Those scripts can be very powerful in synchronising a Global Address List (GAL) from one Exchange organisation or Active Directory to another.
There are several versions of this kind of sync script available. Depending on the scenario you have to do a sync of contacts and mail accounts.

Below you can see details on the already available script. I have several other versions, that are not finalized but mostly working so if there is something missing please feel free to >> contact me...

  • The helper script >> Store-Credential can be used to store the remote password in an encrypted file, that can only be used by the account that created the file. So you do not have to save the destination password in plain text...
  • The helper script "Create RBAC Role" is in work to create Exchange RBAC roles with only the defined set of permission needed to correctly execute the script... This one is an a very early phase of development...

An additional version of the script is especially designed for situations where no direct contact between the partner organizations exists. This one creates transport files that can be exported and imported. (This one is not yet ready)

The Office365 Version of the script creates O365 contact objects from Active Directory users with a populated mail field. This one can also be used if there was no Exchange installation before in the Active Directory forest to create and update contacts in O365. It is in development at the moment but working well so you can use it for testing purposes. >> Feedback is welcome! It is also only one way sync from on premises to the cloud. (Please use AADSync for this if you do not want to loose MS support...)

The scripts use the users GUID field in source and target as a unique identifier so even name changes are possible. Not the Object GUID itself is written to the partner organization. Only a SHA1 hash of the GUID will be stored in the partners environment.

Features overview:

  • Synchronize source users to destination mail enabled contacts
  • The following user fields get synchronized by default:
    • Display Name,
    • Name,
    • Lastname
    • Firstname
    • Department
    • Title
    • Company
    • Office
    • Phone
    • Fax
    • MobilePhone
    • City
    • PostalCode
    • StreetAddress
    • StateOrProvince
    • CountryOrRegion
    • PrimarySMTPAddress
    • Legacy ExchangeDN (as X500 Address) (not in the O365 version at the moment)
    • Alias (with prefix is required)
  • Unique identifier (GUID) as hashed value in CustomAttribute15
  • Script unique GUID is stored to each created contact (CustomAttribute14) so multiple instances can be used. Each instance the can only update and delete the contacts created by this specific instance
  • No Exchange management tool installation is required
  • Helper scripts for:
    • Creating RBAC roles required for least privilege implementation (in progress...)
    • Storing password as secure string (>> open)
  • Offline synchronization (planned)
  • Office 365 contact sync

Detail Pages

  • >> Exchange <-> Exchange Contact sync
    This script is executed in one exchange organisation and syncronises mail enabled users in two ways. A direct connection and AD trust between the environments is required.
  • >> ADDS (<)->ADDS sync
    This version can be used to synchronise objects by using AD Power Shell commandlets insted of Exchange commandlets. So no Exchange server is required.