- Applies To...
- Installing the Mimecast Synchronization Engine
- Creating a User Account to Connect with Active Directory
- Configuring the Mimecast Synchronization Engine
- Binding the Mimecast Synchronization Engine to the Cloud
- Validating the Mimecast Synchronization Engine Installation
- Resetting The Mimecast Synchronization Engine Account
If you have an On Premise or Hybrid Active Directory, you can automatically manage your users and groups by synchronizing your directory with the Mimecast Synchronization Engine. The Mimecast Synchronization Engine app runs on your network to securely back up changes in your Active Directory to our cloud.
To synchronize your directory using the Mimecast Synchronization Engine, you'll need to complete the following tasks:
- Download the Mimecast Synchronization Engine app from Application Downloads and install it on a local server.
- Create a user account that can query your Active Directory.
- Connect the app to your Active Directory with the account credentials provided.
- Bind the app to our cloud with the account credentials provided.
- Complete the synchronization in the Connect Application.
- Validate the Mimecast Synchronization Engine installation.
Installing the Mimecast Synchronization Engine
To synchronize your directory, install the Mimecast Synchronization Engine app on a local server. Follow the installation instructions listed in the Installing / Upgrading the Mimecast Synchronization Engine page.
The Mimecast Synchronization Engine must be installed on a Windows Server:
- With Windows Server 2003 through to Windows Server 2012 R2.
- With .Net Framework version 4.5.1.
- On the same LAN and domain as your Active Directory domain controllers to ensure the best performance.
- Able to connect outbound using HTTPS (port 443) to the following URL's:
Alternatively, to install the Mimecast Synchronization Engine app from the Connect Application:
- Click on the Platform | Synchronize Your Directory menu item.
- Click the Start button in the Task Steps for Mimecast Synchronization Engine section.
- Click the Download link. The Mimecast Synchronization Engine will begin to download.
- Save the ZIP file to a Windows server that has access to your domain controller.
- Open the ZIP file and launch the installer. Follow the onscreen instructions in the wizard.
- Ensure our service layer hosts are accessible, and the app has outbound access to these hosts on port 443. The app communicates securely over HTTPS with our regional service layer hosts.
- When you're ready, click the Next button. The Configure the Synchronization Engine page is displayed where you'll connect your Active Directory with our cloud.
Creating a User Account to Connect with Active Directory
A user account is required in order to synchronize your Active Directory with us. Set this user account to:
- Have a mailbox associated with it.
- Have a password that doesn’t expire.
- Not require a password change on the first log in.
- Use the naming format of "firstname.lastname@example.org".
- Have read access to the parts of your directory that require synchronization.
- Be a member of the Organization Management group, if you have mail-enabled public folders.
Configuring the Mimecast Synchronization Engine
To connect the Mimecast Synchronization Engine app to your Active Directory:
- Open the Site Configure | Accounts utility on the server where the Mimecast Synchronization Engine is installed.
- Register the app by completing the dialog as follows:
Field / Option Description SMTP Address Enter the email address displayed under "Account Credentials" in the Connect Application. This is the user account that will be used to access your Active Directory. Ensure that you followed the above "Creating a User Account to Connect with Active Directory" step to create this user before proceeding. Password Enter the password for the email address displayed in the Configure the Mimecast Synchronization Engine page in the Connect Application. Use Exchange Impersonation Ensure this option is selected. Although this is not used for Active Directory synchronization, it will be used if you ever use any of the Exchange-related Synchronization Engine tasks as described in the Mimecast Synchronization Engine space. Directory Option Select the default "Microsoft Active Directory" option from the drop-down list.
- Click the Apply button to start the site bind process (described below).
Binding the Mimecast Synchronization Engine to the Cloud
A binding is a security association between the Mimecast Synchronization Engine app and the Mimecast cloud. The binding is configured using the Site Bind process on the server where the Mimecast Synchronization Engine in installed. This binding is required so you can:
- View the Mimecast Synchronization Engine site in the Administration Console.
- Start scheduled tasks (e.g. Active Directory Synchronization).
Before binding your Mimecast Synchronization Engine site, you'll need to ensure:
- The server where the Mimecast Synchronization Engine is installed has outbound connectivity using HTTPS (port 443) to Mimecast.
- You have noted the email address and password as displayed in the Connect Application under "Account Credentials".
To bind the Mimecast Synchronization Engine app to our cloud:
- Enter the following account credentials in the Site Configure utility in the app:
Field / Option Description Email Address Enter the email address displayed in the Configure the Mimecast Synchronization Engine page in the Connect Application. Password Enter the password displayed in the Configure the Mimecast Synchronization Engine page in the Connect Application.
- Click the Bind button.
The Connect Application automatically performs the following steps:
- Finds the Mimecast account associated with the domain name of the email address entered.
- Binds the site to the discovered account.
- Validates that the Microsoft mailbox can successfully query the specified Directory Type.
- Saves the binding information to local storage.
Once the binding is configured:
- Click on the Synchronize button in the Configure the Mimecast Synchronization Engine page of the Connect Application.
- Review your directory synchronization details in the summary page that displays. We'll synchronize your directory shortly after.
- View your completed installation in the Mimecast Administration Console in the Services | Synchronization Engine Sites page.
Validating the Mimecast Synchronization Engine Installation
The Mimecast Synchronization Engine server picks up the site, and starts scheduling Active Directory synchronization, within two minutes of the site being bound. We'll validate the connection is up and running for you.
To validate the connection yourself:
- Log on to the Mimecast Synchronization Engine server that the Active Directory Sync connection is configured to use.
- Navigate to the Service Log directory. This is by default %ProgramData% \Mimecast Synchronisation Engine\logs\.
- Open the current day's Log File.
- Search for the string "calling siteConfig."
If you see a line similar to the one below, Active Directory synchronization is being applied.
DEBUG|02062015 08:46:37,319| 4|mseservice|
AntiCorruptionScheduler|+ event taskId: 2972, name: Task Description, next occurrence: 02/06/2015
If you don't see this line, you should see an error message indicating why the Active Directory synchronization cannot be applied. This is normally caused by a networking issue preventing the Mimecast Synchronization Engine connecting to the Mimecast API.
Resetting The Mimecast Synchronization Engine Account
If you've forgotten your Mimecast Synchronization Engine password, or you want to reset it, you can do this in the Administration console with an administrator that has protected permissions. See Understanding Administrator Roles for more details.