Overview

Zimbra Active Directory User Mailbox Sync script uses Zimbra utility to Add or Remove mailboxes according to the AD User List.
You can sync all AD users at once or Create a Security Group And add members in order to assign a mailbox.

Zimbra Active Directory User Sync Script

This is a script that Creates and Deletes Zimbra Mailboxes according to Active Directory Users.
This scripts assumes you have Zimbra AD Authentication Configured – otherwise no password is assigned.
Don’t forget to update the exclude.txt file to contain your built in mailboxes.

#!/bin/bash # zcs-sync-ad.sh syncs AD users and Zimbra users


LDAPSEARCH=/opt/zimbra/bin/ldapsearch

ZMPROV=/opt/zimbra/bin/zmprov

TMP_DIR=/scripts

HOME_DIR=/scripts

EXCLUDE_FILE=exclude.txt

ADS_TMP=$TMP_DIR/users_ads.lst

ZCS_TMP=$TMP_DIR/users_zcs.lst

DIF_TMP=$TMP_DIR/users_dif.lst
# Server values

DOMAIN_NAME="domain.com"

LDAP_SERVER="ldap://dc01.domain.com"

BASEDN="dc=domain,dc=com"

BINDDN="CN=USERNAME,OU=MYOU,DC=domain,DC=com"

BINDPW="PASSWORD"
# Only add members of AD group "Zimbra" in OU Users

FILTER="(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra,cn=Users,dc=domain,dc=com))"
# Add all AD users

#FILTER="(&(sAMAccountName=*)(objectClass=user)(givenName=*))"

FIELDS="mail"
# Clean up users list

rm -f $ADS_TMP $ZCS_TMP $DIF_TMP
# Add excluded accounts to AD list

cat $HOME_DIR/$EXCLUDE_FILE | grep $DOMAIN_NAME > $ADS_TMP
# Extract users from ADS

echo -n "Quering ADS... "

$LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | grep "@$DOMAIN_NAME" | awk '{print $2}' >> $ADS_TMP

sort -k3 $ADS_TMP -o $ADS_TMP

COUNT="$(cat $ADS_TMP | wc -l)"

if [ $COUNT == "0" ]; then exit; fi

echo "Found $COUNT users ($ADS_TMP)"
# Extract users from ZCS

echo -n "Quering ZCS... "

$ZMPROV -l gaa $DOMAIN_NAME > $ZCS_TMP

sort -k3 $ZCS_TMP -o $ZCS_TMP

COUNT="$(cat $ZCS_TMP | wc -l)"

if [ $COUNT == "0" ]; then exit; fi

echo "Found $COUNT users ($ZCS_TMP)"
# Generate diff

echo "Generating diff file ($DIF_TMP)"

diff -u $ZCS_TMP $ADS_TMP | grep "$DOMAIN_NAME" > $DIF_TMP
# Import new users

echo -n "New users: "

cat $DIF_TMP | grep ^+ | wc -l

for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);

do

echo -n " - Adding $i ";

$ZMPROV createAccount $i passwd > /dev/null;

RES=$?

if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi

done
# Delete old users

echo -n "Old users: "

cat $DIF_TMP | grep ^- | wc -l

for i in $(cat $DIF_TMP | grep ^- | sed s/^-//g);

do

read -p "Delete account: $i [y/N]?"

if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then

echo -n "Deleting account $i..."

$ZMPROV deleteAccount $i > /dev/null;

RES=$?

if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi

fi

done

# Clean up users list read -p "Keep user lists [y/N]?" if [ "$REPLY" != "y" ] && [ "$REPLY" != "Y" ]; then rm -f $ADS_TMP $ZCS_TMP $DIF_TMP; fi

exclude.txt file example:

admin@domain.com spam.pe6z6tcx0u@domain.com ham.wx1j2qdo@domain.com virus-quarantine.yiy1wafv@domain.com galsync.askkowvs@domain.com

+32

Adam Mallul

DevOps/IT Specialist, Musician.
IT Manager – Faculty of Exact Sciences, Bar-Ilan University
Personal Website

7 thoughts on “VMware Zimbra Active Directory User Mailbox Sync”

John August 22, 2013 at 18:16

Hi,

I had test your script today but i have a problem when i start it, it blocks on “Quering ADS… ” and it does nothing.
Any ideas ?

