VMware Zimbra Active Directory User Mailbox Sync

Overview

Zimbra Active Directory User Mailbox Sync script uses Zimbra utility to Add or Remove mailboxes according to the AD User List.
You can sync all AD users at once or Create a Security Group And add members in order to assign a mailbox.

VMWare Zimbra Active Directory Sync

Zimbra Active Directory User Sync Script

This is a script that Creates and Deletes Zimbra Mailboxes according to Active Directory Users.
This scripts assumes you have Zimbra AD Authentication Configured – otherwise no password is assigned.
Don’t forget to update the exclude.txt file to contain your built in mailboxes.

#!/bin/bash
# zcs-sync-ad.sh syncs AD users and Zimbra users

LDAPSEARCH=/opt/zimbra/bin/ldapsearch
ZMPROV=/opt/zimbra/bin/zmprov
TMP_DIR=/scripts
HOME_DIR=/scripts
EXCLUDE_FILE=exclude.txt
ADS_TMP=$TMP_DIR/users_ads.lst
ZCS_TMP=$TMP_DIR/users_zcs.lst
DIF_TMP=$TMP_DIR/users_dif.lst

# Server values
DOMAIN_NAME="domain.com"
LDAP_SERVER="ldap://dc01.domain.com"
BASEDN="dc=domain,dc=com"
BINDDN="CN=USERNAME,OU=MYOU,DC=domain,DC=com"
BINDPW="PASSWORD"

# Only add members of AD group "Zimbra" in OU Users
FILTER="(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra,cn=Users,dc=domain,dc=com))"

# Add all AD users
#FILTER="(&(sAMAccountName=*)(objectClass=user)(givenName=*))"
FIELDS="mail"

# Clean up users list
rm -f $ADS_TMP $ZCS_TMP $DIF_TMP

# Add excluded accounts to AD list
cat $HOME_DIR/$EXCLUDE_FILE | grep $DOMAIN_NAME > $ADS_TMP

# Extract users from ADS
echo -n "Quering ADS... "
$LDAPSEARCH -x -H $LDAP_SERVER -b $BASEDN -D "$BINDDN" -w $BINDPW "$FILTER" $FIELDS | grep "@$DOMAIN_NAME" | awk '{print $2}' >> $ADS_TMP
sort -k3 $ADS_TMP -o $ADS_TMP
COUNT="$(cat $ADS_TMP | wc -l)"
if [ $COUNT == "0" ]; then exit; fi
echo "Found $COUNT users ($ADS_TMP)"

# Extract users from ZCS
echo -n "Quering ZCS... "
$ZMPROV -l gaa $DOMAIN_NAME > $ZCS_TMP
sort -k3 $ZCS_TMP -o $ZCS_TMP
COUNT="$(cat $ZCS_TMP | wc -l)"
if [ $COUNT == "0" ]; then exit; fi
echo "Found $COUNT users ($ZCS_TMP)"

# Generate diff
echo "Generating diff file ($DIF_TMP)"
diff -u $ZCS_TMP $ADS_TMP | grep "$DOMAIN_NAME" > $DIF_TMP

# Import new users
echo -n "New users: "
cat $DIF_TMP | grep ^+ | wc -l
for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
do
echo -n " - Adding $i ";
$ZMPROV createAccount $i passwd > /dev/null;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
done

# Delete old users
echo -n "Old users: "
cat $DIF_TMP | grep ^- | wc -l
for i in $(cat $DIF_TMP | grep ^- | sed s/^-//g);
do
read -p "Delete account: $i [y/N]?"
if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
echo -n "Deleting account $i..."
$ZMPROV deleteAccount $i > /dev/null;
RES=$?
if [ "$RES" == "0" ]; then echo "[Ok]"; else echo "[Err]"; fi
fi
done

# Clean up users list
read -p "Keep user lists [y/N]?"
if [ "$REPLY" != "y" ] && [ "$REPLY" != "Y" ]; then
rm -f $ADS_TMP $ZCS_TMP $DIF_TMP;
fi

 

exclude.txt file example:

admin@domain.com
spam.pe6z6tcx0u@domain.com
ham.wx1j2qdo@domain.com
virus-quarantine.yiy1wafv@domain.com
galsync.askkowvs@domain.com

7 thoughts on “VMware Zimbra Active Directory User Mailbox Sync

  1. John

    Hi,

    I had test your script today but i have a problem when i start it, it blocks on “Quering ADS… ” and it does nothing.
    Any ideas ?

