Last updated on: 2020-12-14
Authored by: Kevin Richey
This article provides information for administrators using Rackspace Directory Sync. It includes information about how Directory Sync works with Active Directory® and how to use local domains to synchronize to Rackspace Hosted Email.
Using Directory Sync for your organization provides these benefits:
Rackspace Directory Sync supports the synchronization of the following Active Directory objects:
Directory Sync supports the following Rackspace Email platforms:
Directory Sync supports the following Active Directory platforms:
See Rackspace Directory Sync: Install and configure to get started.
Note: You must restart the domain controller during installation for the password synchronization to work.
Directory Sync automatically synchronizes changes from your local directory to your email accounts every five minutes. You can also click Sync Now to synchronize immediately.
Directory Sync synchronizes only one-way. It does not synchronize information from Hosted Exchange or Rackspace Email back to your Active Directory. If you change any information, such as passwords, by using Outlook® Web App or Control Panel, it does not synchronize you mailboxes with Active Directory.
Directory Sync synchronizes one local Active Directory domain with multiple email domains.
The domain names can be the same or different. You specify the local Active Directory domain at set up.
Directory Sync uses Active Directory security groups to manage which objects it synchronizes with your email service. If you use Hosted Exchange, create a new security group for the users that synchronize with Exchange mailboxes. If you use Rackspace Email, create a new security group for the users that synchronize with Rackspace Email mailboxes. If you use both Hosted Exchange and Rackspace Email, you create two security groups. Directory Sync creates and manages mailboxes for all user objects that you add to the security groups.
Directory Sync associates Active Directory user objects with email accounts by using their mail attribute. The mail attribute is the email address property associated with the user.
Password synchronization occurs after the user object has synchronized with the mailbox. Password change synchronization occurs on an interval with a higher priority than other synchronization sessions.
When you install Directory Sync, it cannot automatically synchronize existing passwords because they are unreadable from Active Directory. Users continue to use their old email passwords. When users manually change their password, Directory Sync synchronizes it with their mailbox. Be sure to assign user objects to email security groups before you change passwords. Otherwise, Directory Sync does not set the new passwords.
When you create new mailboxes, those users must change their passwords before they can access their email.
If you manage your Active Directory with multiple domain controllers, you must install the Directory Sync Password Handler on all secondary domain controllers. This handler synchronizes password changes on secondary domain controllers to the primary domain controller and then synchronizes those changes to Rackspace Hosted Mail.
Synchronize users within distribution lists or security groups from Active Directory to distribution list membership within the Control Panel. Directory Sync uses the group’s email address property to synchronize with the Hosted Exchange distribution list.
Synchronize contact objects within Active Directory to your Exchange contacts within the Hosted Exchange environment. Within Active Directory, you can set up the external email address to which the contact forwards. Directory Sync uses the contact object’s mail attribute to set this.
You can use the
proxyAddresses attribute to create alternate email addresses
(aliases) for the Hosted Exchange environment. If you set the
attribute to include
SMTP: userA@example.net, then Directory Sync adds the
userA@example.net to the environment as an alias to that email
proxyAddressesattribute creates an alternate email address associated with the user’s mailbox.
smtp:userB@example.comcreates the alternate address
smtp:userA@example.orgcreates the alternate address
Find the setting in the appSettings.config file in the \Directory Sync Service\web directory.
Go to the following configuration value:
`<add key="SyncProxyAddresses" value="False" />`
Change the setting to
True to enable syncing of the proxy addresses. Future
upgrade installations do not revert this setting.
proxyAddressesattribute does not contain any domain aliases to avoid errors.
This section describes some security considerations.
Directory Sync does not set an email password that does not meet minimal password requirements. We recommend that you change your domain password rules to meet or exceed these requirements.
Note the following email requirements:
You do not have to open any inbound ports from the Internet to your domain controllers.
Enable the following ports on the Directory Sync server:
HTTPS secures communications between Directory Sync and Rackspace. Microsoft® WCF Transport Security, which uses Windows Authentication and encryption, secures communications between the Active Directory password hook and Directory Sync.
Directory Sync synchronizes the following user attributes with Hosted Exchange and Rackspace Email mailboxes. Some attributes differ between Rackspace Email and Exchange mailboxes.
Each list element contains the email attribute, the Active Directory Services Interface (ADSI) property, and any limitations in parnetheses.
©2020 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License