Forefront Identity Manager (FIM) provides an out-of-the-box solution for GALSync which is commonly used by Exchange Server customers today.

In recent times a lot of companies are joining into groups or just cooperating on various integration levels. It is quite common for such organizations to have well connected companies (where you have so integrated IT organizations that you can connect directly to other organization Active Directory and read/write address book data) but as well some other satellite companies/sub organization connected in a looser way.

In such case you can have additional contacts coming from these organizations which you may like to introduce into your GAL. These contacts can be delivered by using CSV files or other method.

 


Solution

Out of the box GALSync solution provides pre-prepared management agents which can take data out from Active Directory. However it doesn't provide pre-prepared management agents for other supplementary data sources. You can add additional contacts as the users (which basically means that they will be authoritative sources for these organizations). There are generally two things you have to remember when adding such sources:
  • prepare all necessary attributes (directly in data source or by calculation in import rules)
  • use object types for which out of the box synchronization rules will fit your needs

 

Attributes you need to provide

 

Attribute Description
CN Used as the name of the contact in AD
displayName Used as display name for the contact in GAL (will be visible to the users).It is quite useful to append the name with name of the organization from which contact is coming (it is easier to recognize contacts in case people with the same name are coming from different organizations)
mail Mail (SMTP) address
mailNickname Mail nickname used by Exchange to create contact. They should be properly formatted according to Exchange requirements.
givenName First name
sn Last name
targetAddress Target address populated in contact. It should be in format:SMTP:mail Where mail is SMTP mail address (same as mail attribute).

You can provide as well some additional attributes like for example attributes related to organization (company, department, etc.).

 

Selecting object types (Metaverse and on the MA side)

Synchronizing these objects as the contacts in Metaverse doesn't will not work with standard solution (as it is prepared to take contacts only from predefined OUs). More appropriate way of doing it is to synchronize these additional contacts as the person objects in the Metaverse. On the MA side there is just one thing you have to remember - to define in you Management Agent object class as the user (because this is the class expected by the GALSync provisioning code).

 


Step by step adding CSV data source

Let's say you have your additional contacts prepared in CSV file including all necessary attributes. For example your file looks like:

CN, displayName, mail, mailNickname, givenName, sn, targetAddress
John Smith, John Smith (Partner Company), j.smith@partnercompany.com, j_smith_partnercompany_com, John, Smith, SMTP:j.smith@partnercompany.com
Richard Black, Richard Black (Partner Company), r.black@partnercompany.com, r_black_partnercompany_com, Richard, Black, SMTP:r.black@partnercompany.com

Create new MA taking data from your source

Start creating CSV MA

 

Step 1

Step 2

Step 3

 

On Configure Attributes tab go to Advanced and change object class to "user"

 

 

Step 4

Step 4a

Step 5 Add filters if required

Step 6

 

Add join and projection rules (to person Metaverse class)

Step 7

 

Create import flows (add your own if required)

Step 8

Finish creating MA

 

 

Step 9

Step 10

 

Add run profiles and use your new Management Agent in synchronization cycle

You will need to add run profiles for Import and Synchronization on yours newly created MA. Then you will need to provide data file into the MA data directory (C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\MAData\PartnerCompany_CSV) and run MA whenever it is required. Basically each time after you will provide new data file.

 


Summary

You can extend GALSync by adding additional sources of addresses. Just need to remember what attributes you have to provide and what class to use to have it in easy way.

If your organization uses cloud based solutions and synchronizing with Azure AD using DIRSync you may be interested as well in following article by Paul Williams - GALSync and DirSync in harmony

 

The article has originally been published by the author on IDArchitect.NET blog.