Home arrow Howto's arrow Howto - MS Exchange arrow Migrating from Domino to Exchange 2007 (Part 2)
Migrating from Domino to Exchange 2007 (Part 2) PDF Print E-mail
Written by David Noel-Davies   
In part one of this article I introduced the new Microsoft Transporter Suite for Lotus Domino and created a new Directory Connector for the beginning of a sample scenario where Contoso, using Exchange 2007, wishes to coexist with Fabrikam, using Domino 7. Here in part two we will complete the configuration of the Directory Connector and then ensure that both systems have synchronized address books.

Domino Permissions

Before we start configuration of the Directory Connector, it is worth noting the permissions required within Domino for this to work. As I said in part one of this article, I am using the default Domino administrator account that has all required permissions. If you want to use a different Domino account, Microsoft states that this account must have at least Editor access to the Domino directory which in Fabrikam's case is names.nsf. Additionally, the account will require the UserCreator and UserModifier roles as well as the ability to delete documents. How this is configured for the default Domino administrator account is shown in Figure 3, where the access control list for names.nsf is depicted. As you can see, the Domino administrator account has Manager access by default, which is higher than the required Editor access.


Figure 3:
Domino Directory Access Control List

Configuring the Directory Connector

Now let's go back to the Transporter Management Console and configure directory synchronization. In the main transporter suite window, you will see the newly created Directory Connector listed as shown in Figure 2 in part one of this article. Configuring the Directory Connector is more complicated than creating it. Let's walk through the process required by Contoso to complete the synchronization process with Fabrikam.

  1. Highlight the Directory Connector that was just created, right-click it and choose Properties from the context menu. Alternatively, choose the Properties option from the Actions menu.
  2. The properties of the Directory Connector are displayed and you will see four tabs to be configured. The General tab has various settings that are configured as follows. A screen shot of Contoso's configuration is shown in Figure 4.
    1. Sync Schedule. This is a drop-down selection box that has pre-defined options ranging from 15 minutes to 24 hours, as well as a 'never' option which is the default. Of course, you will want to choose an option that reflects how often you would like the address books updated. Let's choose 15 minutes for this article.
    2. Global Catalog. This is the global catalog server that will be used for the Active Directory reference when performing directory synchronization. Click the Browse: button and choose the relevant global catalog server.
    3. Domino Server. Obviously this is the name of the Domino server that you wish to connect to for directory synchronization purposes. In our example, this is DOMINO/FABRIKAM.
    4. Notes Password. Here you type the Notes ID password for the account that is configured on the Notes client installed on the server containing the Transporter Suite. Since we are using the Domino administrator account, we type that account's password here.


Figure 4:
Directory Connector General Tab

  1. The Sync to Active Directory tab controls which Domino directories are synchronized into Exchange. The specific options to configure are:
    1. Source Domino Directory. To complete this configuration, we should first click the Add button which presents the New Source Domino Directory Entry window. The fields in this window are configured as follows:
      1. In the Domino Directory field, we enter names.nsf which is the default Domino Directory that contains Fabrikam's users. These are the users that are required to be synchronized into Active Directory.
      2. In the Domain Name field, Fabrikam's Domino domain name is entered, which in this case is fabrikam.
      3. In the SMTP Domain field, Fabrikam's SMTP address space is entered, which is fabrikam.com. The completed window is shown below in Figure 5.


      Figure 5:
      New Source Domino Directory Configuration

    2. Target Active Directory. This option is used to choose the target OU that will be used to store the mail-enabled contacts that represent the Domino users. You will remember that we created the Domino Users OU specifically for this purpose so that's the OU that is specified here, chosen by clicking the Browse: button and selecting the relevant OU. The completed Sync to Active Directory tab is shown in Figure 6.


Figure 6:
Directory Connector Sync to Active Directory Tab

  1. The Sync to Domino tab is used to configure directory synchronization from Exchange to Domino. The specific options to configure are:
    1. Source Organizational Units. Here we choose the OUs in Active Directory that contain the Exchange users, groups or contacts that we wish to synchronize into Domino. In Contoso's case the Head Office OU is selected which results in all objects from this OU and all objects from all sub-OUs of the Head Office OU also being added. This is shown below in Figure 7. This is achieved by clicking the Add button and then browsing to the relevant OU in the New Source OU Entry window that is displayed.
    2. Target Domino Directory Names and Addresses (NSF) File. This field is used to select the name of the Domino Directory that will receive the Exchange users, groups and contacts configured in the previous step. By default, this is set to names.nsf although this can be changed to an alternative Domino Directory if required. In our case, Fabrikam requires that the Exchange information is synchronized into names.nsf.
    3. Routable Exchange Domains. Here we configure Contoso's SMTP domain name of contoso.com as a routable Exchange domain. If Contoso had additional SMTP domain names such as contoso.org, we would need to make sure that these were included as well. These can be added simply by clicking the Add button and entering the relevant SMTP domain name into the field in the Add Routable Exchange Domain Entry window.


