Gal Sync between exchange 2003 and Exchange 2007 – Part 2

This article is continuation of part 1 to configure Gal Sync between Exchange 2003 and Exchange 2007.  Please refer this link before coming to part 2

3. Creating and Configure IIFP Management Agents

3.1. Creating and Configuring Red.com – GAL MA

1. Login to IIFP Server, open Identity Manager.

2. From the Tools menu, click Management Agents.

3. From the Actions menu, click Create.

4. In Management Agent Designer, in Management agent for, click Active Directory global address list (GAL) (from the pull down).

5. In Name, type “Red GAL MA” and click Next.

6. On the “Connect to an Active Directory forest” page, type the values for

7. Forest name = Red.com

8. User name = redgalsync

9. Password = xxxxx

10. Domain = Red.com

11. Click on options and clear the Sign and encrypt LDAP traffic check box and click Next

12. On the Configure Directory Partitions page, in Select directory partitions, select the only partition listed

13. Clear the Sign and encrypt LDAP traffic check box and select Containers

14. Clear the check box next to the directory partition to clear all organizational units under the directory partition

15. Select “Blue” and all other OU where users and DL accounts are based.

16. Click OK to and click Next

17. On the “Configure GAL” page click on Target container and select the “Contacts” OU which is under Blue OU and click on OK

18. Click on “Source” and select all the OUs where user’s mailbox and DLs are based and click on OK

19. Click on Edit under Exchange Configuration and add DNS suffix @blue.com and click on OK and click Next to continue

20. On the Select Object Types page, verify that the object types required for GAL synchronization are selected. Default settings are taken and Click Next.

21. On the Select Attributes page, verify that the attributes required for GAL synchronization are selected. Default settings are taken and Click Next.

22. On the Configure Connector Filter page, verify that the connector filters required for GAL synchronization are specified. Default settings are taken and Click Next.

23. On the Configure Join and Projection Rules page, verify that the four join and projection rules for GAL synchronization are specified. Default settings are taken and Next

24. In Configure Attribute Flow, verify that the five attribute flow mappings for GAL synchronization are specified. Default settings are taken and click Next

25. On the Configure Deprovisioning page, in Deprovisioning Options, verify that the Determine with a rules extension option is selected and click on Next

On the Configure Extensions page, in Assembly name, verify that the GALSync.dll file is specified and click on Finish

3.2. Creating and Configuring Blue.com – GAL MA

1. Login to IIFP Server, open Identity Manager.

2. From the Tools menu, click Management Agents.

3. From the Actions menu, click Create.

4. In Management Agent Designer, in Management agent for, click Active Directory global address list (GAL) (from the pull down).

5. In Name, type “Blue GAL MA” and click Next.

6. On the “Connect to an Active Directory forest” page, type the values for

7. Forest name = Blue.com

8. User name = bluegalsync

9. Password = xxxxx

10. Domain = blue.com

11. Click on options and clear the Sign and encrypt LDAP traffic check box and click Next

12. On the Configure Directory Partitions page, in Select directory partitions, select the only partition listed

13. Clear the Sign and encrypt LDAP traffic check box and select Containers

14. Clear the check box next to the directory partition to clear all organizational units under the directory partition

15. Select “Red” and all other OU where users and DL accounts are based.

16. Click OK to and click Next

17. On the “Configure GAL” page click on Target container and select “Contacts” OU which is under RED OU and click on OK

18. Click on “Source” and select all the OUs where red.com user’s mailbox and DLs are based and click on OK

19. Click on Edit under Exchange Configuration and add DNS suffix @red.com and click on OK and click Next to continue

20. On the Select Object Types page, verify that the object types required for GAL synchronization are selected. Default settings are taken and Click Next.

21. On the Select Attributes page, verify that the attributes required for GAL synchronization are selected. Default settings are taken and Click Next.

22. On the Configure Connector Filter page, verify that the connector filters required for GAL synchronization are specified. Default settings are taken and Click Next.

23. On the Configure Join and Projection Rules page, verify that the four join and projection rules for GAL synchronization are specified. Default settings are taken and Next

24. In Configure Attribute Flow, verify that the five attribute flow mappings for GAL synchronization are specified. Default settings are taken and click Next

25. On the Configure Deprovisioning page, in Deprovisioning Options, verify that the Determine with a rules extension option is selected and click on Next

On the Configure Extensions page, in Assembly name, verify that the GALSync.dll file is specified and click on Finish

4. Enable Provisioning

1. Open Identity Manager

2. From the Tools menu, click Options.

3. Under Metaverse Rules Extensions, ensure that the Enable metaverse rules extensions check box is selected.

4. In the box located next to Rules extension name, ensure GALSync.dll is present.

5. Select the check box next to Enable Provisioning Rules Extensions to enable provisioning rules extension to be used with the GAL synchronization management agent.

