DirectoryLink is a tool used for getting a list of Active Directory users from your on-premise Active Directory and synchronizing it to Smarsh Hosted Services Active Directory. It allows you to update user properties with the information gathered from your Active Directory.
- synchronization is one-way only and all user properties will be overwritten by the values from your in-house Active Directory.
- DirectoryLink overwrites the UPN and Primary email address of the mailbox if your on-premise user UPN is in the email address format and its domain is registered under the Domain Names section of CONTROL PANEL.
- Passwords synchronization occurs only during the password reset operation. As a result, any existing user passwords that were set prior to installation of the DirectoryLink service will not be synchronized. Please instruct your users to reset their passwords after DirectoryLink service installation. If some of your passwords are not being synchronized, please make sure that DirectoryLink service is deployed on all domain controllers in the forest with the same DirectoryLink user name and password on all domain controllers.
If this guide is not working for you, click here to review the full text of the article.
Download an installation package suitable for your domain controller operating system (x64 or x86) from CONTROL PANEL > DirectoryLink > Instructions. DirectoryLink version 2.0 and later will perform automatic updates after it is installed on domain controllers in your organization. Read the Knowledge Base article on Updating DirectoryLink for more information about automatic updates.
Follow the installation guide. DirectoryLink must be installed on all domain controllers in the Active Directory forest. Mailboxes/users in the CONTROL PANEL should be linked with users from your in-house Active Directory in order to get synchronized. You can use Autolink feature available in CONTROL PANEL > Users & Services > DirectoryLink > Unlinked section.
- Windows Server 2003 Service Pack 2, Windows 2008 R2 Server Core or later.
- NET Framework 3.5 with SP1.
- Outbound network connection must be opened on port 443 (SSL). If you receive the error message “Cannot access remote DirectoryLink service” during installation, please verify that you can access https://cp.serverdata.net.
Does your domain controller meets the requirements?
Make necessary changes.
Username and password for installation can be found in CONTROL PANEL under Users & Services > DirectoryLink > Instructions. Please have your DirectoryLink username and password ready before installing this product.
We strongly recommend that you limit the scope of synchronization by providing the distinguished name (DN) of the parent organizational unit (OU) that contains all objects enabled for synchronization. The synchronization scope must be an OU within your Active Directory domain.
- Log in to a domain controller using an account with Domain Administrator and local Administrator privileges.
- Verify installation requirements and install necessary prerequisites.
- Setup must be executed using administrative credentials. Right-click setup.exe and click Run as Administrator.
- Proceed with the installation until the DirectoryLink Service Configuration screen appears.
- Enter the User Name and Password that were obtained from the DirectoryLink > Instructions page.
- Click the Browse button to select the synchronization scope.
- Click OK to complete DirectoryLink service configuration.
- Server reboot is required for the service to work. Please reboot the server.
- Once the server is rebooted, the DirectoryLink service will start synchronizing Active Directory objects. Please note that it may take up to 30 minutes to synchronize, depending on the size of your Active Directory.
- In order to synchronize passwords of your Active Directory users, it is also required to reset them afterwards as the DirectoryLink service catches new passwords only during the password update operation. Active Directory passwords should meet default password requirements.
Was the installation successful?
Did you receive any errors?
If Installation of DirectoryLink fails:
- Double-check that your environment meets our requirements:
- Windows Server 2003 Service Pack 2 or later, Windows 2008 Server Core;
- .NET Framework 3.5 with SP1;
- Outbound network connection is opened on port 443 (SSL).
- Make sure that you have Administrative permissions. Run the installation again by right-clicking the file and choosing "Run as Administrator".
- Reinstall DirectoryLink. To do this, navigate to Start > Control Panel > Add/Remove programs, reboot the DC and run installation again.
If you receive the following errors during the installation process:
- Red X with no error message appears when running the installation file. The problem may occur on Terminal services or any other workstation where running Setup executables is restricted. You can try .msi installer.
- Cannot access remote DirectoryLink service error. Verify that you can access https://cp.serverdata.net URL from the local machine. Outbound connections on port 443 must be opened to this URL. You may also run telnet cp.serverdata.net 443 or tracert cp.serverdata.net
- Security errors. Check the local time on the DC and ensure that it is synchronized with a valid time source and that it is not out of sync. Read the Microsoft article on How to configure an authoritative time server in Windows Server. The errors are like the following two:
- Password is incorrect.
- System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
- Proxy Authentication Required. The error appears after choosing OU for sync and there is no Proxy in your network.
- Check LAN settings on DC, navigate to Internet Explorer Tools > Internet Options > Connections > LAN settings. There should be no proxy.
- Run "proxycfg.exe /?". This will list current proxy settings.
- Check registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings and HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings.
If ProxyEnable is set to 0x00000000 (0), then it is disabled.
- Export HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings registry settings from a DC where there is no error and import it to a problematic DC.
Did it help?
After installation, the software works as a system service and synchronizes all OU changes.
- If a user's UPN is not in the email address format, it will not be synchronized.
- The domain of the UPN must be added to the Users & Services > Domain Names section.
Link existing mailboxes with one of your users OR use Autocreate feature. The interface can autolink mailboxes and users by UPN and Display Name. Linked mailboxes show the text (linked) in the display name column at Users & Services > Exchange Mailboxes. For mailboxes that are already linked, the information on the General tab in the mailbox properties becomes read-only (you can view it if you click the mailbox's Display Name). You will not be able to modify any user information; all changes should be done in the local Active Directory.
Provide Support with the following information for troubleshooting:
- Results of any tests/checks.
- Look for any errors/warnings that appeared in the Application log during installation. Navigate to Start > right-click My Computer > Manage > System Tools > Event Viewer > Application to view logs.
- Click this link from the domain controller and submit the results:
- The time (and time zone) and date when the last attempt to make changes happened.
- The user, the property and the value you wanted to synchronize at the specified time.
- Also you may include msinfo32 information. On each domain controller, go to Start > Run and type "msinfo32". In the System Information window, click File > Save and save it as an .NFO file.