Active Directory synchronization using the Mimecast Synchronization Engine has the following modes of operation:
This page explains the expected behavior for each mode.
The default settings for Active Directory synchronization are suitable for the majority of scenarios. They are aimed at customers with single domain environments where the Mimecast Synchronization Engine server is installed on a domain member server.
|Synchronization Engine Site||Allows you to choose which of your Mimecast Synchronization Engine servers should run the synchronization task.|
|Acknowledge Disabled Accounts in Active Directory||Uses the useraccountcontrol Active Directory attribute to determine the status of a user. When enabled, users that are disabled in Active Directory are also disabled in Mimecast.|
This setting defines which of your organization's internal email domains will be included in the synchronization. If left empty, all email domains registered as a Mimecast internal domain is considered. To limit the synchronization to only consider specific domains, add a comma separated list without spaces to this field. For example:
When a Directory Connector is saved using these settings, the following parameters are used by the selected Mimecast Synchronization Engine site:
|Domain Controller host||A Domain Controller in the domain.|
|Domain Controller port||The default LDAP port (389).|
|User name and password||The credentials of the Service Account specified in the Accounts tab of Site Configure utility on the Mimecast Synchronization Engine server.|
|Root Distinguished Name||The primary domain suffix of the server hosting the Mimecast Synchronization Engine, for example if the host name is server1.mimecast.local the Root Distinguished Name will be set to DC=mimecast,DC=local.|
The advanced settings for Active Directory synchronization build on top of the default settings described above. These are designed to be used in specific scenarios. For example:
- Your organization has more than one domain to synchronize,
- You want to override the default settings to use a specific Domain Controller and user to connect to Active Directory,
- You want to apply a filter to the synchronization.
When used, these settings override the Domain Controller host and port, user name and password, and Root Distinguished Name that the Mimecast Synchronization Engine would use by default.
|Hostname / IP Address||Override the internal hostname or IP address that Active Directory synchronization should connect to.|
Override the user name used to connect to Active Directory to synchronize data. Use DOMAIN\user format (e.g. MIMECAST\administrator).
|Password||Override the password for the user specified in the User Name field.|
|Root Distinguished Name||Specify a filter to use when synchronizing data from Active Directory (e.g. OU=london,DC=mimecast,dc=local).|
This enables flexibility and support for many different scenario's when implementing this feature. For guidance on the supported deployment scenario's please see the Supported Active Directory environments article.