GALSync with Microsoft Identity Manager
Windows Remote Management (aka Remote PowerShell) is a wonderful thing; when it works straight out of the box when you’re in the same domain. Getting it working across Forests though can feel like jumping through hoop after hoop, and sometimes like the hoops are on fire. When configuring GALSync ([Exchange] Global Address List Synchronisation) with FIM/MIM this always means across AD Forests. The graphic below shows the simplest relationship. If there is a firewall(s) in between then you’ll have additional hoops to jump through.
This article here is the most definitive I’ve found about what is required, but it isn’t easily found even when you know it exists. In the last few months I’ve had to set up GALSync with FIM/MIM a number of times, and I have visibility that I’ll be needing to do it again in the future. So here is my consolidated version for configuration changes using PowerShell for configuring Remote Powershell for FIM/MIM GALSync . If nothing else it’ll help me find it quickly next time I need to do it.
This post assumes you have the other prerequisites all sorted. They are pretty clear in the linked article above such as a One-way Cross Forest Trust, connectivity on the necessary ports if there are firewalls in-between FIM/MIM and the Exchange CAS Server and Domain Controllers in the remote environment.
My tip is to start from the MIM Sync Server.
4. then on the MIM Sync Server perform the following …
Set-ExecutionPolicy RemoteSigned $Creds = Get-Credential # NBDomain\ADMAServiceAccountUser $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://.customer.com/PowerShell/ -Credential $Creds -Authentication kerberos Import-PSSession $Session # Get a list of Exchange Servers Get-ExchangeServer # Get a list of Mailboxes Get-Mailbox # Get a list of Mail Users Get-MailUser # Close and remove the session Remove-PSSession $Session
Remove Remote Desktop permissions from the Active Directory Management Agent Service Account if you enabled it to configure the Exchange CAS Server.
Recently under the experimental Azure Functions build Microsoft Developer Advocates have shown enabling Azure Functions…
Today, I’m super excited to finally announce the Beta release of EntraPulse Lite – a…
I'm excited to share some significant authentication enhancements I've contributed to the Lokka MCP Server…
Last month I had the pleasure of speaking at the Sydney event for Global Azure.…
Model Context Protocol (MCP) is a powerful framework that extends AI clients like Claude and…
I've just completed participating in the Azure AI Developer Hackathon that was looking to provide…
This website uses cookies.