2.4 Planning for Address Book Synchronization

IMPORTANT:If you are already synchronizing data between your GroupWise and Exchange systems, see Section A.0, Preexisting GroupWise/Exchange Synchronization.

The GroupWise/Exchange Address Book Synchronization Worksheet helps you gather the information that you need to set up address book synchronization.

In a simple scenario, you need one worksheet to gather information for your entire GroupWise system and for one Exchange server. In more complex scenarios, you need multiple worksheets, depending on the size of your GroupWise and Exchange systems.

This planning section focuses on the simplest scenario, but presents alternatives for handling more complex scenarios.

2.4.1 Gathering GroupWise System Information

Address book synchronization requires the following information about your GroupWise system and about how you want address book synchronization to take place:

MTA for Address Book Synchronization

In order for address book synchronization to occur between GroupWise and Exchange, at least one MTA in your GroupWise system must be configured to perform it. You can configure just one MTA to perform address book synchronization for your entire GroupWise system and all Exchange servers. Or you can configure multiple MTAs to perform address book synchronization for specific Exchange servers.

You can start by configuring just one MTA for address book synchronization in order to understand and test the synchronization process. You can then configure additional MTAs if your GroupWise system includes multiple Exchange servers in distant locations, or if you want to spread out the synchronization load across multiple MTAs.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under MTA to Perform Synchronization, specify the GroupWise domain whose MTA you want to configure to perform address book synchronization.

Use a separate GroupWise/Exchange Address Book Synchronization Worksheet for each MTA that you want to configure for address book synchronization.

Synchronization Schedule

The MTA performs address book synchronization according to the schedule you specify. You can start address book synchronization at a specified time each day and repeat it at a specified interval.

As you are setting up address book synchronization, you can manually request for the MTA to perform address book synchronization as needed. Thereafter, performing scheduled address book synchronization once a day can be sufficient.

If you have multiple MTAs performing address book synchronization, you can configure them with different synchronization schedules.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Hour to Begin Synchronization, specify the number of hours after midnight when you want the first address book synchronization to occur, for example, 3 for 3:00 a.m.

Under Interval between Synchronizations, specify the number of hours between the beginning of each address book synchronization. The smallest interval is 1 hour.

Synchronization Scope for GroupWise Objects

By default, the MTA synchronizes all GroupWise objects in the GroupWise Address Book (except for external objects and objects with limited visibility).

To restrict the GroupWise objects that are synchronized to Exchange, you must collect them into a GroupWise distribution list.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Synchronize Only Members of Distribution List, specify the GroupWise distribution list of objects to synchronize with Exchange. Also specify the post office where you plan to create the distribution list and the GroupWise user to own the distribution list.

IMPORTANT:You must create the distribution list with the subset of GroupWise objects before you can configure address book synchronization.

Synchronization of External Objects

By default, the MTA does not synchronize external users, groups, and resources. External objects represent objects in other email systems. They are not part of your GroupWise system. External users do not have GroupWise mailboxes and cannot log in to GroupWise.

If external objects contain address information that you want represented in your Exchange system, you can choose to synchronize external objects.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Synchronize GroupWise External Objects to Exchange, mark Yes if you want to synchronize external objects.

GroupWise External Domain Object

After address book synchronization, Exchange objects are organized under an External Domain object, which is located under the GroupWise System object in ConsoleOne. The original Active Directory context of each object is represented by an External Post Office object. As a result, Exchange objects are organized under the GroupWise System object parallel to how they are organized in your Exchange system.

Exchange users are represented as GroupWise External User objects.

List of Exchange users in ConsoleOne

The GroupWise External Domain object corresponds to an Exchange synchronization profile on the MTA object. In a simple scenario, one Exchange synchronization profile can synchronize the following objects:

  • All GroupWise objects

    or

    Those GroupWise objects that are included in a single GroupWise distribution list

    and

  • All Exchange objects that are located in one or more contexts on a single Active Directory server

    or

    Those Exchange objects that are included in a single Active Directory group

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under GroupWise External Domain Name, specify the name for the GroupWise External Domain object where you want Exchange objects to be synchronized.

