GAL Sync with Quest Quick Connect Express for Active Directory

By | December 23, 2010

Quest has just released a freeware product called Quick Connect Express for Active Directory. If you’re looking for something that fills the gap left by the (now pensionable) Microsoft Identity Integration Feature Pack, then this may well be it.  I’ve spent the last day looking at the product’s capabilities for running Exchange 2010 Global Address List synchronisation and I have to say I’ve very impressed.  Aside from the price tag ($0.00 suits the pocket of most), the best thing about QQCE is that it’s really easy to set up and configure.

At the time of writing the download link points to the wrong version of Quick Connect.  I only worked this out when the installer prompted me for a connection to the ActiveRoles Server Administration Service (something not used with the Express version).  I’m sure Quest will sort this out soon, but in the meantime, you can obtain the correct version by registering with the Quest Support web site and downloading the software and associated documentation from there.  You should end up with the following two files:

  • Quest_QuickConnectSyncEngineStandaloneModex64_470.msi (this is the 64-bit version – a 32-bit version is also available)
  • QuickConnectStandaloneMode_4.7_AdminGuide.pdf

Optionally, you can also download the Quick Connect Powershell provider:

  • Quest_QuickConnectManagementShellStandaloneModex64_470.msi

I chose to install the software on a Windows Server 2008 R2 Standard Edition machine together with SQL Server 2008 R2.  QQCE uses SQL databases to store the synchronisation data, but SQL Server doesn’t need to be on the same machine.

If I have time I’ll work on a step-by-step guide for GAL Sync using QQCE, but in the meantime here are some of the configuration details I used in my lab. ***Update Jan 2011 – step-by-step guide now available***

My first forest (ad.contoso.com) runs Windows Server 2008 R2 functional level and has Exchange 2010 SP1 RU2.  The second forest (ad.fabrikam.com) has the same versions.  I joined the server running QQCE to the CONTOSOE domain, but it could equally have been joined to the FABRIKAM domain.  I then configured GAL Sync in the direction CONTOSO –> FABRIKAM.  In other words, I had users in CONTOSO that I wanted to appears as Contacts in the FABRIKAM Global Address List.  Of course it is also possible to perform two-way GAL sync with the tool – I just didn’t take it that far.

Once you have completed the installation, the first thing to do is select one of the two domains as the “Managed Domain” for QQCE.  For the purposes of GAL sync the selection is arbitrary.  You then configure the second domain as a “Connected System”.

qqc_connections1

You then need to set up the workflow.  I chose to configure three separate workflow steps for the GAL Sync (Provisioning, Update and Deprovisioning).  This ensures that any creation, modification or deletion of mailbox-enabled users in CONTOSO are reflected in FABRIKAM.

The provisioning aspect of the workflow requires the most work.  The tool can easily be configured to provision Contact objects in the target, but a custom post-sync Powershell script is required to ensure the contacts appear in the GAL.

qqc_provisoning1

My script (which you can download here) invokes a remote Powershell session against a FABRIKAM Exchange server and uses the Get-Contact and Set-Contact cmdlets to ensure the attributes required for GAL visibility are stamped on the Contact objects.

qqc_provisoning_script

When configuring the Source information, I specified the OU containing the mailbox-enabled User objects and identified them using the homeMDB attribute.  If the homeMDB attribute is present on a User object you can assume it is mailbox-enabled.

qqc_provisoning2

The Target window in the configuration wizard allows you to specify what object type to create (Contact in my case).  You also specify the rule(s) for generating the object name. I chose the source User object’s Display Name attribute to generate the name (cn) for the corresponding Contact object.

qqc_provisoning3

Finally, you specify which attributes on the source object should be populated on the target object during provisioning.  My choices are fairly obvious, but note in particular that I used the mail attribute from the source to create the Contact object’s targetAddress attribute.  The targetAddress attribute is important for Contacts as it is the one Exchange uses for routing purposes.

qqc_provisoning4

The Update and Deprovisioning steps are much simpler to configure, so I won’t show them here.

Once the workflow setup is compete you can configure them to run according to a schedule that you specify.  Once per day is probably sufficient in most cases.

The remaining task is to create a mapping rule for the User->Contact relationship.  This is required to allow the Update and Deprovisioning workflow steps to match the correct target object based on changes or deletions in the source domain.

qqc_workflow1

And that’s it really.  You can pretty much have the whole thing up and running in an hour or less!

