Configuring Exchange 5.5 login account permissions

Created: 2012-04-20 08:09:59
Modified: 2020-07-27 09:18:18
Tags: UnitySync

Your Exchange 5.5 server will be used as an LDAP source for directory synchronization. For this to work properly you must first setup LDAP on the Exchange 5.5. server and create a domain user account. SP3 is required for proper LDAP support.

  1. Setting up a SimpleSync Account

    #Run User Manager for Domains on the NT Domain that your Exchange server resides. #Start/Programs/Administrative Tools (Common)/User Manager for Domains. #Create a new userUser/New User (suggest User cannot change p/w, and p/w never expires). #Press the Groups button and make sure the user is a member of Domain Users. SimpleSync can authenticate as any NT domain user belonging to Administrators or Domain Users. #Exit the User Administration program. #Trust Relationships are not required.

:LOGON ID Syntax:\ Exchange 5.5 uses an NT domain authentication format.\ The syntax is dc=NT Domain, cn=username.

:i.e. User UnitySync in Microsoft NT domain CPS-WIN2K would be:\ dc=CPS-WIN2K,cn=UnitySync.

II. Set permissions on the SimpleSync account

There are two options here: set permissions at the site level in an open environment or set permissions on a container in a more secure environment.

To set permissions at the site level:

#Start the Exchange Administrator and select the site UnitySync will connect to. Press ALT-ENTER to modify its properties.
#Press the ADD button to add the UnitySync Domain account you have created.
#Select Permissions Admin for the Role.
#Press OK to save the changes.

In a more secure environment, you may want to restrict the UnitySync account and only allow it to write to one container in the GAL.

To set permissions at the container level:

#Create a container on your destination Exchange 5.5 directory. This will be the container you want UnitySync to write to.
#Once created, select this new container and press ALT-ENTER to modify its properties.
#Press the ADD button to add the UnitySync Domain account you have created.
#Select Permissions Admin for the Role.
#Press OK to save the changes.

:NOTE: When you want to sync objects into a specific container, you must specify a Placement DN on the Destination tab of your UnitySync connection. \\
i.e. cn=My New Container,ou=MySite,o=MyOrg.\\
See Security and Implementation Approaches to learn more about Distributed Processing

III. Configure LDAP at the Exchange Site level

#Select Site,Configuration,Protocols, LDAP (Directory) Site Defaults.
#Press ALT-Enter to modify it's properties.
#Ensure the Use site defaults for all properties is checked and that the Port number matches the site.
#Ensure the Enable Protocol box is checked and make note of the LDAP Port Number.
#Select the Authentication tab. Insure that the Basic (Clear Text) box is checked. Other boxes can be checked as well.
Select the Search tab and insure that the Maximum Number of search results returned is 0 (unlimited).
#Select the Anonymous tab - you can turn on or off.
#Press OK to save.

IV. Configure LDAP at the Exchange Server Level

#Select Organization, Site, Configuration, Servers, MyServer, Protocols, LDAP (Directory) Settings.
#Press ALT-Enter to view it's properties.
#Make sure "Use site defaults for all properties" is checked.
#Make sure the "Port Number" matches the port number from the LDAP Site Configuration. Press OK, to update this information.
Share this article:
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync