How to extend FIM GALSync solution with additional contact sources
Forefront Identity Manager (FIM) provides an out-of-the-box solution for GALSync which is commonly used by Exchange Server customers today.
In recent times a lot of companies are joining into groups or just cooperating on various integration levels. It is quite common for such organizations to have well connected companies (where you have so integrated IT organizations that you can connect directly to other organization Active Directory and read/write address book data) but as well some other satellite companies/sub organization connected in a looser way.
In such case you can have additional contacts coming from these organizations which you may like to introduce into your GAL. These contacts can be delivered by using CSV files or other method.
Solution
Out of the box GALSync solution provides pre-prepared management agents which can take data out from Active Directory. However it doesn't provide pre-prepared management agents for other supplementary data sources. You can add additional contacts as the users (which basically means that they will be authoritative sources for these organizations). There are generally two things you have to remember when adding such sources:
- prepare all necessary attributes (directly in data source or by calculation in import rules)
- use object types for which out of the box synchronization rules will fit your needs
Attributes you need to provide
| Attribute | Description |
| CN | Used as the name of the contact in AD |
| displayName | Used as display name for the contact in GAL (will be visible to the users).It is quite useful to append the name with name of the organization from which contact is coming (it is easier to recognize contacts in case people with the same name are coming from different organizations) |
| Mail (SMTP) address | |
| mailNickname | Mail nickname used by Exchange to create contact. They should be properly formatted according to Exchange requirements. |
| givenName | First name |
| sn | Last name |
| targetAddress | Target address populated in contact. It should be in format:SMTP:mail Where mail is SMTP mail address (same as mail attribute). |
You can provide as well some additional attributes like for example attributes related to organization (company, department, etc.).
Selecting object types (Metaverse and on the MA side)
Synchronizing these objects as the contacts in Metaverse doesn't will not work with standard solution (as it is prepared to take contacts only from predefined OUs). More appropriate way of doing it is to synchronize these additional contacts as the person objects in the Metaverse. On the MA side there is just one thing you have to remember - to define in you Management Agent object class as the user (because this is the class expected by the GALSync provisioning code).
Step by step adding CSV data source
Let's say you have your additional contacts prepared in CSV file including all necessary attributes. For example your file looks like:
CN, displayName, mail, mailNickname, givenName, sn, targetAddress
John Smith, John Smith (Partner Company), j.smith@partnercompany.com, j_smith_partnercompany_com, John, Smith, SMTP:j.smith@partnercompany.com
Richard Black, Richard Black (Partner Company), r.black@partnercompany.com, r_black_partnercompany_com, Richard, Black, SMTP:r.black@partnercompany.com
Create new MA taking data from your source
Start creating CSV MA
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step01.png
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step02.png
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step03.png
On Configure Attributes tab go to Advanced and change object class to "user"
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step04.png
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step04a.png
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step05.png Add filters if required
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step06.png
Add join and projection rules (to person Metaverse class)
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step07.png
Create import flows (add your own if required)
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step08.png
Finish creating MA
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step09.png
http://idarchitect.net/wp-content/uploads/2014/11/GALCSV_Step10.png
Add run profiles and use your new Management Agent in synchronization cycle
You will need to add run profiles for Import and Synchronization on yours newly created MA. Then you will need to provide data file into the MA data directory (C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\MAData\PartnerCompany_CSV) and run MA whenever it is required. Basically each time after you will provide new data file.
Summary
You can extend GALSync by adding additional sources of addresses. Just need to remember what attributes you have to provide and what class to use to have it in easy way.
If your organization uses cloud based solutions and synchronizing with Azure AD using DIRSync you may be interested as well in following article by Paul Williams - GALSync and DirSync in harmony
The article has originally been published by the author on IDArchitect.NET blog.