Connect Application: Enabling Active Directory Synchronization Using the Mimecast Synchronization Engine

Document created by user.oxriBaJeN4 Employee on Apr 14, 2016Last modified by user.oxriBaJeN4 Employee on Jun 29, 2017
Version 16Show Document
  • View in full screen mode

Applies To...

 

This page applies to new clients connecting with Mimecast using the Connect Application. If you are not using the Connect Application, click here.

 

Walkthrough

 

This article provides general guidance to enable Active Directory synchronization using the Mimecast Synchronization Engine using the default settings.

Active Directory synchronization using the Mimecast Synchronization Engine does not synchronize   passwords or provide any authentication functionality. If you require authentication for Mimecast   applications, use Exchange EWS or ADFS domain authentication functionality.

To enable Active Directory synchronization using the Mimecast Synchronization Engine involves the following tasks:

  1. Creating a user to connect with your Active Directory.
  2. Installing the Mimecast Synchronization Engine.
  3. Configuring your Mimecast Synchronization Engine site.
  4. Binding your Mimecast Synchronization Engine site to Mimecast.

 

Creating a User to Connect With Your Active Directory

 

A user is required to connect to your Active Directory in order to synchronize your data with Mimecast. This user must:

  • Have read access to the parts of your directory that require synchronization.
  • Have a password that doesn’t expire.
  • Not require a password change on first log in.
  • Be a member of the Exchange Organization Administrators group, if you have mail enabled public folders.

 

If you intend to use other services provided by the Mimecast Synchronization Engine, you may need to configure additional Exchange permissions. For more information, consult the Mimecast Synchronization Engine page.

 

Installing the Mimecast Synchronization Engine

Follow the installation instructions listed in the Installing / Upgrading the Mimecast Synchronization Engine page.

The Mimecast Synchronization Engine must be installed on a Windows Server:

 

Configuring Your Mimecast Synchronization Engine Site

 

To configure your Mimecast Synchronization Engine site:

  1. Open the Site Configure utility on the server where the Synchronization Engine is installed.
  2. Click on the Accounts tab.
  3. Complete the dialog as follows:

    Field / OptionDescription
    SMTP AddressEnter the email address displayed in the Connect Application. This is the user that will be used to access your Active Directory.
    PasswordEnter the password of the email address displayed in the Connect Application.
    Use Exchange ImpersonationEnsure this option is selected. Although this is not used for Active Directory synchronization, it will be used if you ever use any of the Exchange related Synchronization Engine tasks as described in the Mimecast Synchronization Engine space.
    Directory OptionSelect the default "Microsoft Active Directory" option from the drop down list.
  4. Click the Apply button to start the site bind process (described below).

 

Binding Your Mimecast Synchronization Engine Site to Mimecast

 

In the context of the Mimecast Synchronization Engine, a binding is a security association between the site and Mimecast. The binding is created when a user with the required permissions successfully authenticates using the Site Bind process on the server where the Mimecast Synchronization Engine in installed. This binding is required for you to:

  • View the Mimecast Synchronization Engine site in the Administration Console.
  • Start scheduled tasks (e.g. Active Directory Synchronization).

Any Mailbox Unreachable errors can be ignored for this task.

Before binding your Mimecast Synchronization Engine site, the following tasks must be performed:

  1. Ensure the server where the Mimecast Synchronization Engine is installed has outbound connectivity using HTTPS (port 443) to Mimecast.
  2. You have the email address and password for the "Synchronization Engine Administrator", this will be displayed in the Connect Application.

 

To bind the Mimecast Synchronization Engine site:

  1. Complete the dialog as follows:

    Field / OptionDescription
    Email AddressEnter the email address displayed in the Connect Application.
    PasswordEnter the password of the email address displayed in the Connect Application.
  2. Click the Bind button.

 

The Connect Application automatically performs the following steps:

  • Finds the Mimeacst account associated with the domain name of the email address entered.
  • Registers (binds) the site with the discovered account.
  • Validates that the Microsoft mailbox can successfully query the specified Directory Type.
  • Saves the binding information to local storage.

 

Once a binding has been created successfully, you can view your installation in the Mimecast Administration Console in the Services | Synchronization Engine Sites page.

 

Validating the Mimecast Synchronization Engine Installation

 

The Mimecast Synchronization Engine server should pickup the site and start scheduling Active Directory synchronization, inside two minutes of the site being binded. We will validate that hte connection is up and running for you.

 

To validate the connection yourself:

  1. Log in to the Mimecast Synchronization Engine server that the Active Directory Sync connection is configured to use.
  2. Navigate to the Service Log directory. This is by default %ProgramData% \Mimecast Synchronisation Engine\logs\.
  3. Open the current day's Log File.
  4. Search for the string "calling siteConfig."

 

If you see a line similar to the one below, Active Directory synchronization is being applied.

 

DEBUG|02062015 08:46:37,319| 4|mseservice|

AntiCorruptionScheduler|+ event taskId: 2972, name: Task Description, next occurrence: 02/06/2015

13:00:00

 

If you do not see this line, you should see an error message indicating why the Active Directory synchronization cannot be applied. This is normally caused by a networking issue preventing the Mimecast Synchronization Engine connecting to the Mimecast API.

1 person found this helpful

Attachments

    Outcomes