Figure 7:
Directory Connector Sync to Domino Tab

  1. The final tab to configure is the Advanced tab. This is shown below in Figure 8. Note the options to choose whether to synchronize groups and contacts. You can also choose a list of Domino groups that you do not want to synchronize into Active Directory. We will leave the defaults within this article.
  2. The configuration of the Directory Connector is now finished. Just click OK to return to the main transporter suite window.


Figure 8:
Directory Connector Advanced Tab

You can also create and configure a Directory Connector at the same time via the New-DominoDirectoryConnector cmdlet. I will not repeat all the various parameters here, but the Syntax portion of Figure 9 will show you what the parameter names are. Many of the parameter names are self explanatory as they can be linked to the options you've seen from within the Transporter Management Console. The transporter suite help file has full details if you are unsure.


Figure 9:
New-DominoDirectoryConnector Syntax

Performing a Synchronization

Once the Directory Connector has been configured, the service must be started before any synchronization can take place. The service name is Microsoft Exchange Directory Connector Service for Lotus Domino and note that, by default, the service startup parameter is set to Manual so you will want to change this to Automatic. If you do not start the service yourself, you can see the timeout error shown in Figure 10 when attempting to synchronize directories.


Figure 10:
Directory Connector Timeout Error

You can either wait for the synchronization process to run according to your configured schedule, or, as is more likely the case when first setting up the Directory Connector, you can force a synchronization process immediately. In the console, right-click the Directory Connector within the Transporter Management Console and choose the Synchronize Now: option from the context menu or Action pane. Doing this invokes the Synchronize Directories Now wizard which has an introduction screen followed by:

  1. Synchronization Options screen. Here you will see different types of synchronizations to perform such as 'update' or 'full' synchronizations, together with the direction in which you wish to perform them. Since this is the first time we are running the directory synchronization process between the two systems, we should choose the Full Synchronization option followed by the Full two way synchronization: option. This performs a fresh synchronization run, so clearly you wouldn't want to run this process too often unless you had a specific need to. It will also delete existing objects from a previous synchronization run and re-create them if they still exist. The more likely on-going option to choose is the Update Synchronization option which merely changes updated or modified objects. Since this is the first directory synchronization run, you should choose to synchronize in both directions at this time. This screen is shown in Figure 11. Once you are happy with your choice, click Next.
  2. The Progress screen is then displayed. Here, just click the Synchronize button. The connector will then begin the synchronization process, hopefully culminating in a successful synchronization. Then just click the Finish button to close the wizard.


Figure 11:
Synchronize Directories Now Wizard

You can use the shell to do the same thing via the following simple cmdlet:

Start-DominoDirectoryConnector -FullReloadToAD -FullReloadToDomino

You do not need to use the -Identity parameter in this case since there is only a single Directory Connector. You can use the UpdateToAD and UpdateToDomino parameters to perform an update synchronization.

Now that we have run the directory synchronization process, let's check that it has completed successfully. The first thing to do is to check the contents of the Domino Users OU and as you can see from Figure 12 this is now populated with mail-enabled contacts representing the Fabrikam Domino users and groups. Similarly, checking the Domino Directory reveals that this is now populated with the Exchange users and Groups as shown in Figure 13.


Figure 12:
Domino Users in the Notes Users OU


Figure 13:
Exchange Users in the Domino Directory

Diagnostics Logging

As you might expect, the transporter suite can also place information into the event log during the directory synchronization process which you can use for troubleshooting failed synchronization attempts. There are three different categories for the DominoDirectoryConnector application, which you can see if you perform the following cmdlet:

Get-TransporterEventLogLevel | fl

The result of this is shown in Figure 14, where you can see the three categories listed as Service, Controller and DirSync.


Figure 14:
Results of Get-TransporterEventLogLevel

You will see that the first two categories are set to a Low diagnostics logging level, which is the default. If you want to ramp up the diagnostics logging for one of the categories you need to use the Set-TransporterEventLogLevel cmdlet with the -Identity parameter. You will see in Figure 14 that the DirSync category is set to High. This was achieved by the following cmdlet (note the format of the -Identity parameter and that it includes the application name of DominoDirectoryConnector):

Set-TransporterEventLogLevel -Identity DominoDirectoryConnector\DirSync -LoggingLevel High

Doing this results in much more information in the event log, such as the directory synchronization event example shown in Figure 15.


Figure 15: Example DirSync Logging Information

Summary

Here in part two of this article we've completed the directory synchronization process to the point where Contoso and Fabrikam now have shared address books. This means that users from each organization can now easily email each other simply by picking names from the relevant address book. In the next part, we will look at setting up the free/busy connector so that users can see each other's calendar availability.

 
< Prev   Next >
Powered by IT CONTRACTORS and designed by EZPrinting web hosting