To synchronise the members of the security policy group, you must first create the group (for example my filtering group) at the administration console level. Then it is necessary to create an attribute at the level of your directory such as "esecuremailfilterprofil" (so you can map the filtering group).
How to create the attribute (Active directory)
Go to your server configuration and pull down the "Active Directory Schema..." tree and right click on "Attributes" and then "Create Attribute...".
A 'window'
will appear telling you that any creation of an object in the schema is
permanent, click on 'Continue'.
Fill in the following information:
- Common Name : Esecuremail-Filter-profil
- LDAP Display Name: Corresponds to the LDAP name of the attribute
- Unique X500 Object ID: Corresponds to a unique ID of the attribute in your Active Directory schema (Refer to the following script to generate this ID)
- Description : Esecuremail Filtering Profile
- Syntax: Breakage taken into account
- Minimum: Minimum range
- Maximum:
Maximum range
You need to run a .vbs script to generate a unique ID, this is a VBS script to run as an administrator from a domain controller
Once the script has run, enter your X.500 object id
Now we need to associate it with a class and in my case, I want the attribute to be linked to all my "User" objects.
Right click on the "User" class and then on "Properties".
Go to the "Attributes" tab and click on "add".
Look for the "esecuremailFilterProfil" attribute you just created and click "OK".
The attribute now appears in the list of attributes of the user class.