Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  Using the FOPE Directory Sync Tool in a Non-Exchange Environment

Using the FOPE Directory Sync Tool in a Non-Exchange Environment

Using the FOPE Directory Sync Tool in a Non-Exchange Environment

If you do not have Exchange Servers in your environment, you might want to use Directory Edge Blocking but not want to use some data sync means like CSV or SFTP due to the overhead. If so, you can use an Active Directory Forest that is populated from a non Exchange Directory Service by using the Directory Syncronization Tool.  If so, there are certain necessary attributes in the AD Forest you must have to successfully use the Directory Sync Tool. Following are the attributes the tool uses in the AD query.
  •  givenName
  • sn (Surname)
  • proxyAddresses (The address must be in the form of "smtp:email@address.com" without the quotes in this attribute, also if you wish to control the Primary Email address within FOPE i.e. one used for Spam Quarantine access etc you should use a "SMTP:email@address.com" without the quotes for the primary and the uppercase SMTP will denote the primary to the DST tool)
  • msExchSafeSendersHash (not needed but we do sync it if available)
  • IsDeleted
  • objectClass
  • objectGuid
  • whenCreated

The DST queries for those attributes for the following types of AD objects:

  • contact
  • group
  • inetorgperson
  • person
  • publicfolder
  • user

To query to see what should be synced by DST run the following in your domain:

dsquery * domainroot -filter "(proxyAddresses=*)" -attr proxyaddresses

If you have more than 1 domain in your forest you may need to set the proxyAddresses attribute so that it replicates to the Global Catalog Partial Attribute Set as the DST only queries it's local DC/GC for accounts.  In order to do this you will need to do the following:

  • Open adsiedit.msc, in the Connection Settings modify the drop down for "Select a well known Naming Context" and select Schema.
  • Once this opens expand the top level and then click on the folder that starts with CN=Schema,CN=Configuration ... etc
  • Locate CN=Proxy-Addresses in the right hand window and right click and open properties for this item.
  • Scroll down and locate the isMemberOfPartialAttributeSet attribute and set this value to TRUE
  • Click OK through the rest and close out.  This may take a while to replicate through your forest depending on replication convergence times.
  • You should be able to run the following "dsquery * forestroot -filter "(proxyAddresses=*)" -attr proxyaddresses" to get a list of addresses that will be replicated by the DST from the entire forest following this change

, ,
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 3 Oct 2011 12:19 PM

    We are on BPOS and FOPE so no local exchange server.  BPOS DST tool is set up and syncs from our AD.  I am trying to configure FOPE DST to sync from AD as well, however it syncs successfully yet does not sync any of the users.  Can you clarify more on the article?  I would really appreciate it.  Thank you.

Page 1 of 1 (1 items)