Configuring the Synchronization Agent

After you install the synchronization agent, you can configure which objects and which object properties must be synchronized from your on-premise Active Directory domain to your Hosted Exchange organization in CloudBlue Commerce. You can do this by modifying the C:/Program Files/Parallels/Directory Integration/ADSync.exe.config configuration file in a text editor. Here are the main parts of the file:

The SynchronizeContacts Attribute

In the configuration file, the attribute looks like this:

Copy

  <ADSync.Settings
        SynchronizeContacts="true"
        ...>

The SynchronizeContacts attribute defines whether to synchronize contacts. Set it to true (contacts are synchronized) or false (contacts are not synchronized, regardless of whether contacts are returned by LDAP search filters defined in the OrganizationUnits section).

The OrganizationUnits Section

In the configuration file, the section looks like this:

Copy

    <OrganizationUnits>
      <Units>
        ...
        <Unit>
          <Query>(&amp;(|(&amp;(objectClass=contact)(|(targetAddress=*)(mail=*)))(objectClass=user))(|(displayName=*)(mailNickname=*)(givenName=*)(sn=*)))</Query>
        </Unit>
        ...
      </Units>
    </OrganizationUnits>

The OrganizationUnits section defines which objects must be synchronized and consists of units. Each unit contains the following elements:

A Root element. It defines the distinguished name of a search root. If this element is not specified in a unit, the distinguished name of the default search root is used (for instance, DC=domain,DC=local).
A Query element. It defines an LDAP search filter. The synchronization agent uses it to scan your on-premise Active Directory domain. Please refer to this document to learn about LDAP search filter syntax.
A DomainController element. It defines the domain controller. If this element is specified, the respective domain controller is used for LDAP searches. Otherwise, the default domain controller is used.

For example, if you need to synchronize users and contacts of only one organization unit named MyCompany and you want LDAP searches to be performed only through a specific domain controller named dc1.domain.local, the OrganizationUnits section will look like this:

Copy

    <OrganizationUnits>
        <Units>
            <Unit>
                <Root>OU=MyCompany,DC=domain,DC=local</Root>
                <DomainController>dc1.domain.local</DomainController>
            </Unit>
        </Units>
    </OrganizationUnits>

For example, if you need to synchronize all users and contacts of your on-premise Active Directory domain and you want LDAP searches to be performed through the default domain controller, the OrganizationUnits section will look like this:

Copy

    <OrganizationUnits>
      <Units>
        <Unit>
          <Query>(&amp;(|(&amp;(objectClass=contact)(|(targetAddress=*)(mail=*)))(objectClass=user))(|(displayName=*)(mailNickname=*)(givenName=*)(sn=*)))</Query>
        </Unit>
      </Units>
    </OrganizationUnits>

The OptionalProperties Section

In the configuration file, the section looks like this:

Copy

    <OptionalProperties>
      <Properties>
        <UserProperties>
          ...
          <Property>first_name</Property>
          <Property>last_name</Property>
          ...
        </UserProperties>
        <ContactProperties>
          ...
          <Property>office</Property>
          <Property>phone</Property>
          ...
        </ContactProperties>
      </Properties>
    </OptionalProperties>

The OptionalProperties section defines which user and contact properties must be synchronized. To disable the synchronization of a property, remove or comment it out. To learn more about which object properties are synchronized, see the table below.

CloudBlue Commerce Property Name	EDS Configuration Name	AD Properties	Applied To	Is Mandatory	Comments
Display name	Not applicable	displayName mailNickname givenName + sn	User, Contact	Yes	The first non-empty combination of Active Directory properties is used. You cannot disable the synchronization of this property as it is mandatory. The synchronization of an object fails if a mandatory property cannot be detected.
External email	Not applicable	targetAddress	Contact	Yes	If this property is empty, it will be replaced with the value from the mail property. You cannot disable the synchronization of this property as it is mandatory. The synchronization of an object fails if a mandatory property cannot be detected.
Login	Not applicable	userPrincipalName mailNickname SAMAccountName	User	Yes	The first non-empty AD property is used. You cannot disable the synchronization of this property as it is mandatory. The synchronization of an object fails if a mandatory property cannot be detected.
Enabled	Not applicable	userAccountControl	User	Yes	You cannot disable the synchronization of this property as it is mandatory. The synchronization of an object fails if a mandatory property cannot be detected.
Alias	alias	mailNickname	User, Contact	No	This Active Directory property is available only if Exchange Server is installed in your on-premise Active Directory domain.
Hide from Address List	hide_from_address_lists	msExchHideFromAddressLists	User, Contact	No
First Name	first_name	givenName	User, Contact	No
Last Name	last_name	sn	User, Contact	No
Description	description	description	User, Contact	No
Office	office	physicalDeliveryOfficeName	User, Contact	No
Telephone	phone	telephoneNumber	User, Contact	No
Web Page	web_page	wWWHomePage	User, Contact	No
Primary Email	email	mail	User	No
Street	street	streetAddress	User, Contact	No
City	city	l	User, Contact	No
State / Province	state	st	User, Contact	No
Zip / Postal code	zip_code	postalCode	User, Contact	No
Country	country_abbreviation	c	User, Contact	No
Country	country	co	User, Contact	No
Home Phone	home_phone	homePhone	User, Contact	No
Pager	pager	pager	User, Contact	No
Mobile Phone	mobile	mobile	User, Contact	No
Fax	fax	facsimileTelephoneNumber	User, Contact	No
IP Phone	ip_phone	ipPhone	User, Contact	No
Title	title	title	User, Contact	No
Department	department	department	User, Contact	No
Company	company	company	User, Contact	No
Not applicable	sid	objectSid	User	-	This property is not displayed in CloudBlue Commerce. This property is mandatory if the synchronization of password changes is enabled. Otherwise, it is optional. Password changes are traced with a special password change filter installed on each domain controller.
Not applicable	initials	initials	User, Contact	No
Not applicable	post_office_box	postOfficeBox	User, Contact	No
Not applicable	notes	info	User, Contact	No
Password	password	Not applicable	User	-	This property is mandatory if the synchronization of password changes is enabled. Otherwise, it is optional. Password changes are traced with a special password change filter installed on each domain controller.
Email addresses / SIP addresses	proxy_addresses	proxyAddresses	User, Contact	No
Group membership	membership	memberOf	User, Contact	No
External DN	Not applicable	distinguishedName	User, Contact	Yes	This property is not displayed in CloudBlue Commerce. It is used in log files only. You cannot disable the synchronization of this property as it is mandatory. The synchronization of an object fails if a mandatory property cannot be detected.
Not applicable	Not applicable	uSNChanged	User, Contact	Yes	This property is used internally for the detection of object changes. You cannot disable the synchronization of this property as it is mandatory. The synchronization of an object fails if a mandatory property cannot be detected.

Note: The optional attributes that have the not set value in your on-premise Active Directory domain are skipped and not synchronized during the initial synchronization. If you change the value of a synchronized attribute to not set in your on-premise Active Directory domain, the value of this attribute is propagated to CloudBlue Commerce.