For example, you could create an External Domain object named ExchangeSystem.

Multiple GroupWise external domains and associated Exchange synchronization profiles are needed in a more complex scenarios such as the following:

  • Multiple Active Directory servers

  • Multiple subsets of GroupWise objects as defined in GroupWise distribution lists

  • Multiple subsets of Exchange objects as defined in Active Directory groups

Use a separate GroupWise/Exchange Address Book Synchronization Worksheet for each GroupWise external domain and associated Exchange synchronization profile that you need to create.

GWIA Link for the External Domain

In order to make the GroupWise external domain for Exchange users cooperate with the rest of your GroupWise system, you must create a link between it and a GWIA in a regular domain. If email is already passing between the GroupWise and Exchange systems, you can select a GWIA that is already in use for this purpose. Or you can set up a new GWIA.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Internet Agent for Default MTA Gateway Link, specify the name of the GWIA (domain_name.GWIA) that you want to link to the external domain.

2.4.2 Gathering Exchange System Information

Address book synchronization requires the following information about your Exchange system and about how you want address book synchronization to take place:

Active Directory Server Information

The MTA needs the IP address or DNS hostname and the port number of an Active Directory server. The MTA gains access to the objects in your Exchange system through LDAP authentication to Active Directory.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under LDAP Server Address, specify the IP address or DNS hostname of an Active Directory server.

Under LDAP Server Port, specify the port number on which the MTA can communicate with the Active Directory server. Specify 636 for a secure SSL connection or 389 for a non-secure connection.

If your Exchange system requires SSL, the MTA also needs to know the location of the SSL key file for the Active Directory Server. This key file is a certificate file that can be exported from the certificate authority on the Active Directory server, and then copied to a location where the MTA can access it using the specified path name.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Use SSL, mark Yes or No. If you are using SSL, specify the full path name of the SSL key file for the Active server.

IMPORTANT:If you are using SSL, contact the administrator of the Active Directory server to obtain the SSL key file.

Use a separate GroupWise/Exchange Address Book Synchronization Worksheet for each Active Directory server that the MTA needs to communicate with.

Active Directory Credentials

The MTA needs to authenticate to your Exchange system through Active Directory as a specific Active Directory user.

You should create a new, dedicated Active Directory user specifically for this purpose, rather than using an existing user. This MTA synchronization user must:

  • Have sufficient rights to create objects in Active Directory

  • Be a member of the Active Directory Domain Admins group

    If you do not want to make the MTA synchronization user a member of this group, follow the instructions in Restricting the Rights of the MTA Synchronization User.

Use either of the following formats to specify the user:

  • cn=ldapuser,cn=users,dc=yourcompanyname,dc=com

  • ldapuser@yourcompanyname.com

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under LDAP User, specify the Active Directory user that the MTA can use to authenticate to your Exchange system.

Under LDAP Password, specify the password for the MTA synchronization user.

IMPORTANT:Create the MTA synchronization user before starting to configure address book synchronization. If you do not want the MTA synchronization user to be a member of the Active Directory Domain Admins group, follow the instructions below at the same time you create the user.

Restricting the Rights of the MTA Synchronization User

If you do not want to add the MTA synchronization user to the Active Directory Domain Admins group, you must manually create the Active Directory context for GroupWise objects before performing the address book synchronization and configure it with the desired rights for the MTA synchronization user. (As a member of the Domain Admins group, the MTA would create the context for you.)

In Active Directory Users and Computers:

  1. Create the Active Directory context for GroupWise objects:

    1. Right-click the Active Directory server, then click New > Organization Unit.

    2. Specify a unique name for the new organizational unit, then click OK.

  2. Right-click the new organizational unit, then click Delegate Control.

  3. Click Next to start the Delegation of Control Wizard.

  4. Select the MTA synchronization user:

    1. Click Add.

    2. Specify the object name of the MTA synchronization user, then click Check Names to verify it.

    3. Click OK to accept it.

    4. Click Next to continue.

  5. Click Create a custom task to delegate, then click Next.

  6. Configure the task to delegate to the MTA synchronization user:

    1. Select Only the following objects in the folder, then select the following options:

      • Contact objects
      • Group objects
      • Organization Unit objects
    2. Select the following additional options:

      • Create selected objects in this folder
      • Delete selected objects in this folder
    3. Click Next to continue.

  7. Select the permissions for the MTA synchronization user to have when performing the task:

    1. In the Permissions list, select the following permissions:

      • Read
      • Write
      • Read All Properties
      • Write All Properties
    2. Click Next to continue.

  8. Click Finish.

Active Directory Contexts of Exchange Objects

The MTA looks for Exchange users, distribution groups, and resources in one or more Active Directory contexts that you specify. Optionally, the MTA can look for Exchange objects in contexts beneath the context that you specify.

Specify the Active Directory context for Exchange objects in the following format:

cn=container,dc=domain_component,dc=domain_component,...
ou=container,dc=domain_component,dc=domain_component,...

For example:

cn=Users,dc=exchsvr,dc=yourcompanyname,dc=com

If the context is not under Users, use ou instead of cn.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Exchange Base Contexts, specify the Active Directory context where Exchange objects are located. Mark whether the MTA should search subcontexts in addition to the specified context.

After address book synchronization, Exchange objects are organized under a GroupWise External Domain object in ConsoleOne, as described in GroupWise External Domain Object. The original Active Directory context is represented by an External Post Office object. You choose the name of the External Post Office object. It must be different from the name of the External Domain object.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Exchange Base Contexts, specify the name for the External Post Office object that you want to represent the Active Directory context where Exchange objects are located.

For example, you could name the External Post Office object ExchangeUsers.

Synchronization Scope for Exchange Objects

By default, the MTA synchronizes all Exchange users, distribution groups, and resources in the Active Directory contexts that you specify. To restrict which Exchange objects are synchronized, you must collect the objects into an Exchange distribution group.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Only Synchronize Members of Exchange Distribution Group, list the Exchange distribution group of Exchange objects to synchronize with GroupWise.

IMPORTANT:Make sure that the distribution group contains the correct subset of Exchange objects before address book synchronization begins.

Synchronization of Exchange Mail Contacts

By default, the MTA does not synchronize Exchange Mail Contacts. Mail Contacts represent objects in other email systems. Mailbox Contacts do not have Exchange mailboxes and cannot log in to Exchange. They are not part of your Exchange system.

If Mail Contacts contain address information that you want represented in your GroupWise system, you can choose to synchronize Mail Contacts.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Synchronize Exchange Mail Contacts to GroupWise, mark Yes if you want to synchronize Mail Contacts.

Active Directory Display Name Format for GroupWise Users

By default, the MTA synchronizes GroupWise users to Active Directory with their names formatted with first names followed by last names. The display name format in Active Directory is what Outlook users see when they select recipients for messages. You can change the order or the names if necessary.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Active Directory Display Name Format, mark the desired ordering of first names and last names.

Active Directory Context for GroupWise Objects

After address book synchronization, GroupWise objects are organized under a new Active Directory folder that is created specifically to hold synchronized GroupWise objects. GroupWise domains are organized into subfolders under the GroupWise folder. GroupWise post offices are organized into subfolders under their respective domain folders. As a result, GroupWise objects are organized in Active Directory parallel to how they are organized in your GroupWise system.

GroupWise users, distribution lists, and groups shown in Active Directory Users and Computers

GroupWise users are represented in Active Directory as Exchange Contact objects.

GroupWise resources are also represented as Exchange Contact objects, rather than as Exchange Resource objects. Exchange resources have mailboxes just as GroupWise resources do, and a mailbox cannot be on both sides of the synchronization process. Therefore, GroupWise resources cannot be synchronized as Exchange resources.

GroupWise distribution lists are represented as Exchange Distribution Group objects.

Specify the Active Directory context for GroupWise objects in the following format:

ou=GroupWise,dc=exchsvr,dc=yourcompanyname,dc=com

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Base Context for GroupWise Objects, specify the Active Directory context that you want the MTA to create for GroupWise objects.

