Directory Synchronization Tool

Applies to: Live@edu, Forefront Online Protection for Exchange

Topic Last Modified: 2012-09-04

The Microsoft Directory Synchronization Tool (DST) is an optional, light weight application that communicates with your company’s on-site Active Directory and Microsoft Exchange Server messaging environment to build a user email address list for your Forefront Online Protection for Exchange (FOPE) or post-8.1 Exchange Hosted Archive (EHA) services. With this tool, you can manage your user accounts in your on-site Active Directory environment. In order to use the DST, you will need to have the role of Administrator or Account Manager (at the Company level) in the system.

The DST tool also collects all valid email addresses from the corporate Active Directory and shares these addresses with your FOPE and EHA services. User accounts synchronized with the DST appear in the FOPE Administration Center and can be managed in the same manner as a FOPE Administration Center upload.

In this tool, you, as the administrator, can specify the domains for which email addresses will be synchronized and how often synchronization should take place.

The synchronization service then does the following:

1. Reads the configuration file (XML file) at the interval specified
   
2. Retrieves all SMTP addresses from Active Directory for the specified domains
   
3. Sends the list to the Hosted Services network via SSL.
   

The address list won’t be transferred until the administrator’s login and password are authenticated. A web service running on the hosted network accepts the list and feeds the data to the Directory Services infrastructure, which distributes the list to the FOPE data center network every 15 minutes.

The tool also collects and shares safe senders, as defined by end users. This feature helps to further reduce the possibility of false positives (legitimate email misidentified as spam) and ensure minimum affect to legitimate email communication. This feature requires Microsoft Exchange Server 2007, or a later version, which stores safe-sender information in Active Directory Domain Services, and versions of Microsoft Office Outlook after Office Outlook 2003. Also, Safelist Aggregation must be enabled on your Exchange Server 2007 (or later) environment in order for this feature to operate. For more information on Safelist Aggregation, see Understanding Safelist Aggregation.

Note:
FOPE honors only fully-qualified safe sender addresses. It does not honor a domain or group added to a safe sender list. Additionally, when a user adds an email address to their safe sender list, only messages to that particular user are determined to be safe. Messages sent from that address to other users within the organization are not automatically determined to be safe.