Thanks.

Reply ↓

admin August 23, 2013 at 19:54

There is probably an issue with one of your Server values or a firewall block:
DOMAIN_NAME=”domain.com”
LDAP_SERVER=”ldap://dc01.domain.com”
BASEDN=”dc=domain,dc=com”
BINDDN=”CN=USERNAME,OU=MYOU,DC=domain,DC=com”
BINDPW=”PASSWORD”

Can you access your domain using LDAP?

Reply ↓

butt October 18, 2013 at 15:12

Very soon this web site will be famous among all blog people,
due to it’s fastidious articles

Reply ↓

Aziz Abdul December 18, 2014 at 14:25

Thanks for the code.
I had to modify it to work with version 8.5.1

#!/bin/bash
# zcs-sync-ad.sh syncs AD users and Zimbra users

LDAPSEARCH=/opt/zimbra/bin/ldapsearch
ZMPROV=/opt/zimbra/bin/zmprov
TMP_DIR=/scripts
HOME_DIR=/scripts
EXCLUDE_FILE=exclude.txt
ADS_TMP=$TMP_DIR/users_ads.lst
ZCS_TMP=$TMP_DIR/users_zcs.lst
DIF_TMP=$TMP_DIR/users_dif.lst

# Server values
DOMAIN_NAME=”domain.com”
LDAP_SERVER=”doamin.com”
BASEDN=”dc=domain,dc=com”
BINDDN=”some.user@domain.com”
BINDPW=”PASSWORD”

# Only add members of AD group “Zimbra” in OU Users
#FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra,cn=Users,dc=domain,dc=com))”
FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*))”

# Add all AD users
#FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*))”
#FIELDS=”mail”
FIELDS=”userPrincipalName”

# Clean up users list
rm -f $ADS_TMP $ZCS_TMP $DIF_TMP

# Add excluded accounts to AD list
cat $HOME_DIR/$EXCLUDE_FILE | grep $DOMAIN_NAME > $ADS_TMP

# Extract users from ADS
#echo -n “Quering ADS… ”
$LDAPSEARCH -h $LDAP_SERVER -b $BASEDN -D “$BINDDN” -w $BINDPW “$FILTER” $FIELDS | grep “@$DOMAIN_NAME” | awk ‘{print $2}’ >> $ADS_TMP
sort -k3 $ADS_TMP -o $ADS_TMP
COUNT=”$(cat $ADS_TMP | wc -l)”
if [ $COUNT == “0” ]; then exit; fi
echo “Found $COUNT users ($ADS_TMP)”

# Extract users from ZCS
#echo -n “Quering ZCS… ”
$ZMPROV -l gaa $DOMAIN_NAME > $ZCS_TMP
sort -k3 $ZCS_TMP -o $ZCS_TMP
COUNT=”$(cat $ZCS_TMP | wc -l)”
if [ $COUNT == “0” ]; then exit; fi
echo “Found $COUNT users ($ZCS_TMP)”

# Generate diff
echo “Generating diff file ($DIF_TMP)”
diff -u $ZCS_TMP $ADS_TMP | grep “$DOMAIN_NAME” > $DIF_TMP

# Import new users
echo -n “New users: ”
cat $DIF_TMP | grep ^+ | wc -l
for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
do
echo -n ” – Adding $i “;
$ZMPROV -l ca $i ” > /dev/null;
RES=$?
if [ “$RES” == “0” ]; then echo “[OK]”; else echo “[Err]”; fi
done

Reply ↓

Júlio February 20, 2015 at 14:00

Hi Aziz,

I have this error on run.

./zcs-syn-ad.sh: line 21: syntax error near unexpected token `(‘
./zcs-syn-ad.sh: line 21: `FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra_Intranet,cn=Users,dc=hmsc,dc=com,dc=br))”’

You can help me?

Reply ↓

shiva March 9, 2015 at 14:30

HI
I got tthe below error while executing the script:
Quering ADS… ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

Reply ↓

tom July 4, 2015 at 13:44

Quering ADS… ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580

Reply ↓

Leave a Reply Cancel reply

John August 22, 2013 at 18:16

Hi,

I had test your script today but i have a problem when i start it, it blocks on “Quering ADS… ” and it does nothing.
Any ideas ?

