How to perform DirSync resync for Forefront Online Protection for Exchange
FOPE or Forefront Online Protection for Exchange is undoubtedly one of the best email gateway services available in market.
The way FOPE function is through DIRSync or Directory Synchronization – the same technology Microsoft employs to sync user data from your inhouse AD environment to their cloud.
DIRSync process will copy user attributes in a period of X minutes that we setup.
This article is to address an issue wherein the administrator needs to reset this information and do a full resync from internal AD to FOPE database. Please consult with Microsoft FOPE team before you proceed with the below steps. You do this at your own risk…
When the number of in house Microsoft Exchange Server environment recipient does not match with the onsite Hosted Services network for use with Forefront Online Protection for Exchange (FOPE) and the IT management would like to clean the old data from the Hosted Services network for use with Forefront Online Protection for Exchange (FOPE). How to verify the number of recipients in premises, Microsoft Exchange Server environment and the number of recipients on the Forefront Online Protection for Exchange (FOPE).
How to verify number of recipients in premises Microsoft Exchange Server environment with the onsite Forefront Online Protection for Exchange (FOPE)?
The steps to get the number of recipient in premises Microsoft Exchange Server environment are as below.
Step 1: Logon to the server on which directory synchronization tool
Step 2: Start>Programs>Microsoft Directory Tool>Run Directory Synchronization PowerShell
Step 3 Run PowerShell script Clear-SyncCookies
Step 4: Start Directory Synchronization Tool Manually
Step 5: click sync Now
There are total 53565 objects after synchronization has completed successfully.
The steps to get the number of recipient onsite with Forefront Online Protection for Exchange (FOPE) are as below.
Step 1: Logon to Admin Center
Step 2: Click Administration Tab and select All Users from View pane.
There are total 63274 recipient objects with the onsite Forefront Online Protection for Exchange (FOPE).
Now we did find the number of recipient with in house Microsoft Exchange Server environment (53565 in my scenario) is not same as with the onsite Forefront Online Protection for Exchange (FOPE) (63274 in my scenario)
What would be the negative effect while we do reset the recipient with the onsite Forefront Online Protection for Exchange (FOPE)?
- The email sender will get NDR if the Directory based Edge Blocking is not Set “DISABLED”
- Since 25 recipients can be delete at a time it will take long time if have higher number recipients
Step to reset the mail recipient at Forefront Online for Protection (FOPE):
I can say that there is no an automated way of doing this but there is a manual process that you can follow. I will caution that the order of these steps is very important to prevent any impact to your users and that during this time Directory-Based Edge Blocking will be turned off. Please see the steps below:
Step 1: Disable Directory-Based Edge Blocking by changing it from Reject to Disabled for All Domains.
Logon to admin center>Administration>Domains
Click Edit
Step 2: Change the User List source to Administration Center for all domains.
Logon to admin center>Administration>Domains
Click Edit
Step 3: On the Users tab use the Import Users From File option to upload a new user list containing just the administrators and select the “Disable all users in the Company not specified in the file” option.
Step 4: Manually delete all disabled accounts. User accounts can be deleted 25 at a time.
Logon to admin center>Administration > Users > select left pane “Disabled user”
Step 5: Change the User List source back to Directory Synchronization Tool for each domain
Logon to admin center>Administration>Domains
Click Edit
Step 6: Force a sync in the Directory Synchronization Tool
Logon to the server on which directory synchronization tool
Start Directory Synchronization Tool Manually
click sync Now
Step 7: Once you confirm the user list has been successfully synchronized re-enable Directory-Based Edge blocking by change it from Disabled to reject for each domain.
Logon to admin center>Administration>Domains
Click Edit
Vinod Kumar Singh
MCSE 2003 – Messaging, CCNP, MCITP – Exchange 2010, MCITP LYNC 2010
Team@ MSExchangeGuru
Keywords: Perform DIRSync from AD to FOPE, Perform directory synchronization to Microsoft forefront protection for exchange, how to do a full resync to fope
August 3rd, 2012 at 2:06 pm
very helpful Mr. Singh.
August 3rd, 2012 at 2:31 pm
Thanks Josh.