Feeding GALSync with external contacts
Forefront Identity Manager (FIM) provides an out-of-the-box solution for GALSync which is commonly used by Exchange Server customers today. Especially in current times when there is a lot of companies joining, organizing into groups or just cooperating on various integration levels. It is quite common in case of such organizations to have well connected companies (where you have so integrated IT organizations that you can connect directly to other organization Active Directory and read/write address book data) but as well some other satellite companies/sub organization connected in more loosely way.
In such case you can have additional contacts coming from these organizations which you may like to introduce into your GAL. These contacts can be delivered by using CSV files or other method.
Solution
Out of the box GALSync solution provides pre-prepared management agents which can take data out from Active Directory. However it doesn’t provide pre-prepared management agents for other supplementary data sources.
You can add additional contacts as the users (which basically means that they will be authoritative sources for these organizations). There are generally two things you have to remember when adding such sources:
- prepare all necessary attributes (directly in data source or by calculation in import rules)
- use object types for which out of the box synchronization rules will fit your needs
Attributes you need to provide
Attribute | Description |
CN | Used as the name of the contact in AD |
displayName | Used as display name for the contact in GAL (will be visible to the users).It is quite useful to append the name with name of the organization from which contact is coming (it is easier to recognize contacts in case people with the same name are coming from different organizations) |
Mail (SMTP) address | |
mailNickname | Mail nickname used by Exchange to create contact. They should be properly formatted according to Exchange requirements. |
givenName | First name |
sn | Last name |
targetAddress | Target address populated in contact. It should be in format:SMTP:mail
Where mail is SMTP mail address (same as mail attribute). |
You can provide as well some additional attributes like for example attributes related to organization (company, department, etc.).
Selecting object types (Metaverse and on the MA side)
Synchronizing these objects as the contacts in Metaverse doesn’t will not work with standard solution (as it is prepared to take contacts only from predefined OUs). More appropriate way of doing it is to synchronize these additional contacts as the person objects in the Metaverse. On the MA side there is just one thing you have to remember – to define in you Management Agent object class as the user (because this is the class expected by the GALSync provisioning code).
Step by step adding CSV data source
Let’s say you have your additional contacts prepared in CSV file including all necessary attributes. For example your file looks like that:
CN, displayName, mail, mailNickname, givenName, sn, targetAddress
John Smith, John Smith (Partner Company), j.smith@partnercompany.com, j_smith_partnercompany_com, John, Smith, SMTP:j.smith@partnercompany.com
Richard Black, Richard Black (Partner Company), r.black@partnercompany.com, r_black_partnercompany_com, Richard, Black, SMTP:r.black@partnercompany.com
Create new MA taking data from your source
On Configure Attributes tab go to Advanced and change object class to “user”
Add join and projection rules (to person Metaverse class)
Create import flows (add your own if required)
Add run profiles and use your new Management Agent in synchronization cycle
You will need to add run profiles for Import and Synchronization on yours newly created MA. Then you will need to provide data file into the MA data directory (C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\MAData\PartnerCompany_CSV) and run MA whenever it is required. Basically each time after you will provide new data file.
Summary
You can extend GALSync by adding additional sources of addresses. Just need to remember what attributes you have to provide and what class to use to have it in easy way.
If your organization uses cloud based solutions and synchronizing with Azure AD using DIRSync you may be interested as well in following article by Paul Williams – GALSync and DirSync in harmony
How to extend FIM GALSync solution with additional contact sources article has been published as well on Microsoft TechNet.
Hi,
I followed your instructions and imported some test contacts into FIM, but the Export job that creates them in each OU produced an ma-extension-error:
Type: Microsoft.MetadirectoryServices.ExtensionException
Message:
**** ERROR ****
There is no primary SMTP address. Property Name:
**** END ERROR ****
Stack Trace: at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage)
Could this be due to no Proxy address attribute being specified? Also each time the export ran an additional contact would be created in some of the forests with a bracketed number behind it (1), (2) etc.
Hi James,
proxyaddresses is calculated automatically so I don’t think it is an issue here. Have you provided all the attributes I listed? (targetAddress)
The attribute list I provided is absolutely minimal. What is your exchange version?
Names with brackets are used in case they are not unique. In case of errors during creation because of missing attributes it may happened that GALSync tries to create same object once more ….
Hi Borys, thanks for the quick reply. I have added a value to Proxy address and also MsExchVersion and it seems to be ok now. I had some issues in the past with Exch2010 not being able update contacts synced in from Exch2013 forests (resulting in the same sort of duplicates) that were fixed by making the version show as Ex2010. Adding the same value for this attribute seems to have resolved the duplicates issue.
Next challenge is to remove a whole lot of manually created contacts from one forest and replace them with FIM generated contacts, but I also want to preserve the X500 address to prevent Outlook Cache issues.
Hi James, I think you can update join rules in your MA connecting to AD in the way that previously created contacts will join with proper MV records for them. By default they are joining using email address (tragetaddress). You will have to move these contacts to OU for GAL Sync contacts (wise is to put them in some sub OU so you will see when FIM will move them to parent OU after joining).