Legacy Directory Synchronization Tool
Applies to: Forefront Online Protection for Exchange
Topic Last Modified: 2012-05-02
The Microsoft Exchange Hosted Services Directory Synchronization Tool (Legacy DST) is the older version of the 9.1 Directory Synchronization Tool (DST). It is an optional, light weight application, that communicates with your company’s on-site Active Directory Domain Services and Microsoft Exchange Server messaging environment to build a user email address list for your Forefront Online Protection for Exchange (FOPE) or 8.1 Exchange Hosted Archive (EHA) services. The Legacy DST allows you to manage your user accounts by using your on-site Active Directory Domain Services environment. In order to use the Legacy DST, you will need to have the role of Administrator or Account Manager (at the Company level) in the system.
The Legacy DST collects all valid email addresses from the corporate Active Directory Domain Services and shares these addresses with FOPE and EHA. It does so in two ways:
FOPE can be configured to allow you to use the addresses to apply a Directory-Based user list based on these email addresses. Users synchronized with the Legacy DST do not appear in the FOPE Administration Center. Email sent to recipients not on the Directory-Based list is rejected by FOPE with a 554 error. You can review the Dir Edge column of the Email Traffic Report (available from the Reports section of the FOPE Administration Center) to see how much junk email has been rejected due to Directory-Based Edge Blocking.
EHA can use the Legacy DST to synchronize the users with the Archive MWA for user management.
The Legacy DST also provides a user interface in which you can specify the domains for which email addresses will be synchronized, and how often synchronization should take place. The synchronization system does the following:
Reads the configuration file (XML file) at the interval specified.
Retrieves all SMTP addresses from Active Directory for the specified domains.
Sends the list to the Hosted Services network via SSL.
The address list won’t be transferred until the administrator’s login and password have been authenticated. A web service running on the hosted network accepts the list and feeds the data to the Directory Services infrastructure, which distributes the list to the FOPE data center network every 15 minutes.
Another notable function of the Legacy DST is its ability to collect and share safe senders, as defined by end users. This feature helps to further reduce the possibility of false positives (legitimate email misidentified as spam) and ensure negligible impact to legitimate email communication. This feature requires Exchange Server 2007, which stores safe-sender information in Active Directory, and Microsoft Outlook 2003 or higher. Also, Safelist Aggregation must be enabled on your Exchange Server 2007 in order for this feature to operate. For more information see Understanding Safelist Aggregation.
For more information on the Legacy DST see The Microsoft Hosted Services Directory Synchronization Tool 8.1.