On Demand Migration Current - Active Directory GAL Sync Setup Quick Start Guide

Setup Workflow

Follow these steps to create one (1) new workflow for reading, matching, staging and writing data. 

How to create a one-way sync workflow for Cloud to Cloud

1. Navigate to Workflows

2. Click the New button

3. Name and Describe the template, Click Next

4. Select the all four (4) environments (Cloud and Local environments per each hybrid tenant) created previously, Click Next

5. Select ONE-WAY SYNC, Click Next

6. The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories.  (Note, additional steps will be added as part of this guide to facilitate bi-directional synchronization.)

7. Start at the top of the steps, 1. Read From. Click the Select button

8. Select all four (4) environments created previously the click OK

9. Move to Match Objects

   1. This is the step where you will decide on how to match existing objects across your hybrid tenant directories

   2. Matching is conducted by pairing sets of attributes to find corresponding objects

   3. Your four (4) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching

   4. For the purpose of GAL Sync, it is most important that email addresses do not conflict before attempting to create new objects in either environment

10. Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment

Figure 1: Example Match Objects Criteria

1. Select your source cloud environment from the drop-down menu

2. Select your target cloud environment from the drop-down menu

3. Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria

4. Choose the WindowsEmailAddress attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

7. In our case we are adding three (3) additional attribute pairings to our criteria

   1. UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist

   2. ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address

   3. WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Directory Sync.  

8. Ensure Match Across all object types is checked in this case.

9. Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches

10. There is no need in this guide to Add Another Pair, click OK to close this configuration

11. Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above.  Click the Select button to configure the Match Objects criteria for your target Cloud environment and source Cloud environment

Figure 2: Example Match Objects Criteria

1. Select your target cloud environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.

2. Select your source cloud environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.

3. Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria

4. Choose the WindowsEmailAddress attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

7. In our case we are adding three (3) additional attribute pairings to our criteria

   1. UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string. If creating new mail-enabled users in a destination directory it will be important to define any UPN conflicts that may exist

   2. ExternalEmailAddress – This attribute was added to ensure no existing MEUs or Mail Contacts have existing objects with the same external or target address

   3. WindowsEmailAddress to CustomAttribute1 – This matching pair is needed to create matching records for new objects created by Directory Sync.  

8. Ensure Match Across all object types is checked in this case.

9. Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches

10. There is no need in this guide to Add Another Pair, click OK to close this configuration

12. Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above.  Click the Select button to configure the Match Objects criteria for your source Local environment and target Local environment

Figure 3: Example Match Objects Criteria

1. Select your source local environment from the drop-down menu on the left.

2. Select your target local environment from the drop-down menu on the right.

3. Choose your first attribute pairings, we will use mail for our first match criteria

4. Choose the mail attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

7. In our case we are adding two (2) additional attribute pairings to our criteria

   1. Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.

   2. Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Directory Sync.  

8. Ensure Match Across all object types is checked in this case.

9. Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches

10. There is no need in this guide to Add Another Pair, click OK to close this configuration

13. Drag a Match Objects workflow task from the left panel to the right under the Match Object task mentioned above.  Click the Select button to configure the Match Objects criteria for your target Local environment and source Local environment

Figure 4: Example Match Objects Criteria

1. Select your target local environment from the drop-down menu on the left as target will now become the source in a bi-directional setup.

2. Select your source local environment from the drop-down menu on the right as source will now become the target in a bi-directional setup.

3. Choose your first attribute pairings, we will use mail for our first match criteria

4. Choose the mail attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

7. In our case we are adding two (2) additional attribute pairings to our criteria

   1. Mail to targetAddress – This matching pair created to ensure the system can match onto existing mail contacts in the target with targetAddress pointed to the source mail attribute.

   2. Mail to extensionattribute1 – This matching pair is needed to create matching records for new objects created by Directory Sync.  

8. Ensure Match Across all object types is checked in this case.

9. Check this box to ensure the workflow is evaluating conflicts regardless of the object type because in two-way GAL sync there may be instances where this condition is true, and we want to ensure you have identified these matches before deciding to create new objects or keep the matches

10. There is no need in this guide to Add Another Pair, click OK to close this configuration

14. Click the Select button to configure the first STAGE DATA workflow task for your Source Cloud to Target Cloud synchronization rule.

    1. Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next

    2. Select the source cloud environment as your source, Click Next

    3. Select the target cloud environment as your target, Click Next

    4. Select the default target domain name, Click Next

    5. Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next (See Pro Tip 8)

    6. Click Finish

15. Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the second STAGE DATA workflow task for your target Cloud to source Cloud synchronization rule.

