by using galsync policies - netsec.de · es es 7 or you synchronize the mail-enabled objects of the...

GALSYNC® V7.4

Global Address List (GAL) into mailboxes

by using GALsync policies

NETsec

15. July 2019

NETsec GmbH & Co.KG | Schillingsstrasse 117 | DE - 52355 Düren

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

2

Introduction .................................................................................. 5

GALsync ........................................................................................ 5

contactSync ................................................................................... 5

Global Address List (GAL) into mailboxes by using GALsync policies ...... 5

Quickstart: Global Address List (GAL) into mailboxes .................... 6

1 Prerequisites ............................................................................... 7

2 Install the software in the source forest .......................................... 9

3 Create and run an export policy .................................................. 13

4 Create and run an import policy .................................................. 23

Deployment Guide ....................................................................... 34

Introduction ................................................................................ 34

Exchange 2010-2019 -> Mailbox Contacts ....................................... 35

Exchange Online -> Mailbox Contacts ............................................. 36

Technical Guide ........................................................................... 37

System Requirements ................................................................... 37

Prerequisites ................................................................................ 37

Service Account ......................................................................... 37

Mailbox .................................................................................... 38

Permission to access the mailboxes (Mailbox contacts) ................... 39

Execution Policy (Exchange online) .............................................. 39

Some notes to the remote PowerShell management for Office 365

tenants ..................................................................................... 40

Running GALsync Policies via command line .................................. 40

Transport options to transfer data .................................................. 41

Manual ..................................................................................... 41

Via email .................................................................................. 42

Via network share ...................................................................... 44

Via FTP ..................................................................................... 45

Filter mailboxes ........................................................................... 46

NoMailboxSync (internal mark) .................................................... 46

Choose mailboxes (On-premise) .................................................. 47

Choose mailboxes (Exchange Online) ........................................... 49

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

3

Search mailboxes (On-premise) ................................................... 50

Search mailboxes (Exchange Online) ............................................ 52

Mailbox Contact Folder .................................................................. 53

Choose (Mailbox contacts) .......................................................... 54

Filter and Modify objects for import into mailboxes ........................... 57

Properties (Mailbox contacts) ...................................................... 57

Special options for import into mailboxes ........................................ 63

Import Settings: General (Mailbox contacts) ................................. 63

Create sub-folders for each sending domain .................................. 63

Synchronize Picture ................................................................... 64

Mark synchronized contacts as private.......................................... 64

Modify or delete existing contacts with source domain .................... 64

Import Settings: E-Mail Addresses (Mailbox contacts) .................... 65

Modify target address with domain .............................................. 66

Modify primary SMTP address with domain ................................... 67

Modify mail address with domain ................................................. 67

Retain targetAddress of users and contacts ................................... 68

Import Settings: Object Filter (Mailbox contacts) ........................... 69

Object Filter: Exclude all objects of the data file from import, which

has one of the following conditions .............................................. 69

Encryption ................................................................................... 71

Symmetric Keys ........................................................................ 72

Asymmetric Keys (Public Key) ..................................................... 72

Status notification ........................................................................ 73

Schedule Service .......................................................................... 74

How to ......................................................................................... 75

How to configure Exchange Impersonation? ..................................... 75

Exchange Impersonation in Exchange 2010, 2013, 2016, 2019 and

Exchange Online (Mailbox contacts) ............................................. 75

How to grant full access to the user mailboxes? ............................... 81

Exchange 2010 .......................................................................... 81

Exchange 2013, 2016, 2019 and Exchange Online ......................... 81

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

4

How to bulk assign full access permissions to multiple user mailboxes

............................................................................................... 82

How to disable EWS Throttling for the contactSync account? .............. 84

Exchange 2010 .......................................................................... 84

Exchange 2013, Exchange 2016 and Exchange 2019 ...................... 84

How to grant full access to the user mailboxes? ............................... 85

Exchange 2010 .......................................................................... 85

Exchange 2013, 2016, 2019 and Exchange Online ......................... 85


............................................................................................... 86

How to check the PowerShell version on the GALsync server? ............ 88

Troubleshooting and Support Guide ............................................. 89

19031 (15770) - Not all mails arrived ... .......................................... 89

Issue with Exchange Online connection ........................................... 89

The Autodiscover service returned an error ................................... 89

Could not load file or assembly 'netstandard, Version=2.0.0.0,

Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its

dependencies. The system cannot find the file specified. ................... 90

Support: What to do when I notice an error / bug? ........................... 91

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

5

Introduction

GALsync

GALsync synchronizes the Global Address List (GAL) between different

Exchange environments, which can be on-premise Exchange environments

or Exchange Online of Office 365 tenants. Please have a look in the

GALSYNC MANUAL for further information.

https://www.netsec.de/en/products/galsync/documentation.html

contactSync

contactSync synchronizes the Global Address List (GAL) into users’

mailboxes, which are in the same environment. Mail-enabled objects of an

on-premise Active Directory can be synchronized into on-premise

Exchange mailboxes of the same forest and mail-enabled objects of an

Office 365 tenant can be synchronized into Exchange Online mailboxes of

the same Office 365 tenant. Please have a look in the CONTACTSYNC MANUAL

for further information.

https://www.netsec.de/en/products/contactsync/documentation.html

Global Address List (GAL) into mailboxes by using GALsync policies

A cross-forest synchronization from mail-enabled objects of an on-premise

Active Directory into Exchange Online mailboxes of an Office 365 or mail-

enabled objects of an Office 365 tenant into on-premise Exchange

mailboxes is only possible with two GALsync policies. One of the GALsync

policies exports the mail-enabled objects from an on-premise Active

Directory or from an Office 365 tenant and the second GALsync policy

imports the exported objects as contacts into on-premise Exchange

mailboxes or Exchange Online mailboxes.

This document describes how to synchronize the Global Address List (GAL)

into user’s mailboxes of another Exchange environment.

MICROSOFT STOPPED SUPPORTING EXCHANGE 2007 ON THE 11TH APRIL 2017.

AS MUCH AS WE WOULD LIKE TO KEEP COMPATIBILITY UP FOR ALL VERSIONS, WE CANNOT SUPPORT

AN ENVIRONMENT, WHICH IS NO LONGER SUPPORTED BY THE MANUFACTURER.

https://www.netsec.de/en/products/galsync/documentation.html

https://www.netsec.de/en/products/contactsync/documentation.html

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

6

Quickstart: Global Address List (GAL) into mailboxes

Here you test the basic steps for a successful first unidirectional

synchronization.

In this example you synchronize the mail-enabled objects of the on-

premise Active Directory forest into contacts folder of user mailboxes,

which are on the on-premise Exchange server in the same forest.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

7

Or you synchronize the mail-enabled objects of the Office 365 tenant into

contacts folder of user mailboxes, which are on the Exchange Online in the

same Office 365 tenant.

1 Prerequisites

• Your environment must be based on Exchange 2010 SP1 and later or

Exchange Online (Microsoft Office 365).

MICROSOFT STOPPED SUPPORTING EXCHANGE 2007 ON THE 11TH APRIL 2017.

AS MUCH AS WE WOULD LIKE TO KEEP COMPATIBILITY UP FOR ALL VERSIONS, WE CANNOT

SUPPORT AN ENVIRONMENT, WHICH IS NO LONGER SUPPORTED BY THE MANUFACTURER.

• The computer you want to install GALsync on

• Must be a member of the domain if your side is On-Premises. It

should have a good bandwidth to the next DC/GC and an Exchange

Server with CAS role.

• Can also be a standalone machine if your side is Office 365

Exchange Online.

• Should have a dual-core processor and 2GB RAM.

• Can be a client OS, e.g. Windows 7 Professional (64-Bit), for testing

or a server OS, e.g. Windows 2008 R2 SP1 (64-Bit).

• Must be configured with .NET Framework 4.7.1.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

8

• Must be configured with PowerShell 3.0 and later.

• Create a service account with an Exchange mailbox.

• On-Premises: Provide the user of the mailbox with administrative

permissions on the machine you want to install GALsync on.

• Exchange Online: The user of the mailbox must be member of the

EXCHANGE ADMINISTRATOR role or GLOBAL ADMINISTRATOR role.

• GALsync must have direct access to the user mailbox via Exchange

Web Services.

