Synchronizing users/groups to provide per-user/per-group exceptions to email policies
Steps
Plan the cloud data structure: users and groups (Groups), policies (Defining Email Policies) and exceptions.
Review the existing LDAP/Active Directory data structure and decide whether restructuring of LDAP is necessary to match the proposed cloud data structure more closely.
Download the client and install it on the target client machine.
Configure the Directory Synchronization Client to search the LDAP directory and extract groups and extract email addresses to a local file. (See the Directory Synchronization Client Administrator’s Guide for instructions). Review the
results and modify the search as necessary to ensure it returns expected results.
In the cloud manager, set up a contact with Directory Synchronization permissions. (See Set up authentication (Directory Synchronization only)). This will be the
username/logon used for the Directory Synchronization Client to log onto the cloud manager.
Decide whether email will be sent after new users are synchronized from LDAP.
Now you are ready! In the cloud manager, enable Directory Synchronization. (See Configure identity management).
In the Directory Synchronization Client, set up portal settings in the configuration established above, changing the output type to portal (not file) and using the contact with
Directory Synchronization permissions created above. (See the Directory
Synchronization Client Administrator’s Guide).
During a slow period, select Replace on the client. Data is synchronized to the cloud manager. Note the number of additions. This is visible in the
Synchronization page and also from the notification email messages.
Log onto the cloud manager. Using Account > End Users, check that users’ policies and groups are as expected. Check the groups list to ensure as expected. (See View and manage user data).
On the Directory Synchronization page, view Recent Synchronizations and compare the totals of additions against those noted in the Directory Synchronization Client. They should
match. (See View recent synchronizations).
If you are planning to set up per-user/per-group configurations for Antispam, Antivirus or Content Filter in email policies then do it now. Use the per-user link on each of
these tabs to configure custom rules for each user or group. (You can enter user or group names into the per-user dialogs.) Refer to Configuring Email Settings, for more
information on per-user configuration options.
The system is now live. If you are unhappy with the user/groups data you have synchronized then you can use Restore to undo the synchronization data, and try again. (See
Restore directories).
If everything appears to be working, set up a schedule time in the Directory Synchronization Client for the background task to run. Close the client tool.