Scalix Forums

I'm working with Scalix CE at a high school. We have a single domain windows 2003 directory. I'm not really interested in administering the Scalix settings from the AD side. I just want to mirror the accounts between the two systems. Is this already possible? I believe can create some scripts on the Scalix server to accomplish this task, but I'd rather not solve a problem that has already been solved.

Nathan

I think for the AD -> Scalix direction, you can do it using omldapsync for agreement type 11. However this does not support the Scalix -> AD direction. On the other hand, agreement 21 (Scalix 10) support both directions but it is intended for Exchange 5.5 only.

Regards,
Danny

Thanks Danny for your quick reply. I have gone back to the documents and examined the manual page for omldapsync. I have a question.
Omldapsync has 2 schemes to do what I want to do (which is pull users and their contact info from AD). These are give number types 11 and 12. 12 is deprecated and uses existing ldap attributes that are not already being used by the directory and 11 requires new entries to be created. I would prefer to use 11 as 12 is deprecated and if at some point I upgrade to Scalix 11 I want my sync to still work. But to use 11 I need to modify my schema and I've found no documentation on the subject. There is reference to tool called ForestPrep which I assume comes with the Enterprise Edition, but I don't have that Edition I'm using the Community Edition. Could you please point me in the direction of a guide to create the attributes I need on my Active Directory server?

Nathan

Nathan

Option 1: If you are only interested in "syncing" Scalix with AD, there is another option. Sync ID 11 can be "tweaked" such that it is not necessary to extend the AD Schema. This is more of a "Provision Only" option, but it sounds like what you are looking for.

Option 2: If you *do* want to use the standard sync ID 11, they you will need to extend the AD schema to create the extended attributes. This gives you the ability to provision and administer from AD Users and Computers. Pros: This option gives you the ability to manage your Scalix Users from AD U&C. Cons: Entries are locked in SAC.

If you choose Option 1, then contact me out of band and i will send you the updated sync agreement that does not require AD Schema extension. darrell at scalix dot com.

If you choose Option 2, then you need to extend the Schema and create a Scalix tab on AD U&C. This is done from by installing the two .msi files on the Scalix 10.0 distribution located in /software/scalix-ade. Run both files on the GC Master of your AD Domain. If you only have one DC, then its the GC Master. Make sure you are logged in as Administrator. Not just an account that is part of the Domain Admins group. It must be a Schema Admin and typcally Administrator is the only member of this group. Once you install both of these .msi files, there will be a directory created called /Program Files/scalix/administrator. This directory will contain an .exe and .dll file. Run the ForestPrep.exe. This will extend the schema and add the new DLL to AD U&C. You will need to wait up to 15 minutes for this to be replicated, even if you only have a single DC. Once you (reload) AD U&C and see a "Scalix" Tab when you go to properties of a users, then you know that the schema has been extended successfully. You will need to click the "Scalix Maillbox" on the Scalix tab to have a mailbox created on the Scalix Server. Be sure to setup your omldapsync to run as a cron job.

Darrell Sturdivant

... just adding this is utterly unsupported in CE....

Also, the schema extension is irreversible...

Cheers,

Sascha.