NOTE: DIRECT ACCESS TO KIOSK USER MAILBOXES VIA EXCHANGE WEB SERVICES IS NOT

PERMITTED. SEE http://community.office365.com/en-us/forums/158/t/62635.aspx

AND http://social.msdn.microsoft.com/Forums/en-

US/exchangesvrdevelopment/thread/1758d5f8-be86-4dc9-b53c-d6eb38d2d7d2

• Ensure that the mailbox is accessible (e.g. by Outlook Web Access),

that the mailbox can send to and receive mails from the other

organization and that incoming mails from the other organization do

not get caught by your spam filter or firewall.

NOTE: NEW CREATED EXCHANGE ONLINE ACCOUNTS NEED TO LOG ON AT LEAST ONE TIME TO

RESET THEIR TEMPORARY PASSWORD. OTHERWISE REMOTE POWERSHELL WILL NOT WORK.

• If your side is On-Premise, make sure that you can logon with the

configured service account. It is also required that the setup of

GALsync can grant this account with local security permissions to LOG

ON AS SERVICE. You may also add the service account to the local group

REMOTE DESKTOP USERS.

• For testing purposes create some mailboxes and a group. Add the

mailboxes as member to the group.

• The service account needs EXCHANGE IMPERSONATION or the FULL ACCESS

PERMISSIONS for the mailboxes where you want to import into the

mailbox contacts.

Please have a look at the chapters:

• How to configure Exchange Impersonation?

• How to grant full access to the user mailboxes?

NOTE: IN A HYBRID EXCHANGE ENVIRONMENT YOU NEED TWO IMPORT POLICIES.

ONE IMPORT POLICY, WHICH IMPORTS INTO THE MAILBOXES, WHICH ARE LOCATED ON AN

ON-PREMISES EXCHANGE SERVER.

THE OTHER IMPORT POLICY, WHICH IMPORTS INTO THE MAILBOXES, WHICH ARE LOCATED

ON EXCHANGE ONLINE OF THE OFFICE 365 TENANT.

http://community.office365.com/en-us/forums/158/t/62635.aspx

http://social.msdn.microsoft.com/Forums/en-US/exchangesvrdevelopment/thread/1758d5f8-be86-4dc9-b53c-d6eb38d2d7d2


GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

9

2 Install the software in the source forest

• Login with the user you created before. Run setup.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

10

• Run GALsync the first time and configure a Service Account (SA) by

taking the same account as you are logged in (On-Premise).

If the setup detects that GALsync was installed on a standalone

machine, the service account will be added automatically as

LOCALSYSTEM.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

11

Running GALsync you can check the service account configuration and

your log-in account at bottom left corner.

On-Premise

Exchange Online

• In menu HELP select ABOUT and add your license.

http://www.dict.cc/englisch-deutsch/bottom+left+corner.html

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

12

• On-Premise only: In menu OPTIONS select EXCHANGE.

Configure the access to your Exchange Server. Click MANUAL SETTING and

the SEARCH icon. Now GALsync tries to use AUTODISCOVER and displays

the EXCHANGE WEB SERVICES URL it discovers. If you get an error

message please insert the correct EXCHANGE WEB SERVICES URL for your

environment.

• Leave the other option unclicked.

• Confirm the first configuration by pressing the SAVE button.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

13

3 Create and run an export policy

• Create a first Export policy lead by the wizard

• Choose to EXPORT DIRECTORY INFORMATION and

choose AN ON-PREMISE EXCHANGE ORGANIZATION OR A HYBRID EXCHANGE

ORGANIZATION. EXPORT DIRECTORY INFORMATION (GAL) FROM AN ON-PREMISE

EXCHANGE ORGANIZATION OR A HYBRID EXCHANGE ORGANIZATION.

or choose to EXPORT DIRECTORY INFORMATION and

choose AN EXCHANGE ONLINE / OFFICE 365 TENANT, WHICH IS AN EXCHANGE

CLOUD-ONLY SCENARIO. EXPORT DIRECTORY INFORMATION (GAL) FROM AN

EXCHANGE ONLINE / OFFICE 365 TENANT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

14

• If you are at Exchange Online then click on ADD to insert new

credentials.

Insert the username, password and e-mail address of an appropriate

account in the Exchange Online (Microsoft Office 365).

NOTE: MICROSOFT ALLOWS ONLY 3 POWERSHELL CONNECTION PER ACCOUNT TO EXCHANGE

ONLINE (MICROSOFT OFFICE 365).

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

15

GALsync will only use the mailbox of the primary account to send and

receive e-mails.

NOTE: ALL ACCOUNTS MUST BE FROM THE SAME EXCHANGE ONLINE (MICROSOFT OFFICE 365)

TENANT

Click NEXT

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

16

• Choose MANUAL as data transfer mode.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

17

Note the data file path for the import policy if you have change it.

• Click NEXT.

Here you can select the mail-enabled objects, which you want to

export.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

18

• As directory information SEARCH for the group which you created for

test purposes with some test-mailboxes and groups as member.

• Click APPLY.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

19

• Choose GROUP + MEMBERSHIP. Choose SETTINGS FOR ALL GROUPS.

• Click OK.

NOTE: IF THE MSEXCHRECIPIENTTYPEDETAILS / RECIPIENTTYPEDETAILS PROPERTY IS NOT SET, THE

OBJECT WILL BE EXPORTED.

• Click NEXT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

20

• Leave STATUS NOTIFICATION EMAILS unclicked and click NEXT.

• Leave SCHEDULE SERVICE unclicked and click NEXT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

21

• In the GENERAL SECTION insert a name for the policy and click NEXT.

• After in SUMMARY SECTION all your configuration is validated click FINISH.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

22

• Execute the policy by clicking RUN while mouse focus is set to the policy

name in the hierarchy tree on the left-hand side. The OPERATION STATUS

displays the progress. After execution click CLOSE.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

23

4 Create and run an import policy

• Create a first import policy lead by the wizard

• Choose to IMPORT DIRECTORY INFORMATION (GAL) INTO CONTACTS FOLDER OF

USER´S MAILBOXES

and choose THE MAILBOXES ON AN ON-PREMISE EXCHANGE SERVER.

• Click NEXT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

24

• If the mailboxes are on Exchange Online then insert the user-ID,

password and e-mail address of an appropriate account in the cloud.

Click NEXT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

25

• You can test the credentials.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

26

• Exchange on-premise:

The GALsync service account needs the EXCHANGE IMPERSONATION or the

FULL ACCESS PERMISSION for each mailbox, where you want to import the

mail-enabled objects as contacts.

If you don´t want give the GALsync service account the EXCHANGE

IMPERSONATION or the FULL ACCESS PERMISSION for each mailbox, you can

insert a dedicated mailbox user, which has the EXCHANGE IMPERSONATION

or the FULL ACCESS PERMISSION for each mailbox.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

27

• Exchange Online:

The primary account for Exchange Online needs EXCHANGE

IMPERSONATION or the FULL ACCESS PERMISSION for each mailbox, where

you want to import the mail-enabled objects as contacts.

If you don´t want give the primary account for Exchange Online the

EXCHANGE IMPERSONATION or the FULL ACCESS PERMISSION for each mailbox,

you can insert a dedicated mailbox user, which has the EXCHANGE

IMPERSONATION or the FULL ACCESS PERMISSION for each mailbox.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

28

• Choose the mailbox users, which should get the mail-enabled objects

as contacts.

NoContactSync (internal mark)

If you do not want a special object to be exported, you may insert the

value NOCONTACTSYNC in any of the custom attributes (on-premise:

EXTENSIONATTRIBUTE1 - EXTENSIONATTRIBUTE15 or Exchange online:

CUSTOMATTRIBUTE1 - CUSTOMATTRIBUTE15). This prevents contactSync from

adding this object to the export list.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

29

• Choose MANUAL as data transfer mode. Click NEXT.

NOTE: IF YOU HAVE CHANGED THE DATA FILE PATH AT THE EXPORT POLICY, YOU HAVE

CHANGE IT HERE TO THE SAME VALUE.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

30

• Click NEXT.

• CREATE a folder for the contacts and select it.

• Click NEXT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

31

• Leave STATUS NOTIFICATION EMAILS unclicked and click NEXT.

• Leave SCHEDULE SERVICE unclicked and click NEXT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

32

• In the GENERAL SECTION insert a name for the policy and click NEXT.

