1000"/>

</appSettings>

If this configuration option is omitted, the default value is 1000. Setting this to a high number may cause performance issues when selecting and marking objects.

This option does not apply to Windows Server Migration profiles.

Set the attribute used for the linking function

A configuration option can be added to change the attribute used for the linking functionality.

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="LinkedIDAttribute" value="adminDisplayName"/>

</appSettings>

If this configuration option is omitted, adminDisplayName is used.

Set the delay period before running a post sync PowerShell script

A configuration option can be added to change the delay length prior to running the post sync PowerShell script. By default, the delay is 300 seconds (5 minutes).

This setting should be added to the BinaryTree.DirSync.Exchange.exe.config file.

<appSettings>

<add key="PostScriptDelaySeconds" value="300"/>

</appSettings>

Using the User, Group, and Device LDAP filters

Active Directory provides a powerful way of retrieving data through the use LDAP filters. Directory Synchronization exposes three filters during the creation of a synchronization profile: User OU Filter, Group OU Filter, and Device OU Filter whose defaults are:

  • Users: (&(!(adminDescription=Created By DirSync))(|(objectClass=Person)(objectClass=room))(!(objectClass=computer)))
  • Groups: (&(!(adminDescription=Created By DirSync))(objectClass=Group))
  • Devices: (&(!(adminDescription=Created By DirSync))(objectClass=computer)(!(primaryGroupID=516)))

These filters are per organizational unit and apply to sub-OUs when the Sync Sub-OUs option is selected.

Modifying these filters requires a basic understanding of the attributes, their value representations, and their data types. LDAP filters support any number of options including filtering by date ranges, wildcards, and the use of bitmasks as in the userAccountControl property.

The use of the objectClass and objectCategory properties can greatly reduce the number of records retrieved resulting in improved performance. You may use other attributes to further restrict your results.

The following are common examples of queries and their LDAP query syntax.

  • Selecting users that are part of the ‘Accounting’ department:
    • (&(objectClass=User)(objectCategory=Person)(department=Accounting))
  • Selecting mailbox-enabled users:
    • (&(objectClass=User)(objectCategory=Person)(homeMDB=*))
  • Selecting mail-enabled users and contacts:
    • (|(&(objectClass=User)(objectCategory=Person)(!homeMDB=*))(objectClass=Contact))
  • Selecting users created after January 1, 2011:
    • (&(objectClass=User)(objectCategory=Person)(whenCreated>=20110101000000.0Z))
  • Selecting distribution lists:
    • (&(objectClass=Group)(groupType=2))

Binary Tree recommends that you use the Active Directory Users and Computers management console to test your filters to prevent Directory Synchronization from failing due to an invalid filter.

Using the User and Group LDAP Filters

Active Directory provides a powerful way of retrieving data through the use LDAP filters. Directory Synchronization exposes two filters during the creation of a synchronization profile: User OU Filter and Group OU Filter whose defaults are:

  • Users: (&(!(adminDescription=Created By DirSync))(|(objectClass=Person)(objectClass=room))(!(objectClass=computer)))
  • Groups: (&(!(adminDescription=Created By DirSync))(objectClass=Group))

These filters are per organizational unit and apply to sub-OUs when the Sync Sub-OUs option is selected.

Modifying these filters requires a basic understanding of the attributes, their value representations, and their data types. LDAP filters support any number of options including filtering by date ranges, wildcards, and the use of bitmasks as in the userAccountControl property.

The use of the objectClass and objectCategory properties can greatly reduce the number of records retrieved resulting in improved performance. You may use other attributes to further restrict your results.

  • Selecting users that are part of the ‘Accounting’ department:
    • (&(objectClass=User)(objectCategory=Person)(department=Accounting))
  • Selecting mailbox-enabled users:
    • (&(objectClass=User)(objectCategory=Person)(homeMDB=*))
  • Selecting mail-enabled users and contacts:
    • (|(&(objectClass=User)(objectCategory=Person)(!homeMDB=*))(objectClass=Contact))
  • Selecting users created after January 1, 2011:
    • (&(objectClass=User)(objectCategory=Person)(whenCreated>=20110101000000.0Z))
  • Selecting distribution lists:
    • (&(objectClass=Group)(groupType=2))

The following are common examples of queries and their LDAP query syntax.

