Active Directory Synchronization: Default / Advanced Settings

Document created by user.oxriBaJeN4 Employee on Sep 3, 2015Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 5Show Document
  • View in full screen mode

Active Directory synchronization using the Mimecast Synchronization Engine has the following modes of operation:

  • Default
  • Advanced



Default Settings


The default settings for Active Directory synchronization are suitable for the majority of scenarios. They are aimed at customers with single domain environments where the Mimecast Synchronization Engine server is installed on a domain member server.

Synchronization Engine SiteAllows you to choose which of your Mimecast Synchronization Engine servers should run the synchronization task.
Acknowledge Disabled Accounts in Active DirectoryUses the useraccountcontrol Active Directory attribute to determine the status of a user. When enabled, users that are disabled in Active Directory are also disabled in Mimecast.

This setting defines which of your organization's internal email domains will be included in the synchronization. If left empty, all email domains registered as a Mimecast internal domain is considered. To limit the synchronization to only consider specific domains, add a comma separated list without spaces to this field. For example:,


When a Directory Connector is saved using these settings, the following parameters are used by the selected Mimecast Synchronization Engine site:

Domain Controller hostA Domain Controller in the domain.
Domain Controller portThe default LDAP port (389).
User name and passwordThe credentials of the Service Account specified in the Accounts tab of Site Configure utility on the Mimecast Synchronization Engine server.
Root Distinguished NameThe primary domain suffix of the server hosting the Mimecast Synchronization Engine, for example if the host name is server1.mimecast.local the Root Distinguished Name will be set to DC=mimecast,DC=local.


Advanced Settings


The advanced settings for Active Directory synchronization build on top of the default settings described above. These are designed to be used in specific scenarios. For example:

  • Your organization has more than one domain to synchronize,
  • You want to override the default settings to use a specific Domain Controller and user to connect to Active Directory,
  • You want to apply a filter to the synchronization.


When used, these settings override the Domain Controller host and port, user name and password, and Root Distinguished Name that the Mimecast Synchronization Engine would use by default.

Hostname / IP AddressOverride the internal hostname or IP address that Active Directory synchronization should connect to.
User Name

Override the user name used to connect to Active Directory to synchronize data. Use DOMAIN\user format (e.g. MIMECAST\administrator).

PasswordOverride the password for the user specified in the User Name field.
Root Distinguished NameSpecify a filter to use when synchronizing data from Active Directory (e.g. OU=london,DC=mimecast,DC=local).


This enables flexibility and support for many scenarios when implementing this feature. For guidance on the supported deployment scenario's please see the Supported Active Directory environments article.



See Also...