Exchange Global Address List

By default, GroupWise objects are added to the default Exchange Global Address List (GAL). If you have created multiple Global Address Lists in your Exchange system, and if you want GroupWise objects added to one of the Global Address Lists that you have created, you must specify the DN of the GAL that you want GroupWise users added to. Use the following format to specify the GAL DN:

CN=Default Global Address List,CN=All Global Address Lists,
   CN=Address Lists Container,CN=Exchange Organization,
   CN=Microsoft Exchange,CN=Services,CN=Configuration,
   DC=exchmail,DC=yourcompanyname,DC=com

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Exchange Global Address List DN, specify the CN for the GAL where you want the MTA to add GroupWise objects.

Exchange Client Access Server URL

The GroupWise Free/Busy service enables GroupWise users and Exchange users to access each other’s calendar information when scheduling appointments, as described in Section 3.0, GroupWise Free/Busy Service. Address book synchronization must be set up and functioning correctly in order for the GroupWise Free/Busy service to function.

The calendar information is exchanged between GroupWise and Exchange through Internet free/busy URLs:

https://exchange_server/ngwfbs/exchange/exchange_userid@exchange_domain.vfb
https://exchange_server/ngwfbs/exchange/gw_userid@gw_internet_domain.vfb

Each Exchange user's Internet free/busy URL based on the URL of an Exchange server that has the Client Access server role installed. During address book synchronization, Internet free/busy URLs are added to the Exchange user's External User objects in the GroupWise system. Without the Internet free/busy URL for each Exchange user, GroupWise users cannot perform Busy Searches on Exchange users.

Specify the URL of an Exchange Client Access server in the following format:

https://exchange_server

By default, the Exchange Client Access server requires a secure SSL connection. Therefore, you must use https in the URL.

GROUPWISE ADDRESS BOOK SYNCHRONIZATION WORKSHEET

Under Exchange Client Access Server URL, specify the URL of an Exchange server that has the Client Access server role installed.

2.4.3 GroupWise/Exchange Address Book Synchronization Worksheet

ConsoleOne Field

Value for Your GroupWise or Exchange System

Explanation

MTA to Perform Synchronization:

MTA for Address Book Synchronization

Synchronization Schedule:

  • Hour to begin Exchange address book synchronization

  • Interval between synchronizations

Synchronization Schedule

GroupWise External Domain for Exchange Objects:

For example, ExchangeSystem

GroupWise External Domain Object

Internet Agent for Default MTA Gateway Link:

GWIA Link for the External Domain

Synchronize GroupWise External Objects to Exchange?

  • Yes

  • No

Synchronization of External Objects

Synchronize Exchange Mail Contacts to GroupWise?

  • Yes

  • No

Synchronization of Exchange Mail Contacts

Exchange Client Access Server URL:

https://exchange_server

Exchange Client Access Server URL

Active Directory Server Information:

  • LDAP server address

  • LDAP server port

    Default secure port: 636

    Default non-secure port: 389

Active Directory Server Information

Active Directory Credentials:

  • LDAP user

    For example, ldapuser@company.com

  • LDAP password

Active Directory Credentials

Active Directory Server Security:

  • Use SSL

    • Yes

      LDAP SSL key file

    • No

Active Directory Server Information

Base Context for GroupWise Objects:

For example:

ou=GroupWise,dc=exchsvr,
dc=yourcompanyname,dc=com

Active Directory Context for GroupWise Objects

Active Directory Display Name Format:

  • First Name Last Name

  • Last Name First Name

Active Directory Display Name Format for GroupWise Users

Base Contexts of Exchange Objects:

  • Base context

    For example, Users

  • GroupWise post office name

    For example, ExchangeUsers

  • Process subcontexts

    • Yes

    • No

Active Directory Contexts of Exchange Objects

Synchronize Only Members of:

  • GroupWise distribution list

    Distribution list name

    Post office

    Owner

  • Exchange distribution group

    Distribution group name

    Active Directory context

Synchronization Scope for GroupWise Objects

Synchronization Scope for Exchange Objects

Exchange Global Address List DN:

Exchange Global Address List