    Thanks.

    Reply
    1. admin

      There is probably an issue with one of your Server values or a firewall block:
      DOMAIN_NAME=”domain.com”
      LDAP_SERVER=”ldap://dc01.domain.com”
      BASEDN=”dc=domain,dc=com”
      BINDDN=”CN=USERNAME,OU=MYOU,DC=domain,DC=com”
      BINDPW=”PASSWORD”

      Can you access your domain using LDAP?

      Reply
  2. Aziz Abdul

    Thanks for the code.
    I had to modify it to work with version 8.5.1

    #!/bin/bash
    # zcs-sync-ad.sh syncs AD users and Zimbra users

    LDAPSEARCH=/opt/zimbra/bin/ldapsearch
    ZMPROV=/opt/zimbra/bin/zmprov
    TMP_DIR=/scripts
    HOME_DIR=/scripts
    EXCLUDE_FILE=exclude.txt
    ADS_TMP=$TMP_DIR/users_ads.lst
    ZCS_TMP=$TMP_DIR/users_zcs.lst
    DIF_TMP=$TMP_DIR/users_dif.lst

    # Server values
    DOMAIN_NAME=”domain.com”
    LDAP_SERVER=”doamin.com”
    BASEDN=”dc=domain,dc=com”
    BINDDN=”some.user@domain.com”
    BINDPW=”PASSWORD”

    # Only add members of AD group “Zimbra” in OU Users
    #FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra,cn=Users,dc=domain,dc=com))”
    FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*))”

    # Add all AD users
    #FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*))”
    #FIELDS=”mail”
    FIELDS=”userPrincipalName”

    # Clean up users list
    rm -f $ADS_TMP $ZCS_TMP $DIF_TMP

    # Add excluded accounts to AD list
    cat $HOME_DIR/$EXCLUDE_FILE | grep $DOMAIN_NAME > $ADS_TMP

    # Extract users from ADS
    #echo -n “Quering ADS… ”
    $LDAPSEARCH -h $LDAP_SERVER -b $BASEDN -D “$BINDDN” -w $BINDPW “$FILTER” $FIELDS | grep “@$DOMAIN_NAME” | awk ‘{print $2}’ >> $ADS_TMP
    sort -k3 $ADS_TMP -o $ADS_TMP
    COUNT=”$(cat $ADS_TMP | wc -l)”
    if [ $COUNT == “0” ]; then exit; fi
    echo “Found $COUNT users ($ADS_TMP)”

    # Extract users from ZCS
    #echo -n “Quering ZCS… ”
    $ZMPROV -l gaa $DOMAIN_NAME > $ZCS_TMP
    sort -k3 $ZCS_TMP -o $ZCS_TMP
    COUNT=”$(cat $ZCS_TMP | wc -l)”
    if [ $COUNT == “0” ]; then exit; fi
    echo “Found $COUNT users ($ZCS_TMP)”

    # Generate diff
    echo “Generating diff file ($DIF_TMP)”
    diff -u $ZCS_TMP $ADS_TMP | grep “$DOMAIN_NAME” > $DIF_TMP

    # Import new users
    echo -n “New users: ”
    cat $DIF_TMP | grep ^+ | wc -l
    for i in $(cat $DIF_TMP | grep ^+ | sed s/^+//g);
    do
    echo -n ” – Adding $i “;
    $ZMPROV -l ca $i ” > /dev/null;
    RES=$?
    if [ “$RES” == “0” ]; then echo “[OK]”; else echo “[Err]”; fi
    done

    Reply
  3. Júlio

    Hi Aziz,

    I have this error on run.

    ./zcs-syn-ad.sh: line 21: syntax error near unexpected token `(‘
    ./zcs-syn-ad.sh: line 21: `FILTER=”(&(sAMAccountName=*)(objectClass=user)(givenName=*)(memberOf=cn=Zimbra_Intranet,cn=Users,dc=hmsc,dc=com,dc=br))”’

    You can help me?

    Reply
  4. shiva

    HI
    I got tthe below error while executing the script:
    Quering ADS… ldap_bind: Invalid credentials (49)
    additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

    Reply
  5. tom

    Quering ADS… ldap_bind: Invalid credentials (49)
    additional info: 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580

    Reply

Leave a Reply

Your email address will not be published.

*