Binary Tree recommends that you use the Active Directory Users and Computers management console to test your filters to prevent Directory Synchronization from failing due to an invalid filter.

Default Mappings

AD Source – Domino Target Default Mapping

The below table displays the default values of the AD Source to Domino Target mapping table.

Source Field Internal Field Target Field Source Type Target Type 1 Target Type 2 Comments

mail

InternetAddress

InternetAddress

any

any

 

 

company Company CompanyName any any    

c

OfficeCountry

OfficeCountry

contact

user

 

 

department

Department

Department

contact

user

 

 

displayName

DisplayName

FullName

contact

user

 

 

employeeID

EmployeeID

EmployeeID

contact

user

 

 

facsimileTelephoneNumber

OfficeFAXNumber

OfficeFAXPhoneNumber

contact

user

 

 

givenName

FirstName

FirstName

contact

user

 

 

initials

Initials

MiddleInitial

contact

user

 

 

l

OfficeCity

OfficeCity

contact

user

 

 

mailNickname

PrimaryAlias

ShortName

contact

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

mobile

CellPhoneNumber

CellPhoneNumber

contact

user

 

 

physicalDeliveryOfficeName

Location

Location

contact

user

 

Important, particularly for printers.

postalCode

OfficeZip

OfficeZip

contact

user

 

 

proxyAddresses

FullName

FullName

contact

user

 

 

sn

LastName

LastName

contact

user

 

Sometimes used as surname.

st

OfficeState

OfficeState

contact

user

 

 

streetAddress

OfficeStreetAddress

OfficeStreetAddress

contact

user

 

 

telephoneNumber

OfficePhoneNumber

OfficePhoneNumber

contact

user

 

 

title

JobTitle

JobTitle

contact

user

 

 

 

BTCustom001

FullName

contact

user

 

 

c

OfficeCountry

OfficeCountry

group

 

user

 

department

Department

Department

group

 

user

 

displayName

DisplayName

ListName

group

group

 

 

employeeID

EmployeeID

EmployeeID

group

 

user

 

facsimileTelephoneNumber

OfficeFAXNumber

OfficeFAXPhoneNumber

group

 

user

 

givenName

FirstName

FirstName

group

 

user

 

info

Comment

ListDescription

group

group

 

 

info

Comment

Comment

group

 

user

 

initials

Initials

MiddleInitial

group

 

user

 

l

OfficeCity

OfficeCity

group

 

user

 

mailNickname

PrimaryAlias

ShortName

group

 

user

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

mobile

CellPhoneNumber

CellPhoneNumber

group

 

user

 

physicalDeliveryOfficeName

Location

Location

group

 

user

Important, particularly for printers.

postalCode

OfficeZip

OfficeZip

group

 

user

 

proxyAddresses

FullName

FullName

group

 

user

 

sAMAccountName

SAMAccountName

ShortName

group

 

user

The following restricted chars will be replaced with underscores:

+ @ [ ] " / : | ? \ > ; = * < ,

sn

LastName

LastName

group

 

user

Sometimes used as surname.

st

OfficeState

OfficeState

group

 

user

 

streetAddress

OfficeStreetAddress

OfficeStreetAddress

group

 

user

 

telephoneNumber

OfficePhoneNumber

OfficePhoneNumber

group

 

user

 

title

JobTitle

JobTitle

group

 

user

 

 

BTCustom001

FullName

group

 

user

To represent group as person.

cn

CommonName

FullName

resource

user

 

 

displayName

DisplayName

FullName

resource

user

 

 

name

LastName

LastName

resource

user

 

 

mailNickname

PrimaryAlias

FullName

resource

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

mailNickname

ShortName

ShortName

resource

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

proxyAddresses

FullName

FullName

resource

user

 

 

sAMAccountName

SAMAccountName

FullName

resource

user

 

The following restricted chars will be replaced with underscores:

+ @ [ ] " / : | ? \ > ; = * < ,

cn

CommonName

FullName

room

user

 

