Review: Exchange and Active Directory sync tool NETsec GalSync V74

Product Homepage: click here

Free Trial: click here

NETsec GALsync is a useful tool for organizations that need to synchronize their global address lists across multiple Exchange forests and Office 365 tenants. As well as a providing contact list synchronization, it benefits from advanced capabilities that help manage long-term co-existence and fits in with plans for cross-forest migration. NETsec has a good reputation, and we’ve been impressed with their products in the past.

Providing an organization-wide global address book and supporting deep integration

If you are dealing with the challenge of combining multiple organizations, then a common address book will be a key starting point. In the world of the cloud, it’s extremely common to see organizations who are merging and are already adopters of Office 365 — or even a mix of both.

The single global address book might be the day-one challenge, but this needs to be performed in a sustainable way that will support potential migration and integration challenges too. Therefore, it’s important to have a flexible tool that supports not only a common address book but also can be set up in a supportable way that will support cross-forest access and, where required, migration.

Why you might use GALsync

A merger might be the core reason why organizations look at tools such as GALsync, but there are also other key reasons for using a tool like this:

  • Providing a global address book for organizations that function as separate business units so they have greater collaboration capabilities.
  • Supporting a multiforest migration to Office 365, so that on-premises has an up-to-date version of the truth across all environments.
  • Providing a single address list across multiple Office 365 tenants — for example, if you have most users in the worldwide service but a smaller proportion in a government or sovereign cloud.
  • Ensuring that mail routes correctly between multiple Exchange organizations sharing a single email domain name.
  • Working with a partner organization to allow automated provisioning and deprovisioning of contacts or user accounts.
  • Supporting a cross-forest Exchange migration, both for mailbox moves and cross-forest delegation.

What’s new in GALsync since version 7

We reviewed GALsync version 7 back in 2016 — and although the same great features remain, there are some key new features including:

  • Many additional properties and user types (such as mail users) are exported from Exchange Online and Office 365.
  • Better reliability for Exchange Online PowerShell connections.
  • Support for Office 365 and sovereign environments including Germany.
  • Extensions to the property-rule editor, allowing greater flexibility when modifying properties mapped between environments.
  • Support for common scenarios, like adding additional secondary email addresses during Exchange Online synchronization jobs.

This adds to a core set of features including:

  • Synchronization between Exchange 2010, 2013, 2016, and 2019 environments.
  • Synchronization between Exchange Online and Office 365 environments.
  • Multiple methods for data transfer, including file share, email, and FTP.
  • Synchronization to Active Directory target OUs as contacts or mail users.
  • Synchronization to user’s contacts in Mailboxes using the ContactSync functionality.
  • Built-in rules to support common scenarios enabling mail routing, Hybrid environments, and cross-forest delegation scenarios.

Setup and installation

We’ll breeze through the setup and installation of the product as it’s well documented within NETsec’s product manual. In summary, GALsync is installed in each environment we need to export or import to — or on a standalone server that exports or imports to or from Office 365.

The installation wizard is straightforward and provides guidance as we progress. Each GALsync instance uses a service account with appropriate rights against the environment:

GALsync setup and service configuration

Upon installation, the service is managed by either a GUI interface or via command line parameters. Upon launching the GUI, each instance is licensed with a single overall license supporting the total number of objects, forests, and modules:

GALsync licensing

Configuring profiles for sync

In our example scenario, we’ll create policies to synchronize two environments. For each environment we’ll need to create two profiles:

  • An export policy
  • An import policy

The export policies retrieve information from the environment (Exchange or Office 365) and save these to a location for data transfer to the target environment.

Import policies read the exported information and load it into the environment, usually as contact objects.

The core logic within the GALsync product is responsible for ensuring the data is consistent on each update.

We’ll begin by creating a new export policy:

Creating an export policy

When we create a new policy, we’ve got a variety of options, including exporting or importing information and a choice of the environment to export from or target:

Policy options for synchronization mode

Next, we’ll choose the type of data transfer mode. This option provides the flexibility many organizations need when working with partners or at the early stages of a merger or acquisition — therefore we have manual options for the most basic scenarios and also email-based transfer, file share-based transfer, and via FTP. In our example below, we will use a file share:

Choosing a data transfer mode

During the export process, we have control over how the scope of the recipient objects will be collected from the source. In the below example, we’ll choose the People and Groups OUs from the source Active Directory:

Choosing an export OU

Next, we can choose to filter based on additional attributes, including the types of objects that will be collected. This may be useful if you do not want to export objects like Room Mailboxes, for example:

Filtering recipients to export

To complete our policy, we’ll also be able to select notification email addresses and set a schedule — such as daily, weekly or particular hours through the day — such as every three hours, at 5 past the hour, Monday to Friday.

