Overview
This article describes the settings to include a subset of users in the GFI Archiver Folder Structure Retrieval feature.
Certain GFI Archiver deployments (such as in large organizations or where there are multiple Microsoft Exchange servers installed) require only several users to be included in the folder synchronization. This can be achieved by changing an LDAP query in EWSPollingSettings.xml or ExPollingSettings.xml.
Information
- EWSPollingSettings.xml is used when folder synchronization is configured to use EWS (Exchange Web Services).
-
ExPollingSettings.xml is used when using MAPI (Messaging Application Programming Interface).
LDAP Query
Use the following query to limit the number of users from folder synchronization:
<listADUserMailboxes>(&(objectClass=User)(mail=*)(mailnickname=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))</listADUserMailboxes>
The query encoded in the tags <listADUserMailboxes>
is used to fetch the mailboxes. The default query shown below lists all users who have a mailbox and are not disabled:
(&(objectClass=User)(mail=*)(mailnickname=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
NOTE: For these changes to take effect, the GFI Archiver Core service must be re-started.
Example:
There are different ways to exclude users from Folder Structure Retrieval. The memberOf parameter shown below serves as an example only. This functionality depends on how AD is set up and how users required to be filtered are distributed.
The following example matches all users in the group US Office. Please note that the group US Office is a fictitious name. The query matches the memberOf property of users to match the full distinguished name of the group:
(&(objectClass=user)(mail=*)(memberOf=CN=US Office,OU=Security Groups,OU=US,OU=Office Locations,DC=company,DC=com)(mailnickname=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Encode the query in the xml file by replacing & with &
to obtain the following results:
<listADUserMailboxes>(&(objectClass=user)(mail=*)(memberOf=CN=US Office,OU=Security Groups,OU=US,OU=Office Locations,DC=company,DC=com)(mailnickname=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))</listADUserMailboxes>
NOTE: The EWSPollingSettings.xml or ExPollingSettings.xml is overwritten when a new version is installed, so changes would have to be carried out again.
An alternative to the above procedure is to use the Folder Structure Structure Retrieval > Excluded Folder Policies from the GFI Archiver web UI. More information can be obtained from Excluding a user from the GFI Archiver Mailbox Folder Structure Retrieval.