 

displayName

DisplayName

FullName

room

user

 

 

name

LastName

LastName

room

user

 

 

mailNickname

PrimaryAlias

FullName

room

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

mailNickname

ShortName

ShortName

room

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

proxyAddresses

FullName

FullName

room

user

 

 

sAMAccountName

SAMAccountName

FullName

room

user

 

The following restricted chars will be replaced with underscores:

+ @ [ ] " / : | ? \ > ; = * < ,

cn

CommonName

FullName

sharedMail

user

 

 

displayName

DisplayName

FullName

sharedMail

user

 

 

mailNickname

PrimaryAlias

FullName

sharedMail

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

mailNickname

ShortName

ShortName

sharedMail

user

 

 

proxyAddresses

FullName

FullName

sharedMail

user

 

 

sAMAccountName

SAMAccountName

FullName

sharedMail

user

 

The following restricted chars will be replaced with underscores:

+ @ [ ] " / : | ? \ > ; = * < ,

c

OfficeCountry

OfficeCountry

user

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

cn CommonName FullName user user    

department

Department

Department

user

user

 

 

displayName

DisplayName

FullName

user

user

 

 

employeeID

EmployeeID

EmployeeID

user

user

 

 

facsimileTelephoneNumber

OfficeFAXNumber

OfficeFAXPhoneNumber

user

user

 

 

givenName

FirstName

FirstName

user

user

 

 

initials

Initials

MiddleInitial

user

user

 

 

l

OfficeCity

OfficeCity

user

user

 

 

mailNickname

PrimaryAlias

ShortName

user

user

 

The following restricted chars will be replaced with underscores:

( ) @ [ ] " space : \ > ; <

mobile

CellPhoneNumber

CellPhoneNumber

user

user

 

 

physicalDeliveryOfficeName

Location

Location

user

user

 

Important, particularly for printers.

postalCode

OfficeZip

OfficeZip

user

user

 

 

proxyAddresses

FullName

FullName

user

user

 

 

sAMAccountName

SAMAccountName

ShortName

user

user

 

The following restricted chars will be replaced with underscores:

+ @ [ ] " / : | ? \ > ; = * < ,

sn

LastName

LastName

user

user

 

Sometimes used as surname.

st

OfficeState

OfficeState

user

user

 

 

streetAddress

OfficeStreetAddress

OfficeStreetAddress

user

user

 

 

telephoneNumber

OfficePhoneNumber

OfficePhoneNumber

user

user

 

 

title

JobTitle

JobTitle

user

user

 

 

 

BTCustom001

FullName

user

user

 

 

Domino Source – AD Target Default Mapping

The below table displays the default values of the Domino Source to AD Target mapping table.

Source Field Internal Field Target Field Source Type Target Type 1 Target Type 2 Comments

InternetAddress

InternetAddress

mail

any

any

 

 

CompanyName

Company

 

any

any

 

 

 

LegacyExchangeDN

legacyExchangeDN

any

any

 

Created using the source object's Notes ID as the CN.

GroupType

GroupType

groupType

group

group

 

 

ListDescription

Comment

info

group

group

contact

 

ListName

DisplayName

displayName

group

group

contact

ListName must be empty in Notes or it will be treated as a group by the router.

ListName

PrimaryAlias

mailNickname

group

group

contact

ListName must be empty in Notes or it will be treated as a group by the router.

  ProxyAddresses proxyAddresses group group contact ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

ListName

SAMAccountName

sAMAccountName

group

group

 

ListName must be empty in Notes or it will be treated as a group by the router.

 

TargetAddress

targetAddress

group

 

contact

TargetAddress is set to the source object's primary SMTP inthe ProxyAddresses, the InternetAddress, or the UserPrincipleName of the source object.

Comments

Comment

comment

sharedMail

sharedMail

contact

 

Description

Info

info

sharedMail

sharedMail

contact

 

FullName

CommonName

cn

sharedMail

sharedMail

contact

 

FullName

PrimaryAlias

mailNickname

sharedMail

sharedMail

contact

 

FullName

DisplayName

displayName

sharedMail

sharedMail

contact

 

FullName

ProxyAddresses

proxyAddresses

sharedMail

sharedMail

contact

ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

FullName

SAMAccountName

sAMAccountName

sharedMail

sharedMail

 

 

 

TargetAddress

targetAddress

sharedMail

sharedMail

contact

TargetAddress is set to the source object's primary SMTP inthe ProxyAddresses, the InternetAddress, or the UserPrincipleName of the source object.