• After in SUMMARY section all your configuration is validated click FINISH.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

33

• Execute the policy by clicking RUN while mouse focus is set to the policy

name in the hierarchy tree lefthander.

• The OPERATION STATUS displays the progress. After execution click CLOSE.

Now you should see the synchronized mail-enabled objects in the folder of

the mailbox contacts.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

34

Deployment Guide

Introduction

This chapter will help you to plan your GALsync installation. To simplify

the description of each scenario below.

Some key notes before

• In a single configuration policy there is no technical limitation in the

number of objects you want to select for sync.

• You can create a limitless number of policies. Multiple policies must be

scheduled for execution – no concurrent executions are possible.

Policies are kept in a queue and will be run sequentially.

• If you have multiple forests you want to import from then every

exporting site should use its own subject phrase (when transmitting the

data via mail). So, you can configure import policies using the same

mailbox for receiving and still determine the correct data file per policy.

NOTE:

SYNCHRONIZING BETWEEN DIFFERENT FORESTS WE RECOMMEND TO CHOOSE EMAIL AS

PREFERRED TRANSPORT METHOD.

SYNCHRONIZING THE OWN DIRECTORY OBJECTS INTO A FOLDER OF MAILBOX CONTACTS,

WHICH ARE LOCATED ON THE OWN EXCHANGE ENVIRONMENT, WE RECOMMEND TO CHOOSE

THE CONTACTSYNC MODULE.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

35

Exchange 2010-2019 -> Mailbox Contacts

If your environment is based on Exchange 2010, 2013, 2016 or 2019 and

you want to sync into a folder of mailbox contacts, which are located on

the Exchange 2010, 2013, 2016 or 2019 please use GALsync version 7 to

synchronize directory objects.

You have to install an instance of GALsync 7 on a domain member

computer in Exchange 2010, 2013, 2016 or 2019 forest.



ON-PREMISE EXCHANGE SERVER.



* MICROSOFT STOPPED SUPPORTING EXCHANGE 2007 ON THE 11TH APRIL 2017.



GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

36

Exchange Online -> Mailbox Contacts

If your environment is based on Exchange Online and you want to sync

into a folder of mailbox contacts, which are located on the Exchange

Online please use GALsync version 7 to synchronize directory objects.

To get access to an Exchange Online (cloud only) environment you can

also use a standalone server.



ON-PREMISE EXCHANGE SERVER.



You can also use the GALsync software on the machine you installed in

Exchange 2010, 2013, 2016 or 2019 forest to access Exchange Online, so

you can import the directory objects into a folder of mailbox contacts,

which are located on the Exchange Online. But in this case, you need a

mailbox user in the Office 365 tenant, which has the full access permission

to the mailboxes, which are located on Exchange Online.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

37

Technical Guide

System Requirements

* MICROSOFT STOPPED SUPPORTING EXCHANGE 2007 ON THE 11TH APRIL 2017.



Prerequisites

Service Account

If you run GALsync in the context of a domain then create a service

account which will be owner of the GALsync service.

• The service account must be a domain user of the same domain, the

GALsync server is member to.

• Make sure that the service account is member of the LOCAL

ADMINISTRATORS group.

• The service account needs the local right to RUN AS A SERVICE (this right

is added to the service account during the installation).

• Make sure you can logon as the service account. It is possible that the

user requires membership in the group Remote Desktop Users.

Components Required

OS (64Bit) Windows 2008 R2 SP1 Server

Windows 2012 Server

Windows 2012 R2 Server

Windows 2016

Windows 2019

In small environments or for testing purposes you can also install GALsync on a client

computer running Windows 7 Professional or Windows 10 Professional.

Hardware Processor: minimum dual core

RAM: minimum 2GB

Software .NET Framework 4.7.1

PowerShell 3.0 and later

Recommendations Exchange On-Premises: We recommend to install GALsync on a member server within

the domain (e.g. dedicated GALsync server, file server or backup server). The machine

should be uncritical (e.g. may be restarted without complications). The GALsync server

must have a high bandwidth connection to the DC/GC.

Exchange Online: See recommendations for On-Premise; but you can use a

standalone computer.

Supported

Exchange

Versions*

Exchange 2010 SP1 and later

Exchange 2013 and later



Exchange Online (Office 365)

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

38

• In order to install GALsync you need administrative permission. Setup

will also install the GALsync Scheduling Service on the computer you

setup GALsync on.

NOTE: WE STRONGLY RECOMMEND LOGGING ON AS THE SERVICE ACCOUNT TO RUN THE

GALSYNC GUI.

IMPORTANT: IF YOU CONFIGURE THE LOGON INFORMATION FOR THE SERVICE ACCOUNT IN THE

GALSYNC GUI USING EXCHANGE ON-PREMISE, THEN ALWAYS USE THE FORMAT DOMAIN\USERNAME.

If you run GALsync on a standalone machine (this is only valid in an

Exchange Online cloud-only scenario) then no logon information is

required because the GALsync service will be run as the LOCALSYSTEM

account.

Mailbox

At the Exchange on-premise side create an Exchange Mailbox, which will

run all GALsync policies from now on. If you are in a domain then this

mailbox should be owned by the GALsync service account. The mailbox

cannot be hidden from Exchange address lists.

At the Exchange online side create an Exchange Mailbox, which will be

used from all GALsync policies. The mailbox user must be member of the

EXCHANGE ADMINISTRATOR role or GLOBAL ADMINISTRATOR role.

NOTE: BY DEFAULT, THE EXCHANGE ONLINE PASSWORD HAS TO BE CHANGED WITHIN 30

DAYS. TO ENSURE, THAT GALSYNC WORKS PROPERLY, YOU HAVE TO CONFIGURE USER

PASSWORDS TO NEVER EXPIRE. TO CONFIGURE YOUR PASSWORD PLEASE FOLLOW THE STEPS

DESCRIBED IN THE FOLLOWING ARTICLE:

https://support.office.com/en-us/article/Set-a-user-s-password-expiration-policy-

0f54736f-eb22-414c-8273-498a0918678f

• GALsync must have direct access to the user mailbox via Exchange

Web Services.

NOTE: DIRECT ACCESS TO KIOSK USER MAILBOXES VIA EXCHANGE WEB SERVICES IS NOT

PERMITTED. SEE http://community.office365.com/en-us/forums/158/t/62635.aspx

AND http://social.msdn.microsoft.com/Forums/en-

US/exchangesvrdevelopment/thread/1758d5f8-be86-4dc9-b53c-d6eb38d2d7d2

• Ensure that the mailbox is accessible (e.g. by Outlook Web Access).

• Ensure that the mailbox can send to and receive mails from the other

organization.

Ensure that incoming mails from the other organization do not get caught

by your spam filter or firewall.

https://support.office.com/en-us/article/Set-a-user-s-password-expiration-policy-0f54736f-eb22-414c-8273-498a0918678f

https://support.office.com/en-us/article/Set-a-user-s-password-expiration-policy-0f54736f-eb22-414c-8273-498a0918678f

http://community.office365.com/en-us/forums/158/t/62635.aspx



GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

39

Permission to access the mailboxes (Mailbox contacts)

The service account needs EXCHANGE IMPERSONATION or the FULL ACCESS

PERMISSIONS for the mailboxes where you want to import into the mailbox

contacts.

Please have a look at the chapters:

• How to configure Exchange Impersonation?

• How to grant full access to the user mailboxes?



ON-PREMISES EXCHANGE SERVER.



Execution Policy (Exchange online)

If you configure a policy which needs the parameter EXECUTIONPOLICY to be

set to REMOTESIGNED, a message is displayed requiring your confirmation.

The reason for this is a security setting built into Windows PowerShell

called execution policy. Execution Policy determines how (or if) PowerShell

runs scripts. By default, PowerShell’s execution policy is set to Restricted;

this means that scripts will not run. GALsync requires that scripts can be

executed.

GET-EXECUTIONPOLICY

http://technet.microsoft.com/en-us/library/hh849821.aspx

SET-EXECUTIONPOLICY REMOTESIGNED

https://technet.microsoft.com/en-us/library/hh849812.aspx

http://technet.microsoft.com/en-us/library/hh849821.aspx

https://technet.microsoft.com/en-us/library/hh849812.aspx

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

40

Some notes to the remote PowerShell management for Office 365 tenants

Since GALsync 7.2.0, GALsync has a redesigned remote PowerShell

management for Office 365 tenants.

GALsync will now try to reconnect broken remote PowerShell sessions to

the Office 365 tenant during a policy run.

If a PowerShell connection to the Office 365 tenant is broken, then

GALsync will try to reconnect to the Office 365 tenant, but it may happen,

that some data are not completely synchronized due to the broken

connection.

In this case GALsync will try to complete it in the next synchronization

run.

In the worst case it can happened, that some existing contacts in the

target mailboxes of the synchronization will be deleted and that after they

are re-created NDR issues in the target environment can occur.

Running GALsync Policies via command line

Start a GALsync policy with the following command:

Syntax:

<GALsync program folder>\NETsec GALsync\

<CommonApplicationDataPath>\GALsync\policies\<policy file>

Example:

cd "C:\Program Files\NETsec GALsync\"

NETsecPolicyExecuter.exe "C:\ProgramData\NETsec GmbH & Co. KG\GALsync\policies\policyname.xml"

As of GALsync Version 7.0.5

the GALSYNCPOLICYEXECUTER.EXE is renamed to NETSECPOLICYEXECUTER.EXE.

IMPORTANT: IF YOU USE THE WINDOWS TASK SCHEDULER FOR RUNNING THE POLICIES, THEN YOU

HAVE TO CORRECT THE COMMAND IN YOUR SCHEDULED TASKS.

You can find the COMMONAPPLICATIONDATA path one level up from the log file

folder which you can find on the STATUS tab.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

41

Transport options to transfer data

In order to synchronize GALsync data you may choose from the following

options to transfer the data file:

Manual

In an export policy GALsync extracts the selected objects from your active

directory and stores this information into a local file. In an import policy

GALsync extracts the information from a local file and stores this

information into your active directory (Exchange on-premise or Exchange

online).

Please choose a drive, folder and file name.

The directory information is not handed over automatically to the other

exchange organization.

This transfer option is recommended to sync the own directory objects

into a folder of mailbox contacts, which are located on the own Exchange

environment.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

42

Path: Choose a file on your local drive where directory information will be

stored.

Compress Data: Compresses the data to a .ZIP file.

Import all files placed in the selected folder: When enabled, GALsync

will import all data files placed in the given folder, other than just

importing the one file specified. To do so, the account which runs the

application (and service) needs modify permissions on the folder selected.

Via email

In an export policy GALsync extracts the selected objects from your active

directory and automatically sends the directory information as an email-

attachment to the destination exchange organization. In an import policy

GALsync extracts the information from an attachment in an email and

stores this information into your active directory (Exchange on-premise or

Exchange online).

Subject: The text specified here will appear in the subject field of the

email containing the directory information GALsync sends to the other

exchange organization.

NOTE: IF THE RECEIVING ORGANIZATION GETS DIRECTORY INFORMATION FROM MULTIPLE

EXCHANGE ORGANIZATIONS, YOU CAN USE A CERTAIN PHRASE FOR SUBJECT, WHICH

IDENTIFIES YOUR OWN ORGANIZATION.

The GALsync instance at the receiving site will recognize the string by

using the CONTAINS operator.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

43

Send to: Directory information is sent by email to the recipient. The

recipient usually is the mailbox of the other exchange organization which

has been configured to be used by GALsync.

Test: This automatically sends a test email to the mailbox.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

44

Via network share

GALsync automatically stores the directory information on a network share

that is accessible for both organizations. For export you need write access

to the share.

Path: The path specifies the qualified name of the share and file name

where you want to store directory information.

Domain: This is the domain the user belongs to who wants to access the

specified network share. Usually this is the NETBIOS name of the domain.

User Name: This is the user who wants to access the specified network

share.

Password: This is the password of the user.

Test: Pressing this button GALsync will validate the access to the share.






GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

45

Via FTP

GALsync automatically stores the directory information to a FTP server

that is accessible for both exchange organizations. For export you need

write access to the FTP server.

URI: The Uniform Resource Identifier (URI) specifies the qualified name

of the FTP server and file name where you want to upload the directory

information.

User Name: This is the user who wants to access the specified FTP

server.


Address/Port: If your environment uses a proxy server to gain access to

the FTP server please type the name of the proxy server and the port

which should be used.

Domain: This is the domain the user belongs to and who wants to access

the specified proxy. Usually this is the NETBIOS name of the domain.

User Name: This is the user who wants to access the specified proxy.


Test: Pressing this button GALsync will validate the access to the FTP

server and proxy (if configured).






NOTE: THE USED SERVICE ACCOUNT HAS TO BE GRANTED READ AND WRITE PERMISSIONS IN

THE FTP DIRECTORY.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

46

Filter mailboxes

In the Mailboxes TAB of import policies for mailbox contacts you select the

directory objects, which have mailbox objects. Search scope is a single

object type all over the domain or selected organizational units in the local

domain. You may also remove a selected entry from the list.

NoMailboxSync (internal mark)

If you do not want import into a special mailbox, you may insert the value

NOMAILBOXSYNC in any of the custom attributes (on-premise:

EXTENSIONATTRIBUTE1 - EXTENSIONATTRIBUTE15 or Exchange online:

CUSTOMATTRIBUTE1 - CUSTOMATTRIBUTE15). This prevents GALsync from

adding this mailbox to the list of mailboxes, which get directory objects

into the contact folder.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

47

Choose mailboxes (On-premise)

Here you may tick a dedicated Organizational Unit in the listed domains.

An active directory tree with all domains and organizational units will be

listed.

In forests with multiple domains all domains are displayed.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

48

Group Option

Only this OU

All mailbox objects included in the selected OU will be recognized for

synchronization at runtime.

Only Sub-OUs

All mailbox objects included in one of the sub-OUs of the selected OU will

be recognized for synchronization at runtime.

OU + Sub-OUs

All mailbox objects included in a selected OU and all nested OUs will be

recognized for synchronization at runtime.

Include group memberships

All mailbox objects, which are members of a group, will be recognized for

synchronization at runtime, if the group is in a selected OU.

Include nested groups + memberships

Nested groups and their members will be also resolved for synchronization

at runtime.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

49

Choose mailboxes (Exchange Online)

Here you may pick either all objects or specify a filter by ticking a

recipient types you want to choose.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

50

Search mailboxes (On-premise)

You can search an object by inserting an expression. Uncheck all object

types you do not want to have as a result.

NOTE: THE SCOPE OF THE QUERY IS THE FOREST.

The result listed contains all objects found. Select certain or all objects to

be gathered for import and press Apply.

With * you can find all objects which you want to have as a result.

User

You can search for user objects with a mailbox and select dedicated

mailboxes for import matching the inserted expression.

RECOMMENDATION: SELECT DEDICATED MAILBOX USERS ONLY IF YOU ARE SURE THEY WILL

NEVER BE DELETED FROM ACTIVE DIRECTORY. CONSIDER TO TAKE OBJECTS WITH ‘DYNAMIC’

MEMBERS AS OUS, GROUPS ETC.

Container

You can search for container objects to get all objects with a mailbox in

this container matching the inserted expression.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

51

OU

You can search for Organizational Units to get all objects with a mailbox in

this OU matching the inserted expression.

Dynamic Distribution Group

DYNAMIC DISTRIBUTION GROUP (formerly QUERY-BASED GROUP) provides a type

of Distribution Group with a flexible method to dynamically define the

membership to this type of group. It is not a static membership like

regular groups.

Search for DYNAMIC DISTRIBUTION GROUPS matching the inserted expression

and select if you want to get all members with a mailbox of this group.

Groups

Search for LOCAL, GLOBAL and UNIVERSAL groups of type SECURITY GROUP or

DISTRIBUTION GROUP.

If you check SETTING FOR ALL GROUPS the configuration will be applied to all

listed and selected groups. Otherwise you will be asked for every selected

group.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

52

Search mailboxes (Exchange Online)

Here you may pick either all objects or specify a filter by choosing a

recipient type. With * you can find all objects which you want to have as a

result. For example, you check only MAILUNIVERSALDISTRIBUTIONGROUP and

you will have all MAILUNIVERSALDISTRIBUTIONGROUPS as a result.

The result listed contains all objects found. Select certain or all objects to

be gathered for import and press APPLY. It is very important that you

change this option if you want to get more than 500 objects.

You can limit the results which you want to be get.

NOTE: THE DEFAULT 500 IS SET TO PREVENT YOU FROM A LONG-TIME SEARCH. IF YOUR

RESULT IS LARGER THAN THE GIVEN VALUE, THE NOT LISTED OBJECTS ARE NOT INCLUDED IN

THE POLICY!

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

53

Mailbox Contact Folder

Configure all import related directory settings.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

54

Choose (Mailbox contacts)

Add a new folder, where you want to store the imported directory

information in and select it.

Please select a folder for contact synchronization.

All folders displayed by this control are for selecting purpose.

Adding and deleting folders inside this dialog will not result in physically

removing or adding this folder inside a mailbox.

By selecting a folder this folder will be used on target mailboxes as folder

to be filled with contacts. If the chosen folder does not exist in a target

mailbox, this folder will be created during the next import.

Selected Folder

The selected folder will be used as target folder inside mailboxes during

imports so that contacts will only be created inside this folder.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

55

Allow synchronization into the well-known contact folder of the mailboxes.

This option allows contactSync to create and synchronize the contacts into

the well-known contact folder of the mailboxes. Please be careful with this

option because it allows you to directly change and delete contacts that

your employees have created. This could also confuse some of your

employees.

We recommend to create and synchronize an additional contact for each

existing contact which was not created by contactSync.

Do not touch untagged contacts, these contacts will not be synchronized

All existing contacts will not be touched, unless they were created by

contactSync.

contactSync does not create and synchronize a contact if there is already

an existing contact which was not created by contactSync.

Synchronize untagged contacts with contactSync

Please be very careful with this option.

All existing contacts are synchronized, even if they were not created by

contactSync. This means that if contacts have been created by your

employees below the selected contact folder, contactSync will also

synchronize and possibly delete them, which could cause your employees

to lose information.

Synchronize an additional contact for each untagged contact

contactSync creates and synchronizes an additional contact for each

existing contact which was not created by contactSync.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

56

Create folder

You can create a new folder, into which contactSync creates and

synchronizes the contacts. This option gives you the possibility to separate

the contacts, which have been created by your employees, from the

contacts, which have been created by contactSync.

Please keep in mind that the name of the folder should be unique and

should not exist in the mailbox of your employees, otherwise contactSync

will use the existing folder with the same name below the well-known

contact folder of the mailbox for the synchronization.

RECOMMENDATION: THE CONTACTSYNC SERVICE ACCOUNT CAN ONLY CREATE A SUB FOLDER

FOR IMPORT, IF THE CONTACTSYNC SERVICE ACCOUNT HAS FULL ACCESS PERMISSION TO ALL

MAILBOXES, WHICH SHOULD GET THE DIRECTORY INFORMATION.

PLEASE GRANT FULL ACCESS TO THE USER MAILBOXES FOR THE CONACTSYNC SERVICE

ACCOUNT.

PLEASE HAVE A LOOK AT THE CHAPTER ‘HOW TO GRANT FULL ACCESS TO THE USER

MAILBOXES?’

Remove folder

This option removes a folder inside this dialog but will not remove a folder

inside a mailbox. Please select the folder, which you want to remove.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

57

Filter and Modify objects for import into mailboxes

Properties (Mailbox contacts)

Modify the values for the import policy. The modified objects are

prioritized during the import.

Usually in your import list, there are different classes of objects (e.g. USER,

CONTACT and GROUP). Because these classes have different attributes rules

are apply related to the object class. E.g. the attribute FILEAS, DISPLAYNAME

the first rule displayed in the screenshot will be apply only to users and

contacts, because a group does not have an attribute GIVENNAME.

PLEASE NOTE THAT PUBLIC FOLDER MEANS THE OLD OBJECT CLASS OF EXCHANGE 2003

TECHNOLOGY AND NOT THE CURRENT PUBLIC FOLDER MAILBOX TECHNOLOGY.

The property INITIALS can be ignored for all object classes, because you

can see the imported value in the Outlook clients.

Property to modify

These attributes can be modified before import:

CompanyName, Department, Body, FileAs, BuisnessFax, GivenName, HomePhone,

Initials, BuisnessPhone, BuisnessAddressCity, MobilePhone, Pager, OfficeLocation,

BuisnessAddressPostalCode, Surnname, BuissnessAddressState, BuissnessAddressStreet,

PrimaryPhone, JobTitle, BuisnessHomePage

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

58

NOTE: SOME PROPERTY ARE NOT SHOWN IN OUTLOOK, E.G. INITIALS.

We support this matrix to transform the property between Exchange On-

Premise / Exchange Online and the Outlook Contact:

Active Directory

(Exchange On-Premise)

Active Directory

(Exchange Online)

Outlook Contact

(Exchange Mailbox)

C BusinessAddressCountryOrRegion

Company Company CompanyName

Department Department Department

Description Body

DisplayName DisplayName FileAs

FacsimileTelephoneNumber Fax BusinessFax

GivenName FirstName GivenName

HomePhone HomePhone HomePhone

Initials Initials

L City BusinessAddressCity

Mail EmailAddress3

Mobile MobilePhone MobilePhone

OtherFacsimileTelephone

Number OtherFax OtherFax

IpPhone BusinessPhone2

OtherMobile CarPhone

OtherTelephone OtherTelephone OtherTelephone

Pager Pager Pager

PhysicalDeliveryOfficeName Office OfficeLocation

PostalCode PostalCode BusinessAddressPostalCode

ProxyAddresses

(primary SMTP)

EmailAddresses

(primary SMTP) EmailAddress2

Sn LastName Surname

St StateOrProvince BusinessAddressState

StreetAddress StreetAddress BusinessAddressStreet

TargetAddress ExternalEmailAddress EmailAddress1

TelephoneNumber Phone BusinessPhone

ThumbnailPhoto Photo

Title Title JobTitle

WWWHomePage WebPage BusinessHomePage

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

59

Add Value

You can add a text to a property. Choose the property that you want to

add a value to, and then choose the option ADD VALUE.

You then have the option to add your value before the property (PREFIX) or

after it (SUFFIX).

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

60

Find and Replace

You can replace a specific string with a new value. Choose the property,

select FIND AND REPLACE.

In the find textbox insert the text which you wish to replace and in the

replace textbox insert the new text.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

61

Build Property

You can create values by concatenating other property values. Choose the

property and select the option BUILD PROPERTY.

In the textbox BUILD PROPERTY, add a string, how the property value should

be built. Via the ADD PROPERTY button, you can choose which properties are

used.

For Example, you want to generate the property, FILEAS from the last

name, and first name comma separated. Choose the property SURNAME

and the property GIVENNAME and insert a comma and space between them

in the textbox BUILD PROPERTY.

Thereafter, all values in property FILEAS will be created from a comma

separated SURNAME and GIVENNAME.

Please keep in mind, that only users and contacts have given name and

surname, so the rule should be only valid for objects, which are users or

contacts in the on-premise environment or Office 365 tenant.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

62

Ignore this Property

If you do not want to import a specific property, then you can select

IGNORE THIS PROPERTY.

NOTE: VALUES WHICH ARE ALREADY ASSIGNED TO THE OBJECTS PROPERTY WILL NOT BE

MODIFIED BY GALSYNC.

TIP: YOU EXPORT A PROPERTY AND YOU WANT TO IMPORT A DIFFERENT PROPERTY IN THE

TARGET ENVIRONMENT. BY COMBINING THE OPTIONS ‘BUILD PROPERTY’ AND ‘IGNORE THIS

PROPERTY’ YOU CAN EITHER COPY OR MOVE A PROPERTY VALUE TO A DIFFERENT PROPERTY.

Copy Property

You can copy a property by choosing the end property and selecting the

option BUILD PROPERTY. Then choose the property you wish to copy via the

ADD PROPERTY dialog. Add the rule with the button ADD.

Move Property

You can move a property by doing the following:

1. Choose the end property and selecting the option BUILD PROPERTY. Then

choose the property you wish to copy via the ADD PROPERTY dialog. Add the

rule with the button ADD.

2. Choose the initial property and select the option IGNORE THIS PROPERTY,

and add the rule by clicking the ADD button.

