标签:exchange server 2013 gal 通讯簿 fim
开始配置管理代理(后面简称MA),在操作界面中,定位到Management Agents选项卡,点击“Create”,开始创建ROBIN域中的MA
在Management agent for中选择“Active Directory global address list(GAL)”,并输入MA名称,点击“Next”
输入Forest Name,User Name,Password,以及Domain,这里需要注意的是,Forest Name中需要属于我们域名的全称,Domain输入NetBios,点击“Next”
选择数据源,勾选后点击“Containers”
勾选同步的OU,这里需要包括ROBIN域中的用户以及同步CONTOSO域中的联系人,因为同步需要作对比,同步联系人有增删改等操作,勾选后点击OK
点击“Next”
点击“Target”选择同步联系人的目标OU
点击“Container”
选择之前规划好的Contact OU,点击“OK”
点击“OK”
回到刚才的界面,点击“Edit”
在文本框中输入SMTP地址的后缀,假如有多个,需要都添加进入,不然后续同步会报错,添加完后点击“OK”
点击“Next”
默认,Next
默认,Next
根据需要选择同步属性,我这里默认,Next
默认,Next
默认,Next
默认,Next
默认,Next
在Provision for中选择Exchange 2010即可,支持Exchange 2013,然后在Exchange 2010 RPS URL中输入CAS服务器的PowerShell目录,这里是:https://cas01.corp.robin.com/PowerShell
点击Finish完成ROBIN域中的MA的创建
按照相同发方法创建CONTOSO域中的MA
最后,我们还需要一次打开ToolsàOptions
勾选“Enable Provisioning Rules Extension”,点击“OK”
选中一个MA,这里以ROBIN域中的MA为例,点击“Run”
选择“Full Import (Stage Only)”,点击“OK”
依照刚才的步骤,同样执行Full Synchronization操作
同样执行Export操作
最后再执行一次Full Important (Stage Only)操作
同样的方法,执行CONTOSO域的MA,再回到ADUC中,可以看到已经创建了联系人
ROBIN域新增的联系人
CONTOSO域新增的联系人
登陆OWA也可以看到新增的联系人
ROBIN域新增的联系人
CONTOSO域新增联系人
在FIM中,我可对MA的操作导出为VBS脚本,选中ROBIN域中的MA,点击“Configure Run Profiles”
点击“Script”
导出到桌面,并输入文件名称
导出的Full Import(Stage Only)VBS脚本
ROBIN域MA的Fulll Synchronization操作脚本
ROBIN域的Export操作VBS脚本
可以使用相同的步骤对CONTOSO域的MA导出相应的操作脚本
导出后,可以把VBS脚本放入到计划任务中定时执行,这里把脚本整理为一个VBS,保存为UpdateContact.vbs
脚本如下:
Const PktPrivacy = 6
rem Const wbemAuthenticationLevelPkt = 6
Set Locator = CreateObject("WbemScripting.SWbemLocator")
rem
rem Credentials must only be specified when Microsoft Identity Integration Server is on remote system.
rem
rem Locator.Security_.AuthenticationLevel = wbemAuthenticationLevelPkt
rem Set Service = Locator.ConnectServer("MyServer", "root/MicrosoftIdentityIntegrationServer")
rem Set Service = Locator.ConnectServer("MyServer", "root/MicrosoftIdentityIntegrationServer", "Domain\Me", "MyPassword")
‘---------------------------------------------------------------------------------------------------------------------------------
‘Robin Full Import StageOnly
rem
Set Service01 = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root/MicrosoftIdentityIntegrationServer")
Set MASet01 = Service01.ExecQuery("select * from MIIS_ManagementAgent where Guid = ‘{F03AF5A1-547B-46B4-8EA0-62B8E3D911A3}‘")
for each MA01 in MASet01
WScript.Echo "Running " + MA01.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Full Import (Stage Only)")
WScript.Echo "Running " + MA01.name + ".Execute(""Full Synchronization"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Full Synchronization")
WScript.Echo "Running " + MA01.name + ".Execute(""Export"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Export")
WScript.Echo "Running " + MA01.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA01.Execute("Full Import (Stage Only)")
next
‘---------------------------------------------------------------------------------------------------------------------------------
‘Contoso Full Import StageOnly
rem
Set Service02 = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root/MicrosoftIdentityIntegrationServer")
Set MASet02 = Service02.ExecQuery("select * from MIIS_ManagementAgent where Guid = ‘{CFF2D38F-B095-46CE-A848-E3D3CCBA89FA}‘")
for each MA02 in MASet02
WScript.Echo "Running " + MA02.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Full Import (Stage Only)")
WScript.Echo "Running " + MA02.name + ".Execute(""Full Synchronization"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Full Synchronization")
WScript.Echo "Running " + MA02.name + ".Execute(""Export"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Export")
WScript.Echo "Running " + MA02.name + ".Execute(""Full Import (Stage Only)"")..."
WScript.Echo "Run completed with result: " + MA02.Execute("Full Import (Stage Only)")
next
Sub ErrorHandler (ErrorMessage)
WScript.Echo ErrorMessage
WScript.Quit(1)
End Sub新建一个基本任务计划,并在添加参数框中执行如下参数:
C:\Windows\System32\cscript.exe //Nologo //B
参数的具体作用可以运行帮助查看:
设置无论用户是否登陆都窒息功能脚本,勾选“不管用户是否登陆都要运行”,并把配置模式选定为Windows 7 及Windows Server 2008 R2模式
基本任务已经创建完成
把先前同步的联系人删除,手动执行一下脚本
ROBIN域中已经同步了CONTOSO邮箱账户为联系人
CONTOSO域中已经同步了ROBIN的邮箱账户为联系人
回到FIM的操作界面,定位到Operations下,可以看到刚刚执行的具体操作以及状态
再回到SQL图形化管理界面,可以看到新建的两个MA在如下表中,如上VBS脚本中查询的就是MA的ma_id
本文出自 “Robin's Home” 博客,谢绝转载!
跨林拓扑中部署 Exchange 2013 GAL同步之二配置篇
标签:exchange server 2013 gal 通讯簿 fim
原文地址:http://winteragain.blog.51cto.com/1436066/1636685