Comments

Comment

comment

resource

resource

contact

 

Description

Info

info

resource

resource

contact

 

FullName

CommonName

cn

resource

resource

contact

 

FullName

PrimaryAlias

mailNickname

resource

resource

contact

 

FullName

CommonName

displayName

resource

resource

contact

 

FullName

ProxyAddresses

proxyAddresses

resource

resource

contact

ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

FullName

SAMAccountName

sAMAccountName

resource

resource

 

 

ResourceCapacity

msExchResourceCapacity

msExchResourceCapacity

resource

resource

contact

 

 

TargetAddress

targetAddress

resource

resource

contact

TargetAddress is set to the source object's primary SMTP inthe ProxyAddresses, the InternetAddress, or the UserPrincipleName of the source object.

Comments

Comment

comment

room

room

contact

 

Description

Info

info

room

room

contact

 

FullName

CommonName

cn

room

room

contact

 

FullName

PrimaryAlias

mailNickname

room

room

contact

 

FullName

CommonName

displayName

room

room

contact

 

FullName

ProxyAddresses

proxyAddresses

room

room

contact

ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

FullName

SAMAccountName

sAMAccountName

room

room

 

 

ResourceCapacity msExchResourceCapacity msExchResourceCapacity room room contact  

 

TargetAddress

targetAddress

room

room

contact

TargetAddress is set to the source object's primary SMTP inthe ProxyAddresses, the InternetAddress, or the UserPrincipleName of the source object.

CellPhoneNumber

CellPhoneNumber

 

user

user

contact

 

Comment

Comment

 

user

user

contact

 

Department

Department

 

user

user

contact

 

EmployeeID

EmployeeID

 

user

user

contact

 

FirstName

FirstName

 

user

user

contact

 

FullName

CommonName

cn

user

user

contact

 

FullName

DisplayName

 

user

user

contact

 

FullName

ProxyAddresses

proxyAddresses

user

user

contact

ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

JobTitle

JobTitle

 

user

user

contact

 

LastName

LastName

 

user

user

contact

Sometimes used as a surname.

Location

Location

 

user

user

contact

Important, particularly for printers.

MiddleInitial Initials   user user contact  

OfficeCity

OfficeCity

 

user

user

contact

 

OfficeFAXPhoneNumber

OfficeFAXNumber

 

user

user

contact

 

OfficePhoneNumber

OfficePhoneNumber

 

user

user

contact

 

OfficeState

OfficeState

 

user

user

contact

 

OfficeStreetAddress

OfficeStreetAddress

 

user

user

contact

 

OfficeZip

OfficeZip

 

user

user

contact

 

ShortName

PrimaryAlias

mailNickname

user

user

contact

 

ShortName

ProxyAddresses

proxyAddresses

user

user

contact

ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

ShortName

SAMAccountName

 

user

user

 

 

 

TargetAddress

targetAddress

user

user

contact

TargetAddress is set to the source object's primary SMTP inthe ProxyAddresses, the InternetAddress, or the UserPrincipleName of the source object.

Resource Type

BTCustom032

 

resource

resource

contact

 

 

BTCustom033

msExchRecipientDisplayType

resource

resource

contact

 

 

BTCustom034

msExchResourceSearchProperties

resource

resource

contact

 

 

BTCustom034

msExchResourceDisplay

resource

resource

contact

 

 

BTCustom035

msExchResourceMetaData

resource

resource

contact

 

Resource Type

BTCustom032

 

room

room

contact

 

 

BTCustom033

msExchRecipientDisplayType

room

room

contact

 

 

BTCustom034

msExchResourceSearchProperties

room

room

contact

 

 

BTCustom034

msExchResourceDisplay

room

room

contact

 

 

BTCustom035

msExchResourceMetaData

room

room

contact

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating