Communication Shifts and Demands:
In today’s ever-changing marketplace, many companies have made strategic shifts and are acquiring smaller firms or merging with larger ones to maintain their competitive position. Even outside of the M&A trend that has been witnessed across numerous industries, is the trend towards globalization. No matter what size, small or large, any company working on an international level must manage multiple Active Directories and multiple Exchange organizations. To streamline the communication between employees working with various divisions or OUs (organizational units) within their same organization, Outlook users can save pertinent information such as all email addresses and phone numbers for other colleagues in their Global address list.
Country boundaries are not the only barrier to communication within companies with multiple ADs and OUs. Even if you work for a small domestic firm, you still need a way to effectively combine Global Address Lists if your firm decides to synchronize all of its crucial operational data with a parent company.
When you open Office Outlook, compose a new email, and click on the “To” button, then all email addresses of your companies’ employees will appear. When dealing with multiple divisions, OUs, or even two different companies working together consistently, the question arises, What about your colleagues working in the other company or OU? Isn’t their email and contact information just as important?
Common Scenario:


A well-known US health company has more than 30 subsidiaries. Each subsidiary typically has its own Active Directory with Exchange.
It is obvious that the users in these two organizations know each other, but they do not have a centralized repository of data that is necessary for consistent mail communication. The faster employees can communicate with the necessary people, the more productive and happy everyone in the organization will be.
Challenges Faced When Communicating without Synchronized GALs:
One of the disadvantages of this topology is that Outlook users can only list the mail addresses of their own Active Directory in Outlook’s Global Address List (GAL). What happens to all the people who must communicate regularly with a colleague who is not listed in a centralized repository? The solution seems simple, but like everything else that seems too good to be true, it is! The temporary solution might be simple, but it is tedious and time-consuming, since employees add the missing contact information of colleagues to their personal address books. This is only a quick fix, however, for the next time something changes in that colleague’s contact information (i.e. phone number), the personal address book will not recognize the change, and the next phone call will mismatch. This will cause the user to have to manually make the change themselves, instead of having a simple software solution that does all the synchronization automatically.
Current Solutions in the Marketplace:
Microsoft Identity Integration Server and IIFP


ILM 2007 Architecture:
With Microsoft Identity Integration Server, Microsoft took a first crucial step by offering a newly- developed software product to synchronize identity information between different data sources. MIIS 2003 offered a lot of agents for multiple data sources such as database servers, flat files and Active Directory. This powerful yet complex identity management system offered all features for the synchronization of users’ metadata data. This is needed in companies where users’ attributes are administrated in different sources.
Example: A user’s phone number is administrated in an Oracle database used by the phone system, but the user’s name is administrated in Active Directory, and the department is administrated in an ERP-system.
As part of their Identity Integration Server, Microsoft offered a cost-free solution called Identity Integration Feature Pack 2003 (IIFP), which was limited to Active Directory and ADAM as data sources.
Customers could now realize a synchronization of Global Address Lists between different forests using IIFP without requiring licenses.
Even with the help of the IIFP, there are several hoops an administrator must jump through before implementing the synchronization. For instance, it was recommended that a dedicated SQL Server host all Delta data. Administrators needed to spend nearly a week if not longer to understand, implement and configure the product, which brought its own host of new terminology for the administrator to learn, deriving from Identity Management systems. Due to this complexity, most often this work was performed by external consultants specializing in MIIS. Support for MIIS/IIFP was finished in 2008.
Identity Lifecycle Manager 2007 (ILM) is MIIS’ successor. ILM “2” also provides self-service capabilities for end users, for example self-service tasks such as group and credential management via Microsoft Office and Windows.
Unfortunately, a cost-free solution like IIFP is not intended by MS.
Microsoft decreased pricing for ILM 2007 (from $10,000 up) but the inherent challenge with the software still existed—its complexity. For E-mail and messaging there are Management Agents available for Microsoft Exchange 2007, 2003, 2000 and 5.5, Lotus Notes 7.0, 6.x, 5.0, and 4.6.
Getting GAL in sync between forests ILM 2007 is certainly a viable option, but it requires extensive preparation on the administrator’s part. Another stumbling block for IT teams attempting the synchronization of GALs is that there must be a direct connection between the data sources, which most companies prohibit due to firewall restrictions.

In order to keep the software more configurable and easier to implement, GALsync is focused only on synchronization of Global Address Lists between multiple Exchange Organizations; it is not intended to act as general identity management software.
The sync is done by an export of data from source Active Directory and an independent import at target side.
Data might be exchanged using ftp-server or a common Windows share, but the most powerful feature is using SMTP as protocol. This enables all companies with restricted firewall policies to exchange GAL data over the internet. In addition, data can be secured by a built-in encryption method.
Installation and customization of the software requires only 1 or 2 hours. Administrators are walked through the process by an easy-to-use, wizard-based graphical user interface. Scheduled jobs are run by an independent service.
At export side, the selection of objects is customizable (i.e. OUs, groups, etc), along with the properties included for sync. At import side, attributes’ values might be customized (i.e. suffix appended to display name), as well as some extended features for multi-organizations sync.
No additional soft- or hardware is needed– GALsync can be installed on any domain computer and works with Microsoft Exchange organizations based on 2010, 2007, 2003 and 2000. Pricing depends on number of forests and objects to sync (from $750 up).
To have GALs in sync between forests, GALsync is an affordable and flexible solution that does not burden the Exchange administrator with extraneous, complex identity management features. GALsync is developed by the German company NETsec which specializes in Active Directory and Exchange.

To learn more about these GAL synchronization tools, please visit: