WIXLIB

GALSYNC V7.6Global Address List (GAL) into mailboxesby using GALsync policiesNETsec06. April 2021NETsec GmbH & Co.KG Schillingsstrasse 117 DE - 52355 Düren

Introduction . 5GALsync . 5contactSync . 5Global Address List (GAL) into mailboxes by using GALsync policies . 5Quickstart: Global Address List (GAL) into mailboxes . 61 Prerequisites . 72 Install the software in the source forest . 93 Create and run an export policy . 144 Create and run an import policy . 24Deployment Guide . 35Introduction . 35Exchange 2010-2019 - Mailbox Contacts . 36GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesExchange Online - Mailbox Contacts . 372Technical Guide . 38System Requirements . 38Prerequisites. 39Service Account . 39Mailbox . 40Modern Authentication OAuth2 for Exchange Web Services (EWS) toaccess Exchange Online . 41Permission to access the mailboxes (Mailbox contacts) . 62Execution Policy (Exchange online) . 64Some notes to the remote PowerShell management for Office 365tenants. 65Running GALsync Policies via command line . 65Transport options to transfer data . 66Manual . 66Via email . 67Via network share . 68Via FTP . 69Filter mailboxes . 70NoMailboxSync (internal mark) . 70

Choose mailboxes (On-premises). 71Choose mailboxes (Exchange Online) . 73Search mailboxes (On-premises) . 74Search mailboxes (Exchange Online) . 76Mailbox Contact Folder . 77Choose (Mailbox contacts) . 78Filter and Modify objects for import into mailboxes . 81Properties (Mailbox contacts) . 81Special options for import into mailboxes . 87Import Settings: General (Mailbox contacts) . 87Create sub-folders for each sending domain . 87Synchronize Picture . 88Modify or delete existing contacts with source domain . 88Import Settings: E-Mail Addresses (Mailbox contacts) . 89Modify target address with domain . 90Modify primary SMTP address with domain . 91Modify mail address with domain . 91Retain targetAddress of users and contacts . 92Import Settings: Object Filter (Mailbox contacts) . 93Object Filter: Exclude all objects of the data file from import, whichhas one of the following conditions . 93Encryption . 95Symmetric Keys . 96Asymmetric Keys (Public Key) . 96Status notification . 97Schedule Service . 98How to . 99How to configure Exchange Impersonation? . 99Exchange Impersonation in Exchange 2010, 2013, 2016, 2019 andExchange Online (Mailbox contacts) . 99How to grant full access to the user mailboxes? . 105GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesMark synchronized contacts as private. 883

Exchange 2010. 105Exchange 2013, 2016, 2019 and Exchange Online . 105How to bulk assign full access permissions to multiple user mailboxes. 106How to disable EWS Throttling for the contactSync account? . 108Exchange 2010. 108Exchange 2013, Exchange 2016 and Exchange 2019. 108How to grant full access to the user mailboxes? . 109Exchange 2010. 109Exchange 2013, 2016, 2019 and Exchange Online . 109How to bulk assign full access permissions to multiple user mailboxes. 110GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesHow to check the PowerShell version on the GALsync server? . 1124Troubleshooting and Support Guide . 11319031 (15770) - Not all mails arrived . . 113Issue with Exchange Online connection . 113The Autodiscover service returned an error . 113Could not load file or assembly 'netstandard, Version 2.0.0.0,Culture neutral, PublicKeyToken cc7b13ffcd2ddd51' or one of itsdependencies. The system cannot find the file specified. . 11412010 - Error getting Exchange Online connection 62003 – Current usercannot decrypt the token. . 115Support: What to do when I notice an error / bug? . 116

IntroductionGALsyncGALsync synchronizes the Global Address List (GAL) between differentExchange environments, which can be on-premises Exchangeenvironments or Exchange Online of Office 365 tenants. Please have alook in the GALSYNC MANUAL for further ync/documentation.htmlcontactSync synchronizes the Global Address List (GAL) into users’mailboxes, which are in the same environment. Mail-enabled objects of anon-premise Active Directory can be synchronized into on-premisesExchange mailboxes of the same forest and mail-enabled objects of anOffice 365 tenant can be synchronized into Exchange Online mailboxes ofthe same Office 365 tenant. Please have a look in the CONTACTSYNC MANUALfor further actsync/documentation.htmlGlobal Address List (GAL) into mailboxes by using GALsync policiesA cross-forest synchronization from mail-enabled objects of an onpremises Active Directory into Exchange Online mailboxes of an Office 365or mail-enabled objects of an Office 365 tenant into on-premisesExchange mailboxes is only possible with two GALsync policies. One of theGALsync policies exports the mail-enabled objects from an on-premisesActive Directory or from an Office 365 tenant and the second GALsyncpolicy imports the exported objects as contacts into on-premisesExchange mailboxes or Exchange Online mailboxes.This document describes how to synchronize the Global Address List (GAL)into user’s mailboxes of another Exchange environment.MICROSOFT STOPPED SUPPORTING E XCHANGE 2010 ON THE 13TH OCTOBER 2020AND E XCHANGE 2007 ON THE 11 TH A PRIL 2017.AS MUCH AS WE WOULD LIKE TO KEEP UP COMPATIBILITY FOR ALL VERSIONS , WE CANNOT SUPPORTAN E NVIRONMENT , WHICH IS NO LONGER SUPPORTED BY THE MANUFACTURER .GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiescontactSync5

Quickstart: Global Address List (GAL) into mailboxesHere you test the basic steps for a successful first unidirectionalsynchronization.GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesIn this example you synchronize the mail-enabled objects of the onpremises Active Directory forest into contacts folder of user mailboxes,which are on the on-premises Exchange server in the same forest.6

