Export (0) Print
Expand All

Add Users

 

Applies to: Forefront Online Protection for Exchange

Topic Last Modified: 2012-05-01

NoteNote:
To view a video that shows you the different ways you can add users in FOPE, see Adding Users in Forefront Online Protection for Exchange (English only).

In Forefront Online Protection for Exchange (FOPE), the User List source is configured in the User List Settings section of the Service Settings pane on the domain sub-tab of the Administration tab of the FOPE Administration Center.

  • Administration Center: Users can be added individually, or in batches with an uploaded comma-separated values (CSV) file that contains a list of multiple user names and their related service information, in the FOPE Administration Center. After you add users, you can then edit their user account information and assign roles and permissions.

    For these user accounts, specific service settings can be controlled within the FOPE Administration Center. If you need to configure an account to bypass spam filtering or exempt them from Policy Rules, which can be controlled on the User properties page. Once the accounts are present in the FOPE Administration Center, they are automatically available for accessing the Quarantine and Exchange Hosted Archive mailboxes (after version 8.1) for the users based on domain restrictions. The SMTP addresses for the User can also be used for Directory-Based Edge Blocking (DBEB).

  • Secure FTP (SFTP): You can create a user email address list and upload it to a SFTP directory for your domain. The FOPE service first verifies that the user list meets the correct format requirements, and then adds the users to your services. Users who are synchronized through SFTP will not show up in the FOPE Administration Center, but can be used for DBEB. In order to remove user accounts from DBEB that have been uploaded through SFTP, an empty SFTP list should be uploaded for the domain. For more information, see Using Secure FTP to Add User Accounts in FOPE.

  • Directory Synchronization Tool (DST) (recommended): The DST is an on-site application that communicates with your company’s on-site Active Directory Domain Services and Microsoft Exchange Server messaging environment to build a user email address list for your FOPE and Exchange Hosted Archive (EHA) services after version 8.1. With this tool, you can manage your user accounts by using your on-site Active Directory Domain Services environment. User accounts that are synchronized with the DST will be automatically added in the FOPE Administration Center. For these user accounts, specific service settings can be controlled, quarantine accounts are pre-populated, and DBEB applies, as does the EHA service version 8.1. For more information, see Directory Synchronization Tool

  • Legacy DST: As with the DST, the Legacy DST is an on-site application that communicates with your company’s on-site Active Directory Domain Services and Microsoft Exchange Server messaging environment to build a user email address list for your FOPE or EHA version 8.1 services. With this tool, you can manage your user accounts by using your on-site Active Directory Domain Services environment.

    User accounts that are synchronized with the Legacy DST will not show up in the FOPE Administration Center, but can be used with DBEB and for the EHA service version 8.1. For more information, see Legacy Directory Synchronization Tool

ImportantImportant:
In order for messages (both sent and received) to be associated with a user, the user must be set up as an archive enabled user in the FOPE Administration Center. Primary and secondary SMTP addresses must be configured. All messages sent to or received by unregistered SMTP address are handled as follows:
  • These messages are not available in the user’s My Messages folders (this specifically applies to messages archived before the user is registered).

  • Because these messages are not associated with a user, they will not be selected for supervisory review.

  • Search may be affected, depending upon the search criteria used. Searches performed based on date or keyword criteria will include these messages.  Searches based on the user account(s) will not include these messages. Searches based on the SMTP address will only include these messages if the unregistered SMTP address matches the search criteria.

For example:  If Mary Smith, who has an FOPE Administration Center account with the primary SMTP address of marysmith@contoso.com and an unregistered SMTP address of mary.smith@contoso.com, searches with the text marysmith will return messages to or from marysmith@contoso.com, but not mary.smith@contoso.com. Similarly, messages sent to any other unregistered addresses or alias may not be included in the search results.

If messages are ingested into the archive prior to the creation of the user’s SMTP addresses, the messages must be linked to the user account.  If you use the 8.1 version of EHA, do the following:

Link messages to user account (for 8.1 version of Exchange Hosted Archive)
  1. Log in to archive.messaging.com.

  2. Click Administration.

  3. Click Combine Accounts.

  4. Complete the following:

     

    Surviving log on name:

    (enter primary address)

    Retired log on name:

    Enter address that should be combined with the primary address)

    From:

    (leave blank)

    To:

    (leave blank)

  5. Click Link Orphaned Messages.

  6. Click Save.

  7. Click Yes when you see the message confirming the change.

If you have the 9.1 version of Exchange Hosted Archive, archive messages will not be captured for users who do not have an SMTP address configured in the FOPE Administration Center.

Specify the User List source for a domain
  1. On the Administration tab of the FOPE Administration Center, click the Domains tab.

  2. In the Domains pane, click the domain that you want to modify. You can search for a specific domain name by using the search box.

  3. In the Service Settings section of the center pane, under User List Settings, click Edit.

  4. In the Select the user list source drop down, click one of the following options:

    • Admin Center: Configures the FOPE Administration Center as the authoritative source for the User Accounts with Primary SMTP addresses in that domain. These addresses will be visible in the FOPE Administration Center.

    • Secure FTP: Configures Secure FTP as the authoritative source for the User Accounts with SMTP addresses in that domain. These addresses will not be visible in the FOPE Administration Center.

    • Directory Synchronization Tool: Configures the Directory Synchronization Tool as the authoritative source for the User Accounts with Primary SMTP addresses in that domain. These addresses will be visible in the FOPE Administration Center.

    • Legacy Directory Synchronization Tool: Configures the Legacy Directory Synchronization Tool as the authoritative source for the User Accounts with Primary SMTP addresses in that domain. These addresses will not be visible in the FOPE Administration Center.

    • Exchange Online: Configures Exchange Online as the authoritative source for the User Accounts with Primary SMTP addresses in that domain. These addresses will not be visible in the FOPE Administration Center.

  5. Specify the Directory-Based Edge Blocking (DBEB) mode if desired. For more information on DBEB, see Configuring Directory-Based Edge Blocking.

  6. Specify the email address that you want to receive any error notifications which may occur during the User List upload in the *Error notification address text box. This option will show if the domain is enabled for DBEB unless the User List source is Directory Synchronization Tool.

  7. Click Save.

    NoteNote:
    If you select Secure FTP as the user list source for user accounts, but need to switch to the Admin Center or Directory Synchronization Tool as the list source at a later time, you will need to delete the existing list of user accounts from the Secure FTP database. To do so, give a blank file the same name as the one used for your existing list of user accounts in the Secure FTP. Then, upload this blank file using the Secure FTP. That will strip the Secure FTP of the existing user accounts and allow you to switch the user list source to either Admin Center or Directory Synchronization Tool.
 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft