Product Review: NETsec’s GALsync

Product: GALsync (version 4.3.1)

Product Homepage: http://www.netsec.de/en/products/galsync/

Product Download: Click here

Introduction

GALsync is developed by NETsec which is based in Dueren, Germany and develops tools for both Exchange and Active Directory. GALsync’s primary purpose is to synchronize address lists and objects between Active Directory environments thus making it easier for two different company’s staff to communicate with each other. The tool accomplishes this by providing each organization with a Global Address List that includes each company’s staff’s email address and associated information.

In addition to assisting with GAL synchronization, which is one aspect of GALsync, it can also help synchronize free/busy information between organizations. In speaking with NETsec’s distributor in the United States they explain this ability to provide both GAL and free/busy is so essential in our modern economy where mergers are a constant occurrence with little thought put into how already low staffed IT teams are going to make it work smoothly. Having a tool like GALsync in your toolbag can help avoid a merger/migration nightmare.

Specific Usage Cases

Understanding the primary usability scenarios here is a key to my evaluation of the software because rather than provide a tool that does a scattered number of things to a modest degree, the folks of NETsec have provided a tool that has laser focus on its objective with every possible feature provided.

Usability scenarios include the following:

  • Multi-Forest Company Deployment: A company may have two Active Directories for any number of reasons and they have Exchange deployed in one. Exchange cannot span AD forests so you deploy Exchange within that one AD and the Global Address List (GAL) pulls all its contacts and data from that one environment. Using GALsync you can export the data of user objects within the other AD and have that information imported (manually or automatically on a schedule) into your Exchange environment.
    Note:
    GALsync only exports objects that have an email address. That’s reasonable because the whole point is for people to be able to contact through email the person whose object is being exported and synchronized with the other AD. The target environment has these objects imported as contacts. This doesn’t create a security issue because the users don’t have access to resources. It’s focused on providing addresses, not providing those users access to resources.
  • Company Mergers or Partnerships: One company with an existing AD and Exchange organization may purchase another company that also has its own AD and Exchange organization. Perhaps the goal is to merge these two together one day, or perhaps these two companies have completely separate business models and focus and so you wish to allow them to remain separate. In either case, with GALsync you have the ability to share user and group information from one AD and Exchange organization over to the other. And you don’t have to share all information, you may want specific information about all users, or you may want to narrow it down to just those users you need to sync. GALsync is extremely flexible to suit your needs.
    Note:
    Although the typical focus is unidirectional from a source forest to a target forest, it’s just as easy to set up a bi or multi directional sync.
  • Migrations: Imagine you have an Exchange 2003 organization that you wish to upgrade to Exchange 2010. You can install Exchange 2010 into the 2003 environment and move mailboxes and so forth. However, at times administrators use these times as opportunities to start afresh. Your company might be setting up a whole new AD using the latest flavor of server with Exchange 2010. As you migrate users from the legacy system to the new one you will want to ensure persons can contact each other through their GAL and here again is where GALsync can facilitate this.

Installation

I spent a while reading through the 100+ page manual that really broke everything down quite easily and eventually just decided to jump in and do the install. The process went exactly as advertised. There is a good deal of flexibility on where you can install GALsync (either client system or server). Windows Server 2003/R2 and 2008/R2 are all supported as are Windows Vista and 7. Some additional prerequisite concerns include having the .NET Framework 2.0 or higher, Mapi32 and/or Outlook.

To set this up according to appropriate policies within your organization you’ll need to create a service account in most cases and provide required permissions for that account. All of this is described in the documentation and isn’t all that complicated to do.

The installation itself is quite simple. A few screens in a wizard that you use to agree to the license, determine the installation folder (shown in Figure 1) and you’re done. If you do need MAPI installed it will ask you during the process. The install process is the first part to getting things up and running but it is the GALsync Service Wizard that gets your service set up (as shown in Figure 2). The GALsync Service is what you configure to run and this service will execute policies that you configure for exporting and/or importing.


Figure 1: The GALsync Installation Wizard


Figure 2: The GALsync Service Wizard

Configuring Export and Import Policies

The GUI interface for configuring and executing policies has a basic console tree, a content pane and an actions pane (shown in Figure 3). Easy to work with tabs help you adjust settings and policy preferences easily. Policy wizards walk you through the steps of what you need to create a usable policy that you can either run manually or have set on a schedule.


Figure 3: The GALsync GUI Interface

Once you have your options configured for the policy and run it (or have it run automatically) the directory information will be stored in an .xml file. During that process you can choose to encrypt the directory information (using either symmetric or asymmetric keys), as well as compress it. You can choose to share that file in one of four ways. Either manually, by taking the file over to the other system, or through email, via a network share or through FTP (as shown in Figure 4). Note: Each of these options requires configuration on your part to make it work.


Figure 4: Choosing Your Data Transfer Mode

You may wonder why the need for encryption options but this ties into some of the real strengths to GALsync with regard to administrators who are now put in positions where they may be working with a new team of admins from the acquisition and merger. Administrators tend to be territorial and control oriented, so the idea of giving away too much control or creating accounts that give excessive control to newcomers just never sits well. GALsync requires no trust relationships be created and doesn’t require a change to administrator permissions in your AD forest. Using encryption is yet another level of control over this data and how it can be accessed, so all of these features play into the concerns of administrators when performing these types of cross forest synchronizations which almost always leaves a security “door” unlocked somewhere. That isn’t the case with GALsync.

Depending on how much control you want over the process there are a ton of options. But one of the features that jumps out at you while you work with GALsync includes your ability to select specific AD objects you wish to export. You can use the Search tools to find what you are looking for through AD or you can scan through the hierarchy and pick OUs that you wish to export (shown in Figure 5). You can even select the properties (i.e. attributes) that you wish to have exported.


Figure 5: Selecting OUs to Export

Pricing and Support

The product’s price is based on the total number of objects you would like to sync and the number of Active Directory forests that you will need the tool installed in. Pricing is affordable and ranges from $5 -$2 an object). The website pricing says “licensing according to the number of objects (Mail enabled User, Contacts, Groups and Dynamic Distribution Groups) to be synchronized and the number of forests.”

As for support, I often hope to not require support for a straight forward product like this. The documentation should get me where I need to go. I felt the documentation was quite thorough, perhaps a bit too thorough. The 110 page manual is a bit much to swallow. The documentation was thorough but overwhelming. I might recommend they take a modern deployment approach to this and switch to an online deployment assistant (like Exchange has) so that you can select your options for use and the deployment guide comes together on the fly based on your selections.

The documentation was quite clear through the whole process, however, and made it so that I didn’t really need to contact support for the installation and configuration process. I could see a need for support if my configuration were a bit more complicated, requiring very specific settings and dealing with multiple forests and such. In those cases I appreciated that as a US purchaser I wouldn’t have to attempt to contact support during European working hours but could reach out to a “local” vendor.

Although not requiring support, I did reach out to contact the GALsync distributor for the United States to learn more about the deployments they are seeing first hand with GALsync and to gain a solid understanding of how functional the product is in the real-world. One of their clients provided comments online regarding the use of GALsync that I believe are worth quoting here:

“We currently use it in three different domains across three different AD forests. Easy to configure and easier to manage. This product has not given us any problems since we installed it over a year ago. The sales/technical support teams are very responsive and a pleasure to work with. Our company recently doubled in size due to an acquisition and we purchased GALsync to replicate the GAL between the new and old companies.” Heema Balram, Orlando Florida

The person went on to recommend GALsync as a result of the successful use of it in their case.

Final Thoughts

GALsync is one of those products that does exactly what it advertises. In fact, with the ability to handle free/busy information, combined with so many necessary features (everything from method of export/import to encryption options to specific attribute export selection) it goes above and beyond what I expected based on first glance.

If there is one thing I looked for and couldn’t quite figure out it was if there was any way to utilize GALsync’s free busy feature with Office 365, however the product does support GALsync. There is a Microsoft Online Services Directory Synchronization tool but I couldn’t help but think this would be a nice add-on feature in next-gen versions due to the higher volume of hybrid deployments of Exchange and Office 365 we’re seeing.

Aside from that I thought the tool was perfect. Easy to install and configure, the GUI was polished and easy to work with (a set it and forget it approach), cost-effective and feature-rich.

MSExchange.org Rating 4.7/5


Learn more about GALsync or download it here.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top