Active Directory Sync using the Mimecast Synchronization Engine has 2 modes of operation, default and advanced. This article will explain the expected behavior for each mode.
The default settings for Active Directory Sync are suitable for the majority of scenarios and are aimed at customers with single domain environments where the Mimecast Synchronization Engine server is installed on a domain member server.
|Synchronization Engine Site||This setting allows you to choose which of your Mimecast Synchronization Engine servers should run the synchronization task.|
|Acknowledge Disabled Accounts in Active Directory||This setting uses the useraccountcontrol Active Directory attribute to determine the status of a user. When enabled, users that are disabled in Active Directory will also be disabled in Mimecast.|
This setting defines which of your organization's internal email domains will be included in the sync.
If left empty all email domains registered as a Mimecast Internal Domain will be considered.
To limit the sync to only consider specific domains, add a comma separated list without spaces to this field, for example,
When a Directory Connector is saved using these settings the following parameters are used by the selected Mimecast Synchronization Engine site:
|Domain Controller host||A Domain Controller in the domain.|
|Domain Controller port||The default LDAP port (389).|
|User name and password||The credentials of the Service Account specified in the Accounts tab of Site Configure utility on the Mimecast Synchronization Engine server.|
|Root Distinguished Name||The primary domain suffix of the server hosting the Mimecast Synchronization Engine, for example if the host name is server1.mimecast.local the Root Distinguished Name will be set to DC=mimecast,DC=local.|
The advanced settings for Active Directory Sync build on top of the default settings described above and are designed to be used in specific scenarios, for example:
- your organization has more than one domain to synchronize,
- you want to override the default settings to use a specific Domain Controller and user to connect to Active Directory,
- you want to apply a filter to the synchronization.
When used, these settings override the Domain Controller host and port, user name and password, and Root Distinguished Name that the Mimecast Synchronization Engine would use by default.
|Hostname / IP Address||Override the internal hostname or IP address that Active Directory Sync should connect to.|
|Connection Port||Override the port that Active Directory Sync should use for connections to the specified host.|
Override the user name used to connect to Active Directory to synchronize data.
Use DOMAIN\user format, for example, MIMECAST\administrator
|Password||Override the password for the user specified in the User Name field.|
|Root Distinguished Name||Specify a filter to use when synchronizing data from Active Directory, for example, OU=london,DC=mimecast,dc=local.|
This enables flexibility and support for many different scenario's when implementing this feature.
For guidance on the supported deployment scenario's please see the Supported Active Directory environments article.