Much kudos to Quest for pushing this out as a free tool.  Of course GAL Synchronisation is not the sole purpose of the tool, but I suspect it’ll be the major drawcard for many organisations given its usefulness in migration and coexistence scenarios.  The major alternatives for GAL Sync with Exchange 2010 are ILM/FIM and SimplSync, both of which cost money and, in the case of FIM at least, require a great deal more configuration effort.

Tony

34 thoughts on “GAL Sync with Quest Quick Connect Express for Active Directory

  1. Mike Crowley

    I had a heck of a time finding the downloads on the support site. It’s called “standalone” not, “express”.

    The links are here:

    https://support.quest.com/Downloads.aspx?id=3425314&ver=ActiveRoles Server~6.7&productid=268439998&productversionid=268454264&category=Documentation&SKB=1

    This document provides the information required to install and use Quick Connect Sync Engine Standalone 4.7.
    Last Updated: December 2, 2010File Size: 1,558 KB

    https://support.quest.com/Downloads.aspx?id=3425216&ver=ActiveRoles Server~6.7&productid=268439998&productversionid=268454264&category=Software&SKB=1

    Quick Connect Sync Engine Standalone 4.7 x64 Complete Package in ZIP format.
    Last Updated: December 2, 2010File Size: 5,706 KB

    https://support.quest.com/Downloads.aspx?id=3425213&ver=ActiveRoles Server~6.7&productid=268439998&productversionid=268454264&category=Software&SKB=1

    Quick Connect Sync Engine Standalone 4.7 x86 Complete Package in ZIP format.
    Last Updated: December 2, 2010File Size: 5,677 KB

    Reply
  2. Mike Crowley

    I had a heck of a time finding the downloads on the support site. It’s called “standalone” not, “express”.

    The links are here:

    https://support.quest.com/Downloads.aspx?id=3425314&ver=ActiveRoles Server~6.7&productid=268439998&productversionid=268454264&category=Documentation&SKB=1

    This document provides the information required to install and use Quick Connect Sync Engine Standalone 4.7.
    Last Updated: December 2, 2010File Size: 1,558 KB

    https://support.quest.com/Downloads.aspx?id=3425216&ver=ActiveRoles Server~6.7&productid=268439998&productversionid=268454264&category=Software&SKB=1

    Quick Connect Sync Engine Standalone 4.7 x64 Complete Package in ZIP format.
    Last Updated: December 2, 2010File Size: 5,706 KB

    https://support.quest.com/Downloads.aspx?id=3425213&ver=ActiveRoles Server~6.7&productid=268439998&productversionid=268454264&category=Software&SKB=1

    Quick Connect Sync Engine Standalone 4.7 x86 Complete Package in ZIP format.
    Last Updated: December 2, 2010File Size: 5,677 KB

    Reply
  3. admin Post author

    Thanks for posting the links Mike. I should have pointed out that it is referred to as both “Express” and “Standalone”

    Reply
  4. admin Post author

    Thanks for posting the links Mike. I should have pointed out that it is referred to as both “Express” and “Standalone”

    Reply
  5. Mike Crowley

    One final note (now that I have it working): don’t install this on an Exchange server. I have a small environment I tested with and saw that some listening ports were conflicting.

    Thanks again for the post and great supporting PS help!

    Reply
  6. Mike Crowley

    One final note (now that I have it working): don’t install this on an Exchange server. I have a small environment I tested with and saw that some listening ports were conflicting.

    Thanks again for the post and great supporting PS help!

    Reply
  7. Pingback: Open a Socket! » Quest ActiveRoles Quick Connect Express: GAL Sync Step-by-step Guide

  8. Pingback: Open a Socket! » Quest ActiveRoles Quick Connect Express: GAL Sync Step-by-step Guide

  9. Pingback: Freeware – Quest Quick Connect Express for Active Directory « Information Store

  10. Moto

    Hi,

    I am reading your doc and so far so good. The one area I am struggling is with your script. I seem to keep getting errors.

    “Synchronization Abort. The error message:Script Invocation Exception Input string was not in a correct format.”

    Thoughts?