6. Click OK.

 

Hope you like the article  🙂

Gal Sync between exchange 2003 and Exchange 2007 – Part 1

This document is to provide step by step instruction to GAL Sync between Red.com (Exchange 2003) and Blue.com (Exchange 2007 ) organization using IIFP SP2

This document is majorly divided into 4 parts

1. Installing and configuration IIFP

2. Preparing and configuring Active Directory on both Red.com and Blue.com

3. Creating and configuration MA Agents to create mail enabled contacts in both Active directory forest

4. Executing and scheduling MA profiles

Lets talk each of the parts in detail

1. Installing and Configuration IIFP

Follow these steps in order to build and setup IIFP on a Windows Server on any of the domain, either red.com or blue.com

1. Install Windows 2003 R2 enterprise edition and configure server as per best practice

2. Join the server to the domain

3. Install IIS, ASP.net 2.0

4. Install Microsoft SQL Server 2005 with SP1

5. Install Identity Integration Feature Pack SP2

6. Run Microsoft Updates to bring system up to latest patch levels.

2. Creating and Configuring Blue.com – GAL MA

2.1 Configuring Red.com Active Director

1. Login to Red.com domain controller

2. From Start, click Administrative Tools; click Active Directory Users and Computers.

3. Select View from the top drop down menu and select Advanced Features.

4. Create new user “RedGalsync” with password and ensure that password is set not to expire and not to change the password for next logon

5. Select RED.COM and right-click, select Delegate Control

6. On the Welcome to the Delegation of Control Wizard page click Next.

7. On the Users or Groups page click Add.

8. On the Select Users, Computers, or Groups dialog box type “RedGalsync” and click OK.

9. On the Users or Groups page click Next.

10. On the Tasks to Delegate page select create a custom task to delegate, and click Next.

11. On the Active Directory Object Type page except the defaults and click Next.

12. On the Permissions page select General, Property-specific, and Creation/deletion of specific child objects, under permissions select Replicate Directory Changes and Replication Synchronization, and click Next.

13. On the Completing to the Delegation of Control Wizard page click Finish.

14. Create new OU with the name “Blue” under root and create sub OU “Contacts”

15. Right-click the Contacts OU and select Properties.

16. On the Contacts Properties dialog box click Security.

17. On the Contacts Properties dialog box click Add.

18. On the Select Users, Computers, or Groups dialog box type “REDGalsync” and click OK.

19. On the Contacts Properties dialog box select Read, Write, Create All Child Objects, and Delete All Child Objects, and then click OK. Make sure to Apply to this child and all objects.

20. Open ADSIEdit and navigate to the container “Blue”

21. Right-click on OU “Contacts” and select Properties.

22. Click on the Security tab, and click Advanced.

23. Choose to Add an ACE.

24. Specify REDGalsync to apply the permissions to. This will display the permissions dialog.

25. Click on Properties.

26. Drop down the Apply Onto dropdown box and select Child Objects Only.

27. Scroll down and mark Write proxyAddressesAllow.

28. Choose to save the properties. This permission will be applied to every child object whose Allow inheritable permissions from the parent to propagate to this object and all child objects option is selected. This is located in the user’s Advanced Security property sheet. Any user that does not have this selected will not have the permissions granted to it

 

2.2 Configuring Blue.com Active Director

1. Login to Blue.com domain controller

2. From Start, click Administrative Tools; click Active Directory Users and Computers.

3. Select View from the top drop down menu and select Advanced Features.

4. Create new user “BlueGalsync” with password and ensure that password is set not to expire and not to change the password for next logon

5. Select Blue.com and right-click, select Delegate Control

6. On the Welcome to the Delegation of Control Wizard page click Next.

7. On the Users or Groups page click Add.

8. On the Select Users, Computers, or Groups dialog box type “BlueGalsync” and click OK.

9. On the Users or Groups page click Next.

10. On the Tasks to Delegate page select create a custom task to delegate, and click Next.

11. On the Active Directory Object Type page except the defaults and click Next.

12. On the Permissions page select General, Property-specific, and Creation/deletion of specific child objects, under permissions select Replicate Directory Changes and Replication Synchronization, and click Next.

13. On the Completing to the Delegation of Control Wizard page click Finish.

14. Create new OU with the name “Red” under root and create sub OU “Contacts”

15. Right-click the Contacts OU and select Properties.

16. On the Contacts Properties dialog box click Security.

17. On the Contacts Properties dialog box click Add.

18. On the Select Users, Computers, or Groups dialog box type BlueGalsync and click OK.

19. On the Contacts Properties dialog box select Read, Write, Create All Child Objects, and Delete All Child Objects, and then click OK. Make sure to Apply to this child and all objects.

20. Open ADSIEdit and navigate to the container name “Red”

21. Right-click on OU “Contacts” and select Properties.

22. Click on the Security tab, and click Advanced.

23. Choose to Add an ACE.

24. Specify BlueGalsync to apply the permissions to. This will display the permissions dialog.

25. Click on Properties.

26. Drop down the Apply Onto dropdown box and select Child Objects Only.

27. Scroll down and mark Write proxyAddressesAllow.

28. Choose to save the properties. This permission will be applied to every child object whose Allow inheritable permissions from the parent to propagate to this object and all child objects option is selected. This is located in the user’s Advanced Security property sheet. Any user that does not have this selected will not have the permissions granted to it

Exchange Autodiscover in a multi- forest environment

Most of the organization have Exchange multi-forest environment. Organization could be in multi forest environment because of the merger and acquisition or it could be because of security reason. Auto discover is the new feature introduced in Exchange 2007 and its been carried forward in all the subsequent version of exchange like Exchange 2010 and Exchange 2013.

Below link should give you good understanding on the information about

Exchange Autodiscover in a multi-forest environment  1

Exchange Autodiscover in a multi-forest environment 2

 

Hope you got some good understanding on Autodiscover in Exchange 🙂

Exchange Jetstress – Determine maximum disk subsystem throughput

JetStress is a tool for Architects and administrator to test the storage if it can suites your requirement. Through understanding of the Jetstress is important. Proper desiging and right testing with Jetstress make your design a robust solution.

 

Link: Determine throughput of disk subsystem using Jetstress