Diese Seite auf Deutsch anzeigen?

Directory Service configurations can synchronize users, groups, and domains from a directory service. An organization typically configures and manages its users in a cloud environment like Microsoft 365, Google Workspace, or on an on-prem Exchange server. With a Directory Service configuration, a MailStore Admin can synchronize them so that the users can log into their archive with the same credentials they use for their normal login.

By using a schedule on a regular basis, changes made in the origin system will always synchronize into MailStore Cloud.

Archiving Profiles and Folder Synchronization Configurations can reference a Directory Service so that they are executed for every user synced from set service. While creating a directory service configuration for Microsoft 365 or Google Workspace, the MailStore Admin can automatically create Archiving and Folder Synchronization configurations.

Directory Services

The Directory Service page has various features that can be used to create and manage your directory services. The list view displays directory services by name in either ascending or descending order. It also displays the type, and whether it deletes users or groups.

  • Search – Search is an implicit search over Name and ID:
    • Name is a case insensitive “includes” search.
    • ID is a case insensitive “equals” search.
  • Create directory service – Creates a new directory service from the beginning.
  • Refresh – The refresh icon can be utilized if needed to refresh the page.
  • Actions – Allows you to manage your directory services.
    • Delete – Only possible if not in use by a schedule, archiving, or folder synchronization configuration.
      Note: Deleting a directory service will delete all users synced from that service.
    • Edit – To edit the selected directory service.
      Note: This type of a profile CANNOT be changed after creation.
    • Create Schedule – Define a schedule for synchronization with this directory service. Learn how to create a Schedule here.

Common Properties for all Profiles in the Create Directory Service Pop-Up

Note: Properties with a trailing asterisk are mandatory.

  • Name
    • The user should select a unique name that is relevant to the profile.
    • The name can be edited later.
  • Delete Users
    • When selected, users deleted in the origin system will also be deleted in MailStore Cloud.
  • Delete Groups
    • When selected, groups deleted in the origin system will also be deleted in MailStore Cloud.
  •  Type
    • The type of directory service.
    • Changing the type will also change further configuration options and discard all data entered in those fields (see specific properties below).
    • The type cannot be changed later.
  • Synchronize Groups
    • Select groups to synchronize
    • Note: Selection only possible once you provided valid values for all mandatory fields.
    • Default value (All Groups).
    • On selection a comma-separated list of groups to synchronize is displayed. If set, other groups will be ignored.
    • As the “Select Directory Service Groups” dialog directly communicates with your directory service provider, you may receive an error message on invalid configurations. You can use the “Test Connection” feature button on the previous page to check if your configuration is valid.

Test Connection

When all mandatory properties are filled (this includes also the type specific properties, see next section) you can click on the ‘Test Connection’ button to test the given configuration. A new dialog will open and show the result of the connection test.

As the connection test directly communicates with your directory service provider, you may receive technical error messages in case of a misconfiguration. MailStore Cloud cannot provide localized error messages for all directory service providers as they are highly individual. Typical error messages could be for example a misspelling of tenant information, a wrong server or invalid credentials.

Properties Dependent on the Type of Directory Service

Microsoft Entra ID

See also First Setup: Customer with Microsoft 365

  • Application (client) ID – The Application (client) ID copied from Microsoft Entra ID portal.
  • Directory (tenant) ID – The Directory (tenant) ID, copied from Microsoft Entra ID portal.
  • Credentials – The certificate used to authenticate MailStore Cloud against Microsoft Entra ID.
    • Can create self-signed certificate or import an existing certificate. See Secrets for more information.
    • The public key can be downloaded after the secret was saved.
    • The public key must be uploaded to the Microsoft Entra ID portal.
  • OpenID Redirect URI – This value cannot be edited and must be copied into the app registration in Microsoft Entra ID.
    • There is a copy button to copy the value onto the clipboard.
  • Enabled Users Only – Will sync users only enabled in the origin system and will skip disabled users.
  • Licensed Exchange Online Only – Will sync users only with an Exchange Online mailbox and will skip users without mailbox.