Ergo the property value moved from the initial property to the end

property.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

63

Special options for import into mailboxes

You can configure some optional SETTINGS on the MAILBOX CONTACT FOLDER

tab

Import Settings: General (Mailbox contacts)

Create sub-folders for each sending domain

You find this option in the DIRECTORY SETTINGS TAB GENERAL of an import

policy. You can choose to import all objects into one import folder with

different sub folders. GALsync creates sub-folders depending on the

original Active Directory domain names. Therefore, you are able to create

one Import folder and GALsync will create for each received domain a sub-

folder. GALsync also can read the names of the sub-folders from a Custom

Attribute (SETTINGS of an Import-Policy, PROPERTY FOR SOURCE DOMAIN). In

this case the name must be present at time of export.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

64

Synchronize Picture

If this option in the DIRECTORY SETTINGS of an export policy is selected the

user’s photos stored in the source directory are exported as well. Photos

usually are stored in attribute THUMBNAILPHOTO. This option is only available

in an On-Premise export policy.

If this option in the General tab of the DIRECTORY SETTINGS of an import

policy is selected the transferred photos are stored in the attribute

THUMBNAILPHOTO in the target directory.

NOTE: IMPORTING THUMBNAILPHOTO INTO MAILBOXES IS VERY SLOWLY.

THE EXCHANGE ENVIRONMENT NEEDS SOME DAYS TO UPDATE THE THUMBNAILPHOTO OF THE

IMPORTED CONTACTS IN THE MAILBOXES, BEFORE YOU CAN SEE THE THUMBNAILPHOTO IN

THE OUTLOOK CLIENTS.

Mark synchronized contacts as private

Allow you to mark the imported contacts as "private" in the user´s

mailboxes. Private contacts are not visible to other people, if the Microsoft

Exchange account contacts are shared.

NOTE: A PERSON WITH DELEGATE ACCESS OR PERMISSION TO READ YOUR SHARED FOLDERS

COULD VIEW THE CONTENTS OF YOUR PRIVATE CONTACTS AND EVENTS BY USING OTHER

APPLICATIONS.

Modify or delete existing contacts with source domain

Please be careful with this option.

You can add a further source domain, which is not contain in the

synchronization.

This means that contacts in the mailboxes have been synchronized with

GALsync or contactSync, whose source domain is no longer included in the

synchronization, then these contacts can be synchronized.

To do this, the old source domain, as it is in the log file, must be entered

in the field. E.g. the source domain is DC=forestB,DC=com

After that all existing contacts with this source domain will be also

modified or deleted.

This can be helpful e.g. after a migration.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

65

Import Settings: E-Mail Addresses (Mailbox contacts)

Each contact of the mailbox can only have three e-mail addresses.

GALsync assigns the TARGETADDRESS to the first e-mail address,

the primary SMTP address of the PROXYADDRESSES to the second e-mail

address and the mail to third e-mail address.

If these e-mail addresses have the same value, GALsync will write the e-

mail only once.

If one of the properties is not filled in the source object, GALsync will

always start writing e-mail addresses in the first e-mail address slot.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

66

Modify target address with domain

You find this option in the DIRECTORY SETTINGS TAB EMAIL ADDRESSES of an

import policy. To modify the attribute TARGETADDRESS correctly it may be

possible that we need to take a value out of the PROXYADDRESSES attribute

from the source, which is not the primary SMTP address.

For Example, the mailbox in the source has multiple SMTP Addresses. The

main domain is: @EXPORT.COM and secondary domain is: @SECOND.BIZ. You

would like to use the @SECOND.BIZ domain as the TARGETADDRESS attribute

after the import.

Insert the filter @SECOND.BIZ into the textbox next to the option MODIFY

TARGET ADDRESS WITH DOMAIN.

GALsync will use the first found instance of @SECOND.BIZ in the

PROXYADDRESSES and set it as the TARGETADDRESS for the imported contact.

NOTE:

EACH CONTACT OF THE MAILBOX CAN ONLY HAVE THREE E-MAIL ADDRESSES.

GALSYNC ASSIGNS THE TARGETADDRESS TO THE FIRST E-MAIL ADDRESS,

THE PRIMARY SMTP ADDRESS OF THE PROXYADDRESSES TO THE SECOND E-MAIL ADDRESS

AND THE MAIL TO THIRD E-MAIL ADDRESS.

IF THESE E-MAIL ADDRESSES HAVE THE SAME VALUE, GALSYNC WILL WRITE THE E-MAIL

ONLY ONCE.

IF ONE OF THE PROPERTIES IS NOT FILLED IN THE SOURCE OBJECT, GALSYNC WILL ALWAYS

START WRITING E-MAIL ADDRESSES IN THE FIRST E-MAIL ADDRESS SLOT.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

67

Modify primary SMTP address with domain

If this option in the DIRECTORY SETTINGS TAB EMAIL ADDRESSES of an import

policy is selected you can replace the domain-part of the SMTP address by

another value.

Example: If you insert @SECOND.BIZ in the textbox then GALsync will look

for the first instance of @SECOND.BIZ in the PROXYADDRESSES and will set it

as primary SMTP address for the imported contact.

NOTE:

IF YOU ACTIVATE THE OPTION "MODIFY PRIMARY SMTP ADDRESS WITH DOMAIN", THEN

RUN AN EXPORT/IMPORT AND THEN DEACTIVATE THE OPTION. : A WARNING MESSAGE

APPEARS, BECAUSE THIS LEADS TO A TOTAL DELETION AND RECREATION OF THE OBJECTS

IMPORTED.

NOTE:






ONLY ONCE.



Modify mail address with domain

You find this option in the DIRECTORY SETTINGS TAB EMAIL ADDRESSES of an

import policy. To modify the attribute MAIL correctly it may be possible

that we need to take a value out of the PROXYADDRESSES attribute from the

source, which is not the primary SMTP address. For Example, the mailbox

in the source has two SMTP Addresses, the main address is: @EXPORT.COM

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

68

and a secondary address: @SECOND.BIZ and you would like to use the

@SECOND.BIZ address as the MAIL attribute after the import.

Insert the filter @ SECOND.BIZ into the textbox next to the option MODIFY

MAIL ADDRESS WITH DOMAIN. GALsync will use the first found instance of

@SECOND.BIZ in the PROXYADDRESSES and set it as MAIL attribute for the

imported contact.

NOTE:






ONLY ONCE.



Retain targetAddress of users and contacts

GALsync exports the values found in attribute PROXYADDRESSES as well as

the value of the attribute TARGETADDRESS.

By default during import the TARGETADDRESS of mailbox-users and mail-

users is stamped with the value of the source primary SMTP address

value. If the option RETAIN TARGETADDRESS OF USERS is selected the

TARGETADDRESS of the source object is retained.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

69

Import Settings: Object Filter (Mailbox contacts)

Object Filter: Exclude all objects of the data file from import, which has one of the

following conditions

This feature allows you to exclude objects from the import process similar

to object exclusion during export. Objects which contains NOGALSYNC in one of their EXTENSIONATTRIBUTE will not be exported. See also GLOBAL

SETTINGS in the chapter INSTALLATION AND INITIAL CONFIGURATION.

This feature may help you to optimize the performance during an import

during a scenario in which several organizations export their users and

import them on a common Active Directory from which exports are

performed towards all importing organizations.

In this case the import-object filter should be set to prevent objects

coming from the organization’s Active Directory from being analyzed.

If you enable this feature inside the IMPORT SETTING on the DIRECTORY TAB, you may add conditions containing a name of the property (1) of which

value is compared to the given value (2) using your chosen comparison

operator (3).

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

70

During an import, every object will be analyzed, if one or more properties

matches these conditions. If at least one condition is fulfilled, the object will neither be imported into

the mailbox contacts nor analyzed any further.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

71

Encryption

The Active Directory Information can be encrypted. This option, ENCRYPT

DIRECTORY INFORMATION, can be activated while selecting the DATA TRANSFER

MODE.

After setting up the DATA TRANSFER MODE you can setup the Encryption.

Since GALsync version 7.2.0 the local security option SYSTEM CRYPTOGRAPHY:

USE FIPS COMPLIANT ALGORITHMS FOR ENCRYPTION, HASHING, AND SIGNING is

supported.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

72

NOTE: IF THE LOCAL SECURITY OPTION ”SYSTEM CRYPTOGRAPHY: USE FIPS COMPLIANT

ALGORITHMS FOR ENCRYPTION, HASHING, AND SIGNING” IS ENABLED, GALSYNC 7.2.0 AND

LATER VERSIONS CANNOT COMMUNICATE ENCRYPTED WITH OLDER VERSIONS.

Symmetric Keys

If you choose SYMMETRIC KEYS a single key is used for both, encryption and

decryption. This means sender and receiver use the same key.

Procedure

Once you create an export policy create a key-file and hand it over to your

partner organization. Then your partner creates an import policy.

Imported information will be accessible after using the key-file.

If you want to use this key in any other of your own policies simply refer

to the created key-file.

Asymmetric Keys (Public Key)

If you choose ASYMMETRIC KEYS the key for encrypting the message is

different to the key for decryption. This means you use a public key to

encrypt the message, whereas the private key is kept secretly and will be

used to decrypt the message. If you want the other exchange organization

to send encrypted directory information to you, you have to generate a

pair of keys and hand over the public key to the other exchange

organization first. They will use the key for encryption and send you the

encrypted file. The private key is stored directly in the policy file.

NOTE: USING AN ASYMMETRIC KEY THE PRIVATE KEY IS BUILT UPON THE MACHINES GUID.

AS SOON AS YOU MOVE GALSYNC TO ANOTHER MACHINE YOU HAVE TO RENEW YOUR

EXISTING KEY.

Procedure

If you create an import policy create a key-file and hand it over to your

partner organization. Your partner himself creates an export policy to be

opened with the key-file.

Once you create an export policy, first you should receive a key-file

generated by your partner’s organization inside the appropriate import

policy at their hand side.

More information

For more information see

http://en.wikipedia.org/wiki/Symmetric-key_algorithm

http://en.wikipedia.org/wiki/Asymmetric_key_algorithm

http://en.wikipedia.org/wiki/Symmetric-key_algorithm

http://en.wikipedia.org/wiki/Asymmetric_key_algorithm

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

73

Status notification

GALsync can send status notification emails to inform you about errors

that may have occurred. Status notification is a component of each policy.

If you leave this option unselected no notification email will be sent.

Subject: The email header

Send to: The SMTP-address of the person who will receive the

administrative report

Test: GALsync will send an email to the specified email address.

Send only on error: GALsync will only send status notification mails if at

least one error occurred during a running policy.

NOTE: GALSYNC DOES NOT SEND A STATUS NOTIFICATION MAIL IF A POLICY HAS NOT BEEN

STARTED DUE TO AN ERROR.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

74

Schedule Service

GALsync can perform the synchronization of policies automatically. You

can schedule weekly or monthly, on different days, the synchronization

should be carried out. Furthermore, they can decide between what times

and how many times a day the scheduler service words. Here, it is

possible to synchronize the scheduler service every 15 minutes, every

hour or once a day. We recommend to schedule the policies once a day.

Using start time and end time option GALsync starts only in the defined

period. The synchronization itself may take a longer time.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

75

How to

How to configure Exchange Impersonation?

contactSync needs a service account, which has the Exchange

Impersonation.

Exchange Impersonation enables a caller to impersonate a given user

account. This enables the caller to perform operations by using the

permissions that are associated with the impersonated account, instead of

the permissions that are associated with the caller's account.

For more information, see

Impersonation and EWS in Exchange1

MSDN Library - Configuring Exchange Impersonation2

Exchange Impersonation in Exchange 2010, 2013, 2016, 2019 and Exchange Online

(Mailbox contacts)

How you can check existing management role for Exchange Impersonation

and how you can create a management role for Exchange Impersonation?

For on-premises Exchange:

Please log in on the on-premises Exchange Server with an Exchange

Administrator account and open the Exchange Management Shell.

For Office 365 Exchange Online:

Please connect via remote PowerShell to the Office 365 tenant with an

Exchange Administrator account.

Check existing Exchange Impersonation:

Please check, if you have a ROLE GROUP for APPLICATIONIMPERSONATION exists.

You can check the existing Exchange Impersonation via PowerShell:

GET-MANAGEMENTROLEASSIGNMENT -ROLE APPLICATIONIMPERSONATION

1 https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-

services/impersonation-and-ews-in-exchange

2 http://msdn.microsoft.com/en-us/library/bb204095(v=exchg.140).aspx

https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange

http://msdn.microsoft.com/en-us/library/bb204095(v=exchg.140).aspx



http://msdn.microsoft.com/en-us/library/bb204095(v=exchg.140).aspx

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

76

You can find an existing ROLE GROUP in the EXCHANGE ADMIN CENTER under

PERMISSIONS as ADMIN ROLES.

E.g. The IMPERSONATION ROLE to manage the APPLICATIONIMPERSONATION

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

77

Create an Impersonation Role Group for ApplicationImpersonation via PowerShell

You can create a new ROLE GROUP to manage the APPLICATIONIMPERSONATION

and add your contactSync service account as member to the ROLE GROUP.

This example creates a ROLE GROUP called IMPERSONATION ROLE:

NEW-ROLEGROUP -NAME "IMPERSONATION ROLE" -ROLES

"APPLICATIONIMPERSONATION" -MEMBERS [email protected]

The IMPERSONATION ROLE is also available in the EXCHANGE ADMIN CENTER

under PERMISSIONS as ADMIN ROLES.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

78

Create an Impersonation Role for ApplicationImpersonation via Exchange Admin Center

You can create a new ROLE GROUP in the EXCHANGE ADMIN CENTER under

PERMISSIONS as ADMIN ROLES.

Add new admin role:

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

79

The new role group dialog:

• Add the name “Impersonation Role”

• Add “ApplicationImpersonation” to the Roles

• Add your contactSync service account to the Members

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

80

After that the new IMPERSONATION ROLE is available as ADMIN ROLE.

You can check the ASSIGNED ROLES and the MEMBERS of the IMPERSONATION

ROLE.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

81

How to grant full access to the user mailboxes?

contactSync needs a service account, which has the FULL ACCESS PERMISSION

to these user mailboxes.

Exchange 2010

The following article MANAGE FULL ACCESS PERMISSIONS describes for

Exchange 2010, how to grant Full Access permissions to mailboxes

https://technet.microsoft.com/en-

us/library/bb676551%28v=exchg.141%29.aspx

We recommend to grant the service account for contactSync FULL ACCESS

PERMISSIONS to mailboxes and to disable the auto-mapping feature.

This example is the command for the Exchange Management Shell to

grant the contactSync service account FULL ACCESS PERMISSIONS to John

Doe’s mailbox:

ADD-MAILBOXPERMISSION -IDENTITY 'JOHN DOE' -USER 'CONTACTSYNC' -

ACCESSRIGHTS FULLACCESS -INHERITANCETYPE ALL -AUTOMAPPING $FALSE

You can assign the FULL ACCESS PERMISSION for a user mailbox by using the

Exchange 2010 Management Console, but you cannot bulk assign

permissions for multiple mailboxes.

Exchange 2013, 2016, 2019 and Exchange Online


Exchange 2013, 2016, 2019 and Exchange Online how to grant Full Access

permissions to mailboxes


us/library/jj919240%28v=exchg.160%29.aspx

We recommend to grant the service account for contactSync FULL ACCESS



grant the contactSync service account FULL ACCESS PERMISSIONS to John

Doe’s mailbox:

ADD-MAILBOXPERMISSION -IDENTITY 'JOHN DOE' -USER 'CONTACTSYNC' -

ACCESSRIGHTS FULLACCESS -INHERITANCETYPE ALL -AUTOMAPPING $FALSE

Using the Exchange Admin Center (EAC)

https://technet.microsoft.com/en-us/library/bb676551%28v=exchg.141%29.aspx


https://technet.microsoft.com/en-us/library/jj919240%28v=exchg.160%29.aspx


GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

82


You can bulk assign the FULL ACCESS PERMISSION for multiple user mailboxes

with the PowerShell cmdlet at the Exchange Management Shell.

You can use the parameter –FILTER of Get-Mailbox to add the FULL ACCESS

permissions to multiple mailboxes.


grant the contactSync service account FULL ACCESS PERMISSIONS to all user

mailboxes:

GET-MAILBOX -RESULTSIZE UNLIMITED -FILTER {(RECIPIENTTYPEDETAILS -EQ

'USERMAILBOX') -AND (ALIAS -NE 'CONTACTSYNC')} | ADD-MAILBOXPERMISSION -

USER [email protected] -ACCESSRIGHTS FULLACCESS -INHERITANCETYPE

ALL -AUTOMAPPING $FALSE





GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

83

Since Exchange 2013 you can bulk assign permissions for multiple user

mailboxes by using the Exchange admin center (EAC)

Click MAILBOX DELEGATION -> ADD

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

84

How to disable EWS Throttling for the contactSync account?