Thanks.

Reply ↓
1. admin August 23, 2013 at 19:54
  
  There is probably an issue with one of your Server values or a firewall block:
  DOMAIN_NAME=”domain.com”
  LDAP_SERVER=”ldap://dc01.domain.com”
  BASEDN=”dc=domain,dc=com”
  BINDDN=”CN=USERNAME,OU=MYOU,DC=domain,DC=com”
  BINDPW=”PASSWORD”
  
  Can you access your domain using LDAP?
  
  Reply ↓
butt October 18, 2013 at 15:12

Very soon this web site will be famous among all blog people,
due to it’s fastidious articles

Reply ↓
Aziz Abdul December 18, 2014 at 14:25

Thanks for the code.
I had to modify it to work with version 8.5.1

#!/bin/bash
# zcs-sync-ad.sh syncs AD users and Zimbra users

LDAPSEARCH=/opt/zimbra/bin/ldapsearch
ZMPROV=/opt/zimbra/bin/zmprov
TMP_DIR=/scripts
HOME_DIR=/scripts
EXCLUDE_FILE=exclude.txt
ADS_TMP=$TMP_DIR/users_ads.lst
ZCS_TMP=$TMP_DIR/users_zcs.lst
DIF_TMP=$TMP_DIR/users_dif.lst

# Server values
DOMAIN_NAME=”domain.com”
LDAP_SERVER=”doamin.com”
BASEDN=”dc=domain,dc=com”
BINDDN=”some.user@domain.com”
BINDPW=”PASSWORD”

# Only add members of AD group “Zimbra” in OU Users
#FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra,cn=Users,dc=domain,dc=com))”
FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*))”

# Add all AD users
#FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*))”
#FIELDS=”mail”
FIELDS=”userPrincipalName”

# Clean up users list
rm -f $ADS_TMP $ZCS_TMP $DIF_TMP

# Add excluded accounts to AD list
cat $HOME_DIR/$EXCLUDE_FILE | grep $DOMAIN_NAME > $ADS_TMP

# Extract users from ADS
#echo -n “Quering ADS… ”
$LDAPSEARCH -h $LDAP_SERVER -b $BASEDN -D “$BINDDN” -w $BINDPW “$FILTER” $FIELDS | grep “@$DOMAIN_NAME” | awk ‘{print $2}’ >> $ADS_TMP
sort -k3 $ADS_TMP -o $ADS_TMP
COUNT=”$(cat $ADS_TMP | wc -l)”
if [ $COUNT == “0” ]; then exit; fi
echo “Found $COUNT users ($ADS_TMP)”

# Extract users from ZCS
#echo -n “Quering ZCS… ”
$ZMPROV -l gaa $DOMAIN_NAME > $ZCS_TMP
sort -k3 $ZCS_TMP -o $ZCS_TMP
COUNT=”$(cat $ZCS_TMP | wc -l)”
if [ $COUNT == “0” ]; then exit; fi
echo “Found $COUNT users ($ZCS_TMP)”

# Generate diff
echo “Generating diff file ($DIF_TMP)”
diff -u $ZCS_TMP $ADS_TMP | grep “$DOMAIN_NAME” > $DIF_TMP

# Import new users
echo -n “New users: ”
cat $DIF_TMP | grep ^+ | wc -l
for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
do
echo -n ” – Adding $i “;
$ZMPROV -l ca $i ” > /dev/null;
RES=$?
if [ “$RES” == “0” ]; then echo “[OK]”; else echo “[Err]”; fi
done

Reply ↓
Júlio February 20, 2015 at 14:00

Hi Aziz,

I have this error on run.

./zcs-syn-ad.sh: line 21: syntax error near unexpected token `(‘
./zcs-syn-ad.sh: line 21: `FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra_Intranet,cn=Users,dc=hmsc,dc=com,dc=br))”’

You can help me?

Reply ↓
shiva March 9, 2015 at 14:30

HI
I got tthe below error while executing the script:
Quering ADS… ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

Reply ↓
tom July 4, 2015 at 13:44

Quering ADS… ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580

Reply ↓