Synchronizing User Accounts with Active Directory
In addition to adding users manually as described in chapter User Management, MailStore Server can synchronize its internal user database with the Active Directory of your company.
During synchronization user information such as user names and email addresses are read from the Active Directory and recorded in MailStore Server's user database. No changes are made to the Active Directory itself by MailStore Server. The scope of the synchronization can be limited through filters.
Please note: MailStore Server does support neither subdomains nor domain trusts. The MailStore Server service must run as 'Local System account' and the server must be a member of the domain if you want to use 'Integrated Windows authentication'.
Accessing Directoy Service Integration
- Log on to MailStore Client as a MailStore Server administrator.
- Click on Administrative Tools > Users and Privileges and then on Directory Services.
- In the Integration section, change the directory service type to Active Directory.
Connection to Active Directory
For synchronization MailStore Server requires information on how to connect to the Active Directory.
- Server (optional)
DNS name or IP address of an Active Directory domain controller. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically.
- Base-DN (optional)
Base DN of your Active Directory. Often the Base DN can be derived from the Active Directory domain name. For example, if the Active Directory domain name is company.local the Base DN usually is dc=company,dc=local. The Base DN can also be selected by clicking the button left of the text field if access to an Active Directory domain controller is available. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically.
Define how the MailStore Server service should identify itself to the Active Directory:
- Standard Authentication
If MailStore Server is not installed directly on an Active Directory domain controller, using standard authentication is required. In this case, fill out the User Name and Password fields; enter the user name in UPN notation, e.g. Administrator@company.local
- Windows Authentication
If MailStore Server is installed directly on an Active Directory domain controller, the MailStore Server service already has the necessary privileges to authenticate against Active Directory using Windows authentication.
- Standard Authentication
User Database Synchronization
After configuring the connection settings as described above, you can specify filter criteria for the Active Directory synchronization in this section.
- Synchronize Microsoft Exchange users only
Only user accounts with email addresses configured in Active Directory will be taken into account by the synchronization. Clear this checkbox only if all Active Directory users should be created as MailStore Server users as well.
- Synchronize enabled users only
Only user accounts enabled in Active Directory will be taken into account by the synchronization. Deactivating this option may be useful if certain Exchange mailboxes should be archived whose Active Directory user accounts are deactivated by default.
- Synchronize users visible in address lists only
Only Active Directory user accounts will be taken into account by the synchronization whose Exchange mailboxes are not hidden from Exchange address lists.
- Sync only these groups
Choose one or several Active Directory security groups if you only want their members to be created as MailStore Server users. That way it's possible to exclude certain Active Directory accounts from being synchronized to MailStore Server, e.g. system accounts.
MailStore Client Single Sign-On
For information on using the single sign-on functionality in Active Directory environments, please refer to the article MailStore Client Deployment.