Exchange 2010

Open the Microsoft Exchange Management Shell (EMS) or connect via

remote PowerShell.

NEW-THROTTLINGPOLICY CONTACTSYNCPOLICY;

SET-THROTTLINGPOLICY CONTACTSYNCPOLICY -RCAMAXCONCURRENCY $NULL -

RCAPERCENTTIMEINAD $NULL -RCAPERCENTTIMEINCAS $NULL -

RCAPERCENTTIMEINMAILBOXRPC $NULL -EWSMAXCONCURRENCY $NULL -

EWSPERCENTTIMEINAD $NULL -EWSPERCENTTIMEINCAS $NULL -

EWSPERCENTTIMEINMAILBOXRPC $NULL -EWSMAXSUBSCRIPTIONS $NULL -

EWSFASTSEARCHTIMEOUTINSECONDS $NULL -EWSFINDCOUNTLIMIT $NULL -

CPAMAXCONCURRENCY $NULL -CPAPERCENTTIMEINCAS $NULL -

CPAPERCENTTIMEINMAILBOXRPC $NULL -CPUSTARTPERCENT $NULL;

SET-MAILBOX "CONTACTSYNCACCOUNT" -THROTTLINGPOLICY CONTACTSYNCPOLICY;

Exchange 2013, Exchange 2016 and Exchange 2019

Open the Microsoft Exchange Management Shell (EMS) or connect via

remote PowerShell.

NEW-THROTTLINGPOLICY CONTACTSYNCPOLICY;

SET-THROTTLINGPOLICY CONTACTSYNCPOLICY -RCAMAXCONCURRENCY UNLIMITED -

EWSMAXCONCURRENCY UNLIMITED -EWSMAXSUBSCRIPTIONS UNLIMITED -

CPAMAXCONCURRENCY UNLIMITED -EWSCUTOFFBALANCE UNLIMITED -EWSMAXBURST

UNLIMITED -EWSRECHARGERATE UNLIMITED;

SET-MAILBOX "CONTACTSYNCACCOUNT" -THROTTLINGPOLICY CONTACTSYNCPOLICY;

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

85

How to grant full access to the user mailboxes?

GALsync needs a service account, which has the FULL ACCESS PERMISSION to

these user mailboxes.

Exchange 2010


Exchange 2010, how to grant Full Access permissions to mailboxes



We recommend to grant the service account for GALsync FULL ACCESS



grant the GALsync service account FULL ACCESS PERMISSIONS to John Doe’s

mailbox:

ADD-MAILBOXPERMISSION -IDENTITY 'JOHN DOE' -USER 'GALSYNC' -ACCESSRIGHTS

FULLACCESS -INHERITANCETYPE ALL -AUTOMAPPING $FALSE

You can assign the FULL ACCESS PERMISSION for a user mailbox by using the

Exchange 2010 Management Console, but you cannot bulk assign

permissions for multiple mailboxes.

Exchange 2013, 2016, 2019 and Exchange Online


Exchange 2013, 2016, 2019 and Exchange Online how to grant FULL

ACCESS PERMISSIONS to mailboxes


us/library/jj919240%28v=exchg.160%29.aspx

We recommend to grant the service account for GALsync FULL ACCESS



grant the GALsync service account FULL ACCESS PERMISSIONS to John Doe’s

mailbox:

ADD-MAILBOXPERMISSION -IDENTITY 'JOHN DOE' -USER 'GALSYNC' -ACCESSRIGHTS

FULLACCESS -INHERITANCETYPE ALL -AUTOMAPPING $FALSE

Using the Exchange Admin Center (EAC)





GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

86


You can bulk assign the FULL ACCESS PERMISSION for multiple user mailboxes

with the PowerShell cmdlet at the Exchange Management Shell.

You can use the parameter –FILTER of Get-Mailbox to add the FULL ACCESS

permissions to multiple mailboxes.


grant the GALsync service account FULL ACCESS PERMISSIONS to all user

mailboxes:

GET-MAILBOX -RESULTSIZE UNLIMITED -FILTER {(RECIPIENTTYPEDETAILS -EQ

'USERMAILBOX') -AND (ALIAS -NE 'GALSYNC')} | ADD-MAILBOXPERMISSION -USER

[email protected] -ACCESSRIGHTS FULLACCESS -INHERITANCETYPE ALL -

AUTOMAPPING $FALSE





GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

87

Since Exchange 2013 you can bulk assign permissions for multiple user

mailboxes by using the Exchange admin center (EAC)

Click MAILBOX DELEGATION -> ADD

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

88

How to check the PowerShell version on the GALsync server?

Please log in on the GALsync server with your GALsync service account.

Open the WINDOWS POWERSHELL and check the result of the following two

PowerShell cmdlets:

GET-HOST

and

$PSVERSIONTABLE

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

89

Troubleshooting and Support Guide

19031 (15770) - Not all mails arrived ...

In this case the sender sent his data file split into multiple mails. The error

indicates that GALsync on the receiving side tries to contact Exchange

Online before all sent objects are really present in Exchange Online - even

if you can see the mail within your OWA App.

Solution

Wait up to 5 minutes between receiving the data and running the import

policy.

Issue with Exchange Online connection

The Autodiscover service returned an error

Please ensure, that the server, where you run GALsync, can resolve the

DNS of MICROSOFT OFFICE 365 and you can find/connect the Autodiscover to

resolve the EXCHANGE WEB SERVICES URL.

Please do the following steps from the GALsync server:

First go to the website MICROSOFT REMOTE CONNECTIVITY ANALYZER

https://testconnectivity.microsoft.com/

Select the tab OFFICE 365, scroll to MICROSOFT OFFICE OUTLOOK CONNECTIVITY

TESTS and choose OUTLOOK AUTODISCOVER

Please run the test.

https://testconnectivity.microsoft.com/

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

90

Make sure that this test is successful and that GALsync can retrieve the

correct URL for the EXCHANGE WEB SERVICES.

Could not load file or assembly 'netstandard, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The system

cannot find the file specified.

GALsync needs the .NET Framework 4.7.1 or later,

otherwise you will get errors and GALsync does not work.

Error message:

Could not load file or assembly 'netstandard, Version=2.0.0.0, Culture=neutral,

PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The system cannot find

the file specified.

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

91

You can download the Microsoft .NET Framework 4.7.1 here:

https://www.microsoft.com/en-us/download/details.aspx?id=56116

Support: What to do when I notice an error / bug?

We always try to provide a very responsive, solution orientated and

effective support. Should you encounter any issue, bug or inconvenience

please do not hesitate to contact us.

To enable us providing you the best quality support, please provide us

with the following information:

• Environment Overview

o GALsync Installations (Planned and Implemented)

▪ Domain Infrastructure (e.g.: Single Domain “dom.local”)

▪ Exchange Version (e.g.: Exchange 2010 SP2)

▪ Windows Version of GALsync Machine (e.g.: Windows

Server 2008 R2)

▪ GALsync Version (e.g.: 6.0.x)

▪ Does the GALsync Service Account have an Exchange

Mailbox?

▪ Did you log on to the GALsync Machine using that Service

Account to configure the policies?

▪ Is the GALsyncService logging on using the Service

Account?

• Please describe your issue/bug/inconvenience thoroughly, in detail,

what you wanted to achieve and what you were doing as it occurred.

• A screenshot of the issue often helps us to understand

• We also require the configuration and the logs, preferably zipped.

In menu Action -> Export Configuration you can zip the policies.

In menu Action -> Export Status you can zip the log files.

Do you have more questions or need further support than please do not

hesitate to contact the GALsync Support Team.

https://www.microsoft.com/en-us/download/details.aspx?id=56116

GA

Lsyn

c 7

.4 -

Glo

ba

l A

dd

ress L

ist

(GA

L)

into

ma

ilb

oxe

s b

y u

sin

g G

ALsyn

c p

olicie

s

92

GALsync Support Team

By phone +49 2421 998 78 16 or via e-mail [email protected]

mailto:[email protected]

by using galsync policies - netsec.de · es es 7 or you synchronize the mail-enabled objects of the...

Documents