After creating the export policy, we can execute it manually to ensure it works — and if needed examine the log files for errors.

Manually running a policy

The second part of creating an export policy is an import policy that matches in each other target environment. After installing GALsync on an appropriate server in the target environment, we’ll use the same UI to create a new Import Policy:

New import policy

If our target is another Exchange on-premises organization, then we’ll choose an OU to import objects to. This will be set up in accordance with the GALsync documentation — but put simply, an OU that the service account has been delegated rights over and contains no other objects. In the example below, we’ve called this Import OU:

Selecting an OU to import contacts to

For Exchange Online (Office 365), we’ll instead specify the credentials for the account that will manage the contacts, and connect over Exchange Online PowerShell to our Office 365. This can be a single account or multiple accounts for increasing the number of connections that can be utilized. We won’t select an OU though, because the same concept doesn’t exist in Exchange Online:

Selecting credentials for Exchange Online

We’ll naturally repeat this procedure against all environments we’ll be exporting or importing to. The general approach with three or more forests will be to use a hub and spoke architecture — where a central forest maintains the single source of the truth.

Overall, the configuration process is fairly straightforward once the core concepts are understood. One area that could be improved, however, is for the ability to use a single server to connect to multiple forests in environments with well-connected networks.

Useful additional options

The power of using NETsec GALsync over many of its rivals is the additional options available, many of which are aimed at complementing (or providing hard-to-find support for) native scenarios that are supported by Exchange.

Although vendors such as Quest provide their own cross-forest Exchange migration products, these typically use their own migration engines and replace excellent built-in capabilities for cross-forest delegation and migration.

Exchange’s native features allow for a near-seamless cross-forest experience between Exchange organizations on-premises with functionality like read/write calendar access available and native mailbox moves.

This functionality, however, is hard to make use of — because it has limited support from Microsoft in Microsoft Identity Manager (the UI still even references Exchange 2007) however it is supported (and documented as such) in GALsync — and is much easier to make use of.

Useful options for adding additional key attributes when importing objects

For both Exchange on-premises and Exchange Online, we have additional simple options for making changes to recipients during an import. Useful options include modifying the primary SMTP address, brining across X500 addresses and legacyExchangeDNs (extremely useful if you’ll be migrating mailboxes) and to support scenarios like Hybrid Mesh, retaining the targetAddress value of users and contacts:

Additional email address options

Another common scenario when a company is acquired is a need to give the users in the acquired company an email address in the parent company’s domain. GALsync provides a user interface that enables this in a similar way to building an email address policy. This will, with very little effort, solve a key need of “day-one” scenarios with company mergers:

Providing customized additional email addresses

A key requirement in many M&A scenarios is to create accounts in the target forest. Naturally, this will almost always be complemented by the use of tools like the Active Directory Migration Tool. However, on its own, the ADMT tool doesn’t cover Exchange requirements and often scripts like PrepareMoveRequest must be executed. In combination with options within GALsync, the accounts can be seeded (in Exchange on-premises and Exchange Online) from the GALsync GUI.

This avoids another common M&A issue — creating contacts up-front that often need to be replaced by user objects. If you know this scenario is likely, you can avoid some work further down the line with this option within GALsync:

Creating objects as user objects

Overall, the level of functionality within GALsync is extremely high. What the product provides is a high level of flexibility combined with a straightforward to use interface, which exposes complex scenarios where they are required. Many other products require either custom consultancy or going under the hood to make changes to transform files.

Pricing and support

NETsec GALsync is priced by the number of objects you want to sync and the number of forests (either on-premises or Office 365 tenants). Pricing is average for the type of product and doesn’t require a large number of add-on migration tools to function in complex scenarios or require professional services to implement. Because it can be implemented quickly it will provide a quick return on investment.

We’ve used the NETsec product support in previous reviews and they have been responsive when needed. This time around, the documentation has been excellent and a consultant or IT pro who knows Exchange, Active Directory, and Office 365 well will not struggle to implement the product.

The verdict

Since our last review, real-world experience using other products has only cemented our view that GALsync offers functionality that is hard to find elsewhere and certainly not as easily usable. This release contains more new functionality to help make it suitable in more scenarios while building upon a solid base. This product should most certainly be on your shortlist.

Rating 5/5

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top