none
Using FIM 2010 R2 to perfrom GALsync and created uniquie emails addresses in a Multiple Forest with Shared Email Namespace environment RRS feed

  • Question

  • Hello All,

    I have a Multiple Forest environment that has a shared single namespace, ILM 2007 is currently performing GALsync and as part of that sync ensures that users have a unique email address. The ILM server is running on Server 2003 and needs to be replaced as part of the End Of Support of Server 2003.

    The environment looks a like this

    SMTP Domain - company.com

    Doamin1.com - Exchange 2010 - This is the owner of our smtp domain and where all email is delivered to, there are send connectors configured to forward email on to domain2 and doamin3 based on target address
    Domain2.com - Exchange 2007 - This is a part of the company that has its own IS - users have a contact on in domain1.com with target address of @e2k07.domain2.com
    Domain3.com - Exchange 2010 - This is a company that was acquired - users have a contact on in domain1.com with target address of @e2k10.domain3.com

    The ILM service is the glue that ensures the GALs are synced across all three environments and most importantly all users have a unique email address.

    Email address provision happens as follows

    Domain1 - users are created with email enabed with whatever email address is available e.g. joe.blogs@company.com

    Domain2 - users are created with and email address that has a prefix domain2_joe.blogs@company.com when the ILM service runs its management agents it then assigns the user a available email address e.g. joe.blogs2@company.com which is set as primary, it also creates a secondary address of joe.blogs2@e2k07.domain2.com ILM will also create contacts in doamin1 and domain3 for the user with the target address of joe.blogs2@e2k07.domain2.com

    Domain3 - users are created with and email address that has a prefix domain3_joe.blogs@company.com when the ILM service runs its management agents it then assigns the user a available email address e.g. joe.blogs3@company.com which is set as primary, it also creates a secondary address of joe.blogs3@e2k07.domain2.com ILM will also create contacts in doamin1 and domain3 for the user with the target address of joe.blogs3@e2k07.domain3.com

    To add more complexity - Domain4.com - Exchange 2013 / O365 Hybrid - This is a new domain that users from Domain2 and Domain3 will be migrating to - users will have a contact on in domain1.com with target address of @e2k13.domain4.com (This domain is not currently configured in ILM)

    My problem is that I was not involved in the original implimentation of the ILM server and it looks like the 3rd party that was brought in to do it wrote some custom dll's to carry out the requried work.

    What I would like to do is impliment FIM 2010 R2 to replace the ILM server, running FIM on Server 2012 R2 with SQL 2012 SP2.

    So following these two guides;
    https://www.winsec.nl/2012/10/08/installing-fim-2010/
    http://www.msexchange.org/articles-tutorials/exchange-server-2010/migration-deployment/deep-dive-into-rich-coexistence-between-exchange-forests-part1.html

    Which are both excellent!

    I have built the new FIM server and have configured a couple of Management Agents for Active Directory global address list (GAL) for domain2 and domain4, and so far have run the Full Import (Stage Only) and then Full Synchronization to populate the Metaverse and that appears to work.

    My next step is to setup the MA to connect to Domain1 and then populate the Metaverse

    After that I am afraid that my searching of the interweb is drying up on the method to provison an unique email address and creating the contacts in the other domains with the target addresses.

    I was planning to configure the email address creation rules (once i figure out how to do it) to work on Domain4 and write contacts in to Domain3 so we could test that the logic all works without impacting the mail flow of the primary (Domain1), then once happy introduce it to the other domain and decomission the ILM service.

    This article https://technet.microsoft.com/en-us/magazine/ff472471.aspx that suggests with FIM 2010 I wont need to use Code but rather the Codeless Provisioning option to setup the email address creation rules?? I have yet to setup the FIM Portal server though.

    This article was going in the direction that I needed however was never completed - https://ibrahimnore.wordpress.com/2012/09/02/cross-forest-smtp-namespace-sharing-part-1/

    Has anyone had any experance with a similar requirement?

    I have been documenting my steps so far in setting up the FIM 2010 server and will be more than happy to share / publish the entire process once it is completed

    Many thanks in advance for any help

    Graham

    As a foot note if anyone was wondering the current Free / Busy is being managed by a InterOrg service!, we will be moving to using the MS Federation Gateway and setting Organization relationships for the Free / Busy.
    Wednesday, June 10, 2015 3:09 PM

All replies

  • Hi Graham

    I am heading down the same path now and wondered if you managed to track down any good resources?

    Thanks

    Alan

    Thursday, October 29, 2015 10:59 AM