跨林拓扑中部署 Exchange 2013 GAL同步之二配置篇
4、配置管理代理MA4.1 创建MA开始配置管理代理(后面简称MA),在操作界面中,定位到Management Agents选项卡,点击“Create”,开始创建ROBIN域中的MA在Management agent for中选择“Active Directory global address list(GAL)”,并输入MA名称,点击“Next”
输入Forest Name,User Name,Password,以及Domain,这里需要注意的是,Forest Name中需要属于我们域名的全称,Domain输入NetBios,点击“Next”
选择数据源,勾选后点击“Containers”
勾选同步的OU,这里需要包括ROBIN域中的用户以及同步CONTOSO域中的联系人,因为同步需要作对比,同步联系人有增删改等操作,勾选后点击OK
点击“Next”
点击“Target”选择同步联系人的目标OU
点击“Container”
选择之前规划好的Contact OU,点击“OK”
点击“OK”
回到刚才的界面,点击“Edit”
在文本框中输入SMTP地址的后缀,假如有多个,需要都添加进入,不然后续同步会报错,添加完后点击“OK”
点击“Next”
默认,Next
默认,Next
根据需要选择同步属性,我这里默认,Next
默认,Next
默认,Next
默认,Next
默认,Next
在Provision for中选择Exchange 2010即可,支持Exchange 2013,然后在Exchange 2010 RPS URL中输入CAS服务器的PowerShell目录,这里是:https://cas01.corp.robin.com/PowerShell
点击Finish完成ROBIN域中的MA的创建
按照相同发方法创建CONTOSO域中的MA
最后,我们还需要一次打开ToolsàOptions
勾选“Enable ProvisioningRules Extension”,点击“OK”
4.2 同步联系人4.2.1 手动同步联系人选中一个MA,这里以ROBIN域中的MA为例,点击“Run”
选择“Full Import (StageOnly)”,点击“OK”
依照刚才的步骤,同样执行FullSynchronization操作
同样执行Export操作
最后再执行一次Full Important (Stage Only)操作
同样的方法,执行CONTOSO域的MA,再回到ADUC中,可以看到已经创建了联系人
ROBIN域新增的联系人
CONTOSO域新增的联系人
登陆OWA也可以看到新增的联系人
ROBIN域新增的联系人
CONTOSO域新增联系人
4.2.2 脚本自动化同步联系人在FIM中,我可对MA的操作导出为VBS脚本,选中ROBIN域中的MA,点击“Configure Run Profiles”
点击“Script”
导出到桌面,并输入文件名称
导出的Full Import(Stage Only)VBS脚本
ROBIN域MA的Fulll Synchronization操作脚本
ROBIN域的Export操作VBS脚本
可以使用相同的步骤对CONTOSO域的MA导出相应的操作脚本导出后,可以把VBS脚本放入到计划任务中定时执行,这里把脚本整理为一个VBS,保存为UpdateContact.vbs
脚本如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Const PktPrivacy = 6
rem Const wbemAuthenticationLevelPkt = 6
Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when Microsoft Identity Integration Server is on remote system.
rem
rem Locator.Security_.AuthenticationLevel = wbemAuthenticationLevelPkt
rem Set Service = Locator.ConnectServer("MyServer", "root/MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root/MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
'---------------------------------------------------------------------------------------------------------------------------------
'Robin Full Import StageOnly
rem
Set Service01 = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root/MicrosoftIdentityIntegrationServer")
Set MASet01 = Service01.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{F03AF5A1-547B-46B4-8EA0-62B8E3D911A3}'")
for each MA01 in MASet01
WScript.Echo "Running " + MA01.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Full Import (Stage Only)")
WScript.Echo "Running " + MA01.name + ".Execute(""Full Synchronization"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Full Synchronization")
WScript.Echo "Running " + MA01.name + ".Execute(""Export"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Export")
WScript.Echo "Running " + MA01.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Full Import (Stage Only)")
next
'---------------------------------------------------------------------------------------------------------------------------------
'Contoso Full Import StageOnly
rem
Set Service02 = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root/MicrosoftIdentityIntegrationServer")
Set MASet02 = Service02.ExecQuery("select * from MIIS_ManagementAgent where Guid = '{CFF2D38F-B095-46CE-A848-E3D3CCBA89FA}'")
for each MA02 in MASet02
WScript.Echo "Running " + MA02.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Full Import (Stage Only)")
WScript.Echo "Running " + MA02.name + ".Execute(""Full Synchronization"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Full Synchronization")
WScript.Echo "Running " + MA02.name + ".Execute(""Export"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Export")
WScript.Echo "Running " + MA02.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Full Import (Stage Only)")
next
Sub ErrorHandler (ErrorMessage)
WScript.Echo ErrorMessage
WScript.Quit(1)
End Sub
新建一个基本任务计划,并在添加参数框中执行如下参数:
C:\Windows\System32\cscript.exe//Nologo //B
参数的具体作用可以运行帮助查看:
设置无论用户是否登陆都窒息功能脚本,勾选“不管用户是否登陆都要运行”,并把配置模式选定为Windows 7 及Windows Server 2008 R2模式
基本任务已经创建完成
把先前同步的联系人删除,手动执行一下脚本
ROBIN域中已经同步了CONTOSO邮箱账户为联系人
CONTOSO域中已经同步了ROBIN的邮箱账户为联系人
回到FIM的操作界面,定位到Operations下,可以看到刚刚执行的具体操作以及状态
再回到SQL图形化管理界面,可以看到新建的两个MA在如下表中,如上VBS脚本中查询的就是MA的ma_id
页:
[1]