    1. Select the “Cloud to Cloud GAL Sync Source to Target” template, Click Next

    2. Select the source cloud environment, Click Next

    3. Select the target cloud environment, Click Next

    4. Select the default target domain name, Click Next

    5. Configure any Stage Data filter you like, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next (See Pro Tip 8)

    6. Click Finish

16. Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above. Click the Select button to configure the third STAGE DATA workflow task for your source local to target local synchronization rule.

    1. Select the “Local to Local GAL Sync” template, Click Next

    2. Select the source local environment, Click Next

    3. Select the target local environment, Click Next

    4. Select the default target domain name, Click Next

    5. Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,

    6. In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.

    7. Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next (See Pro Tip 8)

Figure 5: Example Source OU setup.

8. Select the default OU for newly created objects for Users, Groups, Contacts, and Devices.  In our case, we can select the same OU for all object types as we are only syncing user as contact.

Figure 6: Example Target OU setup.

9. Click Finish

17. Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above.  Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.

    1. Select the “Local to Local GAL Sync” template, Click Next

    2. Select the target local environment as your source, Click Next

    3. Select the source local environment as your target, Click Next

    4. Select the default target domain name, Click Next

    5. Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,

    6. In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.

    7. Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next

Figure 7: Example Source OU setup.

8. Select the default OU for newly created objects for Users, Groups, Contacts, and Devices.  In our case, we can select the same OU for all object types as we are only syncing user as contact.

Figure 8: Example Target OU setup.

9. Click Finish

18. Click the Select button to configure the WRITE TO workflow task. Ensure all four (4) environments are selected, Click OK

19. Click Next

20. Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed.  Click Next

21. Setup any workflow alert you may wish to configure, for now, Click SKIP

22. Click Finish

Set up Test Objects

Follow these steps to create one test objects in each environment to validate the GAL Sync workflow.

1. Setup a Remote Mailbox in the source local environment and ensure it is part of the OU filter setup for the Local Environment.

   1. DisplayName: Lab1RMBX1

   2. PrimarySMTPAddress:  Lab1RMBX1@Lab1.Leagueteam.us

2. Setup a Remote Mailbox in the target local environment it is part of the OU filter setup for the Local Environment.

   1. DisplayName: Lab2RMBX1

   2. PrimarySMTPAddress:  Lab2RMBX1@Lab2.Leagueteam.us

3. Setup a Mailbox in the source cloud environment.

   1. DisplayName: Lab1CLDMBX1

   2. PrimarySMTPAddress:  Lab1CLDMBX1@Lab1.Leagueteam.us

4. Setup a Mailbox in the source cloud environment.

   1. DisplayName: Lab2CLDMBX1

   2. PrimarySMTPAddress:  Lab2CLDMBX1@Lab2.Leagueteam.us

5. Capture the LegacyExchangeDN value for the above test objects for later use.

6. Add the test cloud objects as a member of the filter group for the Cloud Environment if filter group is configured when the environment was first configured. 

Validating the Workflow

Follow the below steps to perform the GAL Sync workflow and validation.

1. Select the workflow configured and click on RUN.

2. Allow the workflow execution to complete.

3. Validate Lab1RMBX1 from source local environment will be created in target local environment as Mail Contact.  The target Mail Contact should have the following set:

   1. Source Mailbox’s PrimarySMTPAddress will be added as targetAddress

   2. Source Mailbox’s LegacyExchangeDN will be added as x500 address.

   3. Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.

   4. Target Contact’s cn will be created as a random GUID to ensure there will be no name collisions.

4. Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact.  The target Mail Contact should have the following set:

   1. Source Mailbox’s PrimarySMTPAddress will be added as external email address

   2. Source Mailbox’s LegacyExchangeDN will be added as x500 address.

5. Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress. Validate Lab1CLDMBX1 from source cloud environment will be created in target cloud environment as Mail User.  The Mail User should have the following set:

   1. Source Mailbox’s PrimarySMTPAddress will be added as external email address

   2. Source Mailbox’s LegacyExchangeDN will be added as x500 address.

   3. Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.

6. Validate Lab2CLDMBX1 from source cloud environment will be created in target cloud environment as Mail Contact.  The Mail Contact should have the following set:

   1. Source Mailbox’s PrimarySMTPAddress will be added as external email address

   2. Source Mailbox’s LegacyExchangeDN will be added as x500 address.

   3. Source Mailbox’s PrimarySMTPAddress will be added as PrimarySMTPAddress.