Current On-Demand Migration - Quick Guide to Active Directory GAL Sync Setup (2023)

Set up workflow

Follow these steps to create one (1) new workflow for reading, matching, serving and writing data.

How to create a one-way cloud-to-cloud sync workflow

1. Navigate to Workflows

2. Click the New button

3. Name and describe the template, click Next

4. Select all four (4) previously created environments (cloud and on-premises per hybrid tenant) and click Next

5. Select ONE WAY SYNC, click Next

6. The screen that appears next is a preconfigured set of workflow steps to facilitate the flow of objects and attributes between your directories. (Note that additional steps will be added as part of this guide to facilitate two-way syncing.)

7. Start with steps above, 1. Read. Click the Select button

8. Select all four (4) previously created environments and click OK

9. Move to match objects

   1. In this step, you decide how to match existing objects in your hybrid tenant directories

   2. Matching is performed by pairing sets of attributes to find corresponding objects

   3. Your four (4) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure an exact match

   4. It is extremely important for GAL synchronization that email addresses do not conflict before attempting to create new objects in either environment

10. Click the Select button to configure the object matching criteria for your source cloud environment and your target cloud environment

Figure 1: Example of criteria for matching objects

1. Select your source cloud environment from the dropdown menu

2. Select your target cloud environment from the dropdown menu

3. Select your first attribute pairings, we'll use WindowsEmailAddress for our first matching criteria

4. Select the WindowsEmailAddress attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Further pairings are evaluated as "OR" conditions. After the first match has been found, further pairings are not evaluated.

7. In our case, we add three (3) additional attribute pairings to our criteria

   1. UserPrincipalName - Added UPN to ensure uniqueness of local part of address string. When creating new mail-enabled users in a target directory, it is important to define any UPN conflicts that may exist

   2. ExternalEmailAddress - This attribute was added to ensure that no existing MEUs or email contacts have existing objects with the same external or destination address

   3. WindowsEmailAddress to CustomAttribute1 - This matching pair is needed to create matching records for new objects created by Directory Sync.

8. In this case, ensure that Match Across All Object Types is checked.

9. Check this box to ensure that the workflow evaluates conflicts regardless of object type, as with two-way GAL synchronization there can be cases where this condition is true and we want to make sure you have identified these matches before attempting decide to create new objects or keep the matches

10. In this guide it is not necessary to add another pair, click OK to close this configuration

11. Drag a Match objects workflow task from the left pane to the right below the Match objects task mentioned above. Click the Select button to configure the object matching criteria for your target cloud environment and your source cloud environment

Figure 2: Example of criteria for matching objects

1. Select your target cloud environment from the dropdown menu on the left as the target now becomes the source in a two-way setup.

2. Select your source cloud environment from the dropdown menu on the right as source now becomes destination in a two-way setup.

3. Select your first attribute pairings, we'll use WindowsEmailAddress for our first matching criteria

4. Select the WindowsEmailAddress attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Further pairings are evaluated as "OR" conditions. After the first match has been found, further pairings are not evaluated.

7. In our case, we add three (3) additional attribute pairings to our criteria

   See Also

   Multi-tenant B2B synchronization with MIM Graph Connector

   1. UserPrincipalName - Added UPN to ensure uniqueness of local part of address string. When creating new mail-enabled users in a target directory, it is important to define any UPN conflicts that may exist

   2. ExternalEmailAddress - This attribute was added to ensure that no existing MEUs or email contacts have existing objects with the same external or destination address

   3. WindowsEmailAddress to CustomAttribute1 - This matching pair is needed to create matching records for new objects created by Directory Sync.

8. In this case, ensure that Match Across All Object Types is checked.

9. Check this box to ensure that the workflow evaluates conflicts regardless of object type, as with two-way GAL synchronization there can be cases where this condition is true and we want to make sure you have identified these matches before attempting decide to create new objects or keep the matches

10. In this guide it is not necessary to add another pair, click OK to close this configuration

12. Drag a Match objects workflow task from the left pane to the right below the Match objects task mentioned above. Click the Select button to configure the object matching criteria for your source local environment and your target local environment

Figure 3: Example of criteria for matching objects

1. Select your local source environment from the dropdown menu on the left.

2. Select your target local environment from the dropdown menu on the right.

3. Pick your first attribute pairings, we'll use email for our first matching criteria

4. Select the mail attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Further pairings are evaluated as "OR" conditions. After the first match has been found, further pairings are not evaluated.