Google Workspace

See also First Setup: Customer with Google Workspace

  • Username – The username of the service account registered in the Google Workspace app registration.
  • Credentials – The credentials to be used to authenticate MailStore Cloud against Google Workspace. See Secrets for more information.
    • Can be downloaded from Google Workspace.
  • OpenID Credentials – The client ID and client secret for OAuth authentication. See Secrets for more information.
    • Also configured in and copied from Google Workspace.
  • OpenID Redirect URI – This value cannot be edited and must be copied into the app registration in Google Workspace.
    There is a copy button to copy the value onto the clipboard.

Active Directory

See also First Setup: Customer with on-prem Exchange

  • Server Name – The Active Directory server to connect to.
  • Domain – Users synced from Active Directory will be added to this domain inside MailStore Cloud.
  • Protocol – The protocol to be used.
    •  LDAP-TLS or LDAP-SSL (depends on the server configuration).
  • Ignore SSL Policy Errors – MailStore Cloud will ignore SSL certificate warnings from the server.
  • Credentials – The credentials used to authenticate MailStore Cloud against the Active Directory server. See Secrets for more information.
  • Base DN – The starting point to search for users/groups inside the Active Directory, e.g. “DC=exchange2019,DC=com”.
  • Timeout – The seconds after which a request to the Active Directory will be aborted.
    • This will depend on the Active Directory Configuration.
  • Use Only Local Part For Username – If true, parts from the username behind an unquoted @ will be omitted.
    • A local part may contain “@” characters if quoted, therefor ‘”loc@lpart”@somedomain.com’ is a valid email address.
  • Enable MFA by default – Multi-factor authentication (MFA) will be activated for users when they are created during a directory sync.
    • Already synchronized users will not be changed when enabling or disabling this option.

Generic LDAP

  • Server Name – The server to connect to.
  • Domain – Users synced from the server will be added to this domain inside MailStore Cloud.
  • Protocol – The protocol to be used.
    •  LDAP-TLS or LDAP-SSL (depends on the server configuration).
  • Ignore SSL Policy Errors – MailStore Cloud will ignore SSL certificate warnings from the server.
  • Credentials – Credentials to use to authenticate MailStore Cloud against the server. See Secrets for more information.
  • Base DN – Starting point to search for users/groups.
  • Timeout – The seconds after which a request to the LDAP server will be aborted.
    • This will depend on the LDAP server configuration.
  • Filter – A filter to identify users in the objects returned by the server, e.g. (objectClass=User).
  • Username (Attribute) – The attribute used to identify usernames.
  • Use Only Local Part For Username – If true, parts from the username behind an unquoted @ will be omitted.
    • Local part may contain “@” characters if quoted, therefor ‘”loc@lpart”@somedomain.com’ is a valid email address.
  • Full Name (Attribute) – The attribute used to identify the user’s full name.
  • Email Addresses (Attribute) – The attribute used to identify the user’s email addresses.
  • Groups Filter – A filter to identify groups in the objects returned by the server, e.g. (objectClass=Group).
  • Group Name (Attribute) – The attribute used to identify the group names.
  • Group Description (Attribute) – The attribute used to identify the group descriptions.
  • Group Members (Attribute) – The attribute used to identify the group members.
  • Group Members Search Filter – A filter to identify group members in the objects returned by the server.
  • Enable MFA by default – Multi-factor authentcation (MFA) will be activated for users when they are created during a directory sync.
    • Already synchronized users will not be changed when enabling or disabling this option.

Automatically Creating Archiving and Folder Synchronization Configurations

This option is only available for Microsoft Entra ID and Google Workspace. When this checkbox is used, MailStore Cloud will use the settings and credentials used for the directory service configuration to also create an archiving configuration and a folder synchronization configuration for the respective mail server.

Notes:

  • This option is only available when creating a directory service configuration and not when editing one.
  • Changing the settings of the directory service configuration will not change the settings of archiving or folder synchronization configuration.
  • You still have to create schedules for all the configurations.