This article contains frequently asked questions about the Active Directory Synchronization feature.
| Q: | When does Active Directory Synchronization Run? |
| A: | Active Directory synchronization runs automatically three times a day, starting at 8 a.m., then at 1 p.m., and at 11 p.m. These times are based on the local time of the location of the Mimecast grid. When synchronizing with Microsoft Azure Active Directory, a window is used to initiate the automated synchronizations to manage the distribution of the requests. Daily automated synchronizations start between 8 a.m. and 11 a.m., 1 p.m. and 4 p.m., and 12 a.m. and 3 a.m. This window is also based on the local time of the Mimecast grid that hosts your account. When using the Mimecast Synchronization Engine, the time is based on the server time that has the Engine installed. |
| Q: | How are Disabled Users Identified? |
| A: | Mimecast uses the user Account Control Active Directory attribute to calculate the status of a user. |
| Q: | What happens if I delete a user in Active Directory? |
| A: | Users deleted from the company directory are by default not removed from Mimecast after the next synchronization. They are switched from a Directory Generated user to a standard Mail Flow user. You can however update your Integration so that deleted users will automatically be deleted if they are no longer part of the synchronization result. For full details, see the Directory Synchronization Maximum Synchronization Deletions and Deleted Users article. |
| Q: | What happens if I delete a Group in Active Directory? |
| A: | Groups deleted from Active Directory are removed from Mimecast on the synchronization after the group was deleted, unless the group is being used in a policy or definition. |
| Q: | Why do I still see Email Accounts in Mimecast that are disabled after I remove them from my AD? |
| A: |
This can be due to the Setup on the Directory Sync connector. The default is set to Disable accounts when they are removed from the AD. The setting to remove from Mimecast internal directories needs to be set to Delete. See Directory Synchronization - Maximum Sync Deletions & Deleted Users for more information. If you want to remove these manually, this can be done by purging Via the Internal Directories on the specific address. For more about this, please see Directories - Deleting Users from Mimecast. |
| Q: | What Active Directory Attributes are Synchronized with Mimecast? |
| A: | See the Active Directory Synchronization Attributes page for full details of the attributes synchronized by default. You must have a Mimecaster Central logon to access this page. |
| Q: | The options section of my integration does not hold “Include Contacts” |
| A: | The “Include Contacts” option is only available for On-Premises Active Directory (LDAP) and Microsoft Azure integrations. |
| Q: | Include Contacts is enabled for my integration but no Contacts are being synchronized. Why? |
| A: | The Include Contacts only synchronizes Organizational Contacts. End-user Contacts are not supported. |
| Q: | Include Guest Accounts is enabled for my integration but no Guest Accounts are being synchronized. Why? |
| A: | The Include Guest Accounts only synchronizes Internal Guest Accounts. External Guest Accounts are not supported. |
| Q: | The Microsoft Azure integration does not synchronize Dynamic Distribution Groups. Why? |
| A: | The Microsoft Graph API does not support Dynamic Distribution Groups or Dynamic Security Groups, as they are considered to be Exchange objects and not Directory objects. |
Comments
Please sign in to leave a comment.