    Reply
  11. Steve G

    Hi, Tony,

    Excellent doc and well-timed as I’m looking at various GalSync options for a customer at the moment. I’ve set up sync between an E2K3 Org (source) and an E2K10 Org (target). Provisioning and Update work as expected, but Deprovisioning only works if the source user is physically deleted rather than moved outside the sync scope. Have you come across this before? Do you have any suggestions?

    Reply
  12. Steve G

    Tony,

    Ignore my previous question, I’ve fixed the problem. I had included the whole of the source domain in the sync scope of the managed domain, so obviously, no matter where I moved the user it would never be out of scope and result in a deprovision! That’s bugged me on and off for days!

    Anyway, thanks once again for a top document.

    Steve G

    Reply
  13. Faisal

    Hi Tony,

    Thanks for sharing this helpful tool. I have implemented GAL Sync with Quest Quick Connect Express/Standalone for Active Directory v4.7. I have two exchange 2010 SP1 environments running over Windows Server 2008 R2 SP1 Active Directory infrastructure. Both forests are located in the same site. The implementation was successful accept one problem, which is major. Can you please help me with this:

    Problem Description: During the provisioning step, if I include the ‘showInAddressBook’ attribute in the source and try to map it with it’s corresponding ‘showInAddressBook’ attribute in the target, the ‘Run Now’ wizard in the ‘Workflow’ tab gives me alot of errors and none of the users are synchronized. When I exclude ‘showInAddressBook’ attribute, the problem I get in the target forest is that the transferred contacts do not show up in the GAL but only show up in the “All Contacts” address list.

    Objective: I need all the migrated/synchronized contacts to appear in the target GAL automatically after the contacts are migrated. But they are currently showing up in the “All Contacts” list.

    Question: Is there anyway using Quest QC for AD or using EMC/EMS to automatically make migrated/synchronized contacts appear in the target GAL, rather than target ‘All Contacts’ address list, and that ‘showInAddressBook’ property gets updated automatically for this purpose.

    Please I need an urgent reply.

    Thanks,

    Faisal
    email: faisal@futureware.com.sa
    email2: faisal375@gmail.com

    Reply
  14. Kevin

    Thanks as usual Tony

    Your advice is helping me through merger no 3 in 3 years

    You are the greatest

    Reply
  15. Steve

    it appears that you cannot download the free version unless you have a support contract in place. is there any other place we can get it??

    Reply
  16. admin Post author

    @Steve. You can register on the support site as a trial software user. Then you can download the software.

    Reply
  17. Brian Rota

    Hello
    I followed the guide today.
    I wanted to know if you had any issues with the primary smtp addresses not being applied correctly.
    I was expecting the primary smtp address match the external address like when I just make a contact. Instead it made the target address secondary.
    I was seing the Exchange policy applying after I ran the set-contact command.

    Also any tricks when you are using Lync federation between the two domains?
    Since the primary smtp address is the target domain the contacts can not be used to find users with the lync federation.

    Thank you for the guide

    Reply
  18. nuno

    where can i download the file on the quest site i can’t download i have registered and can’t download

    Reply
  19. Tony

    Just wondering if anyone knows of a link to download either free version (4.7 or 5.0)? Can’t seem to find one on the internet anyway (which is unusual!) Thanks

    Reply
  20. Tony

    Does anyone have a lino to 4.7 or 5.0 looks like quest only have 5.2 available…

    Reply
  21. Pingback: Own findings while working on an AD and Exchange migration project | SysAdmin On Fire

  22. Samuel

    Hi Tony,

    I’m also look for this kind of software. But no luck cannot find it online. Do you mind to share this freeware with me. Many Thanks.

    Reply
  23. Bhushan

    Hi Tony,

    I’m also look for this kind of software. But no luck cannot find it online. Do you mind to share this freeware with me. Many Thanks.

    Reply
  24. MrDak

    Hi:

    Do you have the software to share, my hard drive crash and lost the installer

    Reply
  25. Pingback: Making your software product too hard to obtain…. | Hayes Jupe's Blog

  26. Mohsen

    Hi Tony
    after long time thanks you, it is useful solution in probono networks and i interested in,
    but i can not find Quest_QuickConnectSyncEngineStandaloneModex64_470.msi
    because i haven’t software.dell.com account and serial number
    can you help me . Many many thanks,

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.