1 Prerequisites Your environment must be based on Exchange 2010* SP1,Exchange 2013 and later or Exchange Online (Microsoft Office 365).MICROSOFT STOPPED SUPPORTING EXCHANGE 2010 ON THE 13TH OCTOBER 2020AND EXCHANGE 2007 ON THE 11TH APRIL 2017.AS MUCH AS WE WOULD LIKE TO KEEP UP COMPATIBILITY FOR ALL VERSIONS , WE CANNOTSUPPORT AN E NVIRONMENT, WHICH IS NO LONGER SUPPORTED BY THE MANUFACTURER . The computer you want to install GALsync on Must be a member of the domain if your side is On-Premises. Itshould have a good bandwidth to the next DC/GC and an ExchangeServer with CAS role. Can also be a standalone machine if your side is Office 365Exchange Online. Should have a dual-core processor and 2GB RAM. Can be a client OS, e.g. Windows 10 Professional (64-Bit), fortesting or a server OS, e.g. Windows 2012 (64-Bit).GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesOr you synchronize the mail-enabled objects of the Office 365 tenant intocontacts folder of user mailboxes, which are on the Exchange Online in thesame Office 365 tenant.7

Must be configured with .NET Framework 4.7.1. Must be configured with PowerShell 3.0 and later.Create a service account with an Exchange mailbox. On-Premises: Provide the user of the mailbox with administrativepermissions on the machine you want to install GALsync on. Exchange Online: The user of the mailbox must be member of theEXCHANGE ADMINISTRATOR role or GLOBAL ADMINISTRATOR role. GALsync must have direct access to the user mailbox via ExchangeWeb Services.NOTE: DIRECT ACCESS TO KIOSK USER MAILBOXES VIA EXCHANGE WEB SERVICES IS NOTPERMITTED . S EE 62635.aspxAND 6eb38d2d7d2GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policies 8Ensure that the mailbox is accessible (e.g. by Outlook Web Access),that the mailbox can send to and receive mails from the otherorganization and that incoming mails from the other organization donot get caught by your spam filter or firewall.NOTE: NEW CREATED EXCHANGE ONLINE ACCOUNTS NEED TO LOG ON AT LEAST ONE TIME TORESET THEIR TEMPORARY PASSWORD . OTHERWISE REMOTE P OWERS HELL WILL NOT WORK . If your side is On-Premises, make sure that you can logon with theconfigured service account. It is also required that the setup ofGALsync can grant this account with local security permissions to LOGON AS SERVICE. You may also add the service account to the local groupREMOTE DESKTOP USERS.For testing purposes create some mailboxes and a group. Add themailboxes as member to the group.The service account needs EXCHANGE IMPERSONATION or the FULL ACCESSPERMISSIONS for the mailboxes where you want to import into themailbox contacts.Please have a look at the chapters: How to configure Exchange Impersonation? How to grant full access to the user mailboxes?NOTE: IN A HYBRID EXCHANGE ENVIRONMENT YOU NEED TWO IMPORT POLICIES .ONE IMPORT POLICY , WHICH IMPORTS INTO THE MAILBOXES , WHICH ARE LOCATED ON ANON - PREMISES E XCHANGE SERVER .THE OTHER IMPORT POLICY, WHICH IMPORTS INTO THE MAILBOXES , WHICH ARE LOCATEDON E XCHANGE O NLINE OF THE O FFICE 365 TENANT .

2 Install the software in the source forestLogin with the user you created before. Run setup.GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policies 9

GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policies 10Run GALsync the first time and configure the GALsync Service with aService Account (SA) by taking the same account as you are logged in(On-Premises).IMPORTANT: IF YOU CONFIGURE THE LOGON INFORMATION FOR THE DOMAIN SERVICE ACCOUNTIN THE GALSYNC GUI USING E XCHANGE ON-PREMISES , IT WILL BE NECESSARY USE THE FORMATDOMAIN \USERNAME .If the setup detects that GALsync was installed on a standalonemachine, we recommend to create a local account on the standaloneserver and use this local account for the GALsync Service and theGALsync GUI.This is necessary to use Modern Authentication for Office 365 ExchangeOnline. The GALsync Service Account of the Office 365 Exchange Onlinetenant is independent of this local account.For example: “galsync” is a local account of the “standalone” server.Please run also the GALsync GUI in the credentials of this local account.

IMPORTANT: IF YOU CONFIGURE THE LOGON INFORMATION FOR THE LOCAL SERVICE ACCOUNT INTHE GALSYNC GUI, IT WILL BE NECESSARY USE THE FORMAT COMPUTERNAME \ USERNAME .This is not recommended anymore, because configure ModernAuthentication for Office 365 Exchange Online does not work with aGALsync Service running in the credentials of LOCALSYSTEM.Running GALsync you can check the service account configuration andyour log-in account on the bottom left corner of the GUI.AD Member ServerStandalone ServerGALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesIf the setup detects that GALsync was installed on a standalonemachine, the account for the GALsync Service can be LOCALSYSTEM.11

GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policies 12In menu HELP select ABOUT and add your license.

On-Premises only: In menu OPTIONS select EXCHANGE. Leave the other option unclicked.Confirm the first configuration by pressing the SAVE button.GALsync 7.6 - Global Address List (GAL) into mailboxes by using GALsync policiesConfigure the access to your Exchange Server. Click MANUAL SETTING andthe SEARCH icon. Now GALsync tries to use AUTODISCOVER and displaysthe EXCHANGE WEB SERVICES URL it discovers. If you get an errormessage please insert the correct EXCHANGE WEB SERVICES URL for yourenvironment.13