7. In our case, we add two (2) additional pairs of attributes to our criteria

   1. Mail to targetAddress - This matching pair created to ensure that the system can match existing mail contacts in the destination, where targetAddress points to the source mail attribute.

   2. Mail to extensionattribute1 - This matching pair is needed to create matching records for new objects created by Directory Sync.

8. In this case, ensure that Match Across All Object Types is checked.

9. Check this box to ensure that the workflow evaluates conflicts regardless of object type, as with two-way GAL synchronization there can be cases where this condition is true and we want to make sure you have identified these matches before attempting decide to create new objects or keep the matches

10. In this guide it is not necessary to add another pair, click OK to close this configuration

13. Drag a Match objects workflow task from the left pane to the right below the Match objects task mentioned above. Click the Select button to configure the object matching criteria for your target local environment and your source local environment

Figure 4: Example of criteria for matching objects

1. Select your local target environment from the left side drop down menu as the target now becomes the source in a bi-directional setup.

2. Select your local source environment from the drop down menu on the right as source now becomes target in a two-way setup.

3. Pick your first attribute pairings, we'll use email for our first matching criteria

4. Select the mail attribute for the source and target fields

5. To add more attribute pairs, click the Add Attribute button

6. Further pairings are evaluated as "OR" conditions. After the first match has been found, further pairings are not evaluated.

7. In our case, we add two (2) additional pairs of attributes to our criteria

   1. Mail to targetAddress - This matching pair created to ensure that the system can match existing mail contacts in the destination, where targetAddress points to the source mail attribute.

   2. Mail to extensionattribute1 - This matching pair is needed to create matching records for new objects created by Directory Sync.

8. In this case, ensure that Match Across All Object Types is checked.

9. Check this box to ensure that the workflow evaluates conflicts regardless of object type, as with two-way GAL synchronization there can be cases where this condition is true and we want to make sure you have identified these matches before attempting decide to create new objects or keep the matches

10. In this guide it is not necessary to add another pair, click OK to close this configuration

14. Click the Select button to configure the first workflow task, STAGE DATA, for your source cloud to target cloud sync rule.

    1. Select the Cloud to Cloud GAL Sync Source to Target template and click Next

    2. Select the source cloud environment as your source and click Next

    3. Select the target cloud environment as the destination and click Next

    4. Select the default target domain name and click Next

    5. Configure any phase data filter, it is highly recommended to set up a filter to limit the scope to test on first sync as part of validation. Click Next (See Pro Tip 8)

    6. Click Finish

15. Drag a Stage Data workflow task from the left pane to the right under the Stage Data task mentioned above. Click the Select button to configure the second STAGE DATA workflow task for your target cloud-to-source cloud sync rule.

    1. Select the Cloud to Cloud GAL Sync Source to Target template and click Next

    2. Select the source cloud environment and click Next

    3. Select the target cloud environment and click Next

    4. Select the default target domain name and click Next

    5. Configure any phase data filter, it is highly recommended to set up a filter to limit the scope to test on first sync as part of validation. Click Next (See Pro Tip 8)

    6. Click Finish

16. Drag a Stage Data workflow task from the left pane to the right under the Stage Data task mentioned above. Click the Select button to configure the third STAGE DATA workflow task for your local source to local destination sync rule.

    1. Select the "Local to Local GAL Sync" template and click "Next".

    2. Select the local source environment and click Next

    3. Select the target local environment and click Next

    4. Select the default target domain name and click Next

    5. Select the source OUs that will be part of the project by clicking the ADD button.

       (Video) Migration Manager Suite Technical Presales Demonstration - MMAD and MMEX Migration Overview

    6. In the new OU pop-up window, select the OU to include in the scope, check the INCLUDE ALL SUB-OUS box and click OK to close the pop-up window.

    7. Configure any phase data filter by double-clicking the OU in the OUs list. It is highly recommended to set up a filter to limit the scope to test on first sync as part of validation. Click Next (See Pro Tip 8)

Figure 5: Example of setting up a source OU.

8. Select the default OU for newly created objects for users, groups, contacts and devices. In our case we can select the same OU for all object types since we are only syncing the user as a contact.

Figure 6: Example of setting up a target OU.

9. Click Finish

17. Drag a Stage Data workflow task from the left pane to the right under the Stage Data task mentioned above. Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local sync rule.

    1. Select the "Local to Local GAL Sync" template and click "Next".

    2. Select the target local environment as the source and click Next

    3. Select the local source environment as the destination and click Next

    4. Select the default target domain name and click Next

    5. Select the source OUs that will be part of the project by clicking the ADD button.

    6. In the new OU pop-up window, select the OU to include in the scope, check the INCLUDE ALL SUB-OUS box and click OK to close the pop-up window.

    7. Configure any phase data filter by double-clicking the OU in the OUs list. It is highly recommended to set up a filter to limit the scope to test on first sync as part of validation. Click next

Figure 7: Example of setting up a source OU.

8. Select the default OU for newly created objects for users, groups, contacts and devices. In our case we can select the same OU for all object types since we are only syncing the user as a contact.

Figure 8: Example of setting up a target OU.

9. Click Finish

18. Click the Select button to configure the WRITE TO workflow task. Make sure all four (4) environments are selected, click OK

19. Click next

20. Configure the workflow sync interval, select Manual for now and we can set up a sync schedule once the test sync is complete. Click next

21. Set up any workflow alert that you want to configure. For now, click SKIP

22. Click Finish

Set up test objects

Follow these steps to create a test object in each environment to validate the GAL Sync workflow.

1. Set up a remote mailbox in the source local environment and ensure it is part of the OU filter setup for the local environment.

   1. Display name: Lab1RMBX1

   2. Primary SMTP address: Lab1RMBX1@Lab1.Leagueteam.us

2. Set up a remote mailbox in the local target environment. It is part of the OU filter setup for the local environment.

   (Video) AWS Supports You: Migrating Active Directory to AWS

   1. Display name: Lab2RMBX1

   2. Primary SMTP address: Lab2RMBX1@Lab2.Leagueteam.us

3. Set up a mailbox in the source cloud environment.

   1. Display name: Lab1CLDMBX1

   2. Primary SMTP address: Lab1CLDMBX1@Lab1.Leagueteam.us

4. Set up a mailbox in the source cloud environment.

   1. Display name: Lab2CLDMBX1

   2. Primary SMTP address: Lab2CLDMBX1@Lab2.Leagueteam.us

5. Capture the LegacyExchangeDN value for the above test objects for later use.

6. Add the test cloud objects as a member of the cloud environment filter group if the filter group was configured when the environment was first configured.

Validation of the workflow

Follow the steps below to complete the GAL Sync workflow and validation.

1. Select the configured workflow and click RUN.

2. Wait for the workflow to finish running.

3. Validate that Lab1RMBX1 is created from the source local environment in the target local environment as a mail contact. The target email contact should have the following set:

   1. The PrimarySMTPAddress of the source mailbox is added as the targetAddress

   2. The source mailbox's LegacyExchangeDN is added as an x500 address.

   3. The source mailbox's PrimarySMTPAddress is added as the PrimarySMTPAddress.

   4. The target contact's cn is generated as a random GUID to ensure there are no name collisions.

4. Validate that Lab1CLDMBX1 is created from the source cloud environment in the target cloud environment as a mail contact. The target email contact should have the following set:

   1. The source mailbox's PrimarySMTPAddress is added as an external email address

   2. The source mailbox's LegacyExchangeDN is added as an x500 address.

5. The source mailbox's PrimarySMTPAddress is added as the PrimarySMTPAddress. Validate that Lab1CLDMBX1 is created from the source cloud environment in the target cloud environment as a mail user. The email user should have set the following:

   1. The source mailbox's PrimarySMTPAddress is added as an external email address

   2. The source mailbox's LegacyExchangeDN is added as an x500 address.

   3. The source mailbox's PrimarySMTPAddress is added as the PrimarySMTPAddress.

6. Validate that Lab2CLDMBX1 is created from the source cloud environment in the target cloud environment as a mail contact. The email contact should have specified the following:

   1. The source mailbox's PrimarySMTPAddress is added as an external email address

   2. The source mailbox's LegacyExchangeDN is added as an x500 address.

   3. The PrimarySMTPAddress of the source mailbox is added as the PrimarySMTPAddress.