Understanding the default and advanced settings for Active Directory Sync

Document created by user.oxriBaJeN4 Employee on Sep 3, 2015
Version 1Show Document
  • View in full screen mode

Active Directory Sync using the Mimecast Synchronization Engine has 2 modes of operation, default and advanced. This article will explain the expected behavior for each mode.


Default settings


The default settings for Active Directory Sync are suitable for the majority of scenarios and are aimed at customers with single domain environments where the Mimecast Synchronization Engine server is installed on a domain member server.


Synchronization Engine SiteThis setting allows you to choose which of your Mimecast Synchronization Engine servers should run the synchronization task.
Acknowledge Disabled Accounts in Active DirectoryThis setting uses the useraccountcontrol Active Directory attribute to determine the status of a user. When enabled, users that are disabled in Active Directory will also be disabled in Mimecast.

This setting defines which of your organization's internal email domains will be included in the sync.


If left empty all email domains registered as a Mimecast Internal Domain will be considered.


To limit the sync to only consider specific domains, add a comma separated list without spaces to this field, for example,



When a Directory Connector is saved using these settings the following parameters are used by the selected Mimecast Synchronization Engine site:


Domain Controller hostA Domain Controller in the domain.
Domain Controller portThe default LDAP port (389).
User name and passwordThe credentials of the Service Account specified in the Accounts tab of Site Configure utility on the Mimecast Synchronization Engine server.
Root Distinguished NameThe primary domain suffix of the server hosting the Mimecast Synchronization Engine, for example if the host name is server1.mimecast.local the Root Distinguished Name will be set to DC=mimecast,DC=local.


Advanced settings


The advanced settings for Active Directory Sync build on top of the default settings described above and are designed to be used in specific scenarios, for example:


  • your organization has more than one domain to synchronize,
  • you want to override the default settings to use a specific Domain Controller and user to connect to Active Directory,
  • you want to apply a filter to the synchronization.


When used, these settings override the Domain Controller host and port, user name and password, and Root Distinguished Name that the Mimecast Synchronization Engine would use by default.


Hostname / IP AddressOverride the internal hostname or IP address that Active Directory Sync should connect to.
Connection PortOverride the port that Active Directory Sync should use for connections to the specified host.
User Name

Override the user name used to connect to Active Directory to synchronize data.


Use DOMAIN\user format, for example, MIMECAST\administrator

PasswordOverride the password for the user specified in the User Name field.
Root Distinguished NameSpecify a filter to use when synchronizing data from Active Directory, for example, OU=london,DC=mimecast,dc=local.


This enables flexibility and support for many different scenario's when implementing this feature.


For guidance on the supported deployment scenario's please see the Supported Active Directory environments article.