0 comments

ISA 2006/TMG 2010 Link Translation: Replace Something With Nothing

Published on Monday, September 19, 2011 in ,

Recently I assisted a colleague in a case where they had to publish some web service using ISA 2006. Now the problem was in fact that their was a lot of legacy code/folder structure and for the publishing to work we had the following mapping configured:

Jep, that does include dots in the 2nd level folder… Basically if you retrieved an URL like http://www.publicurl.com/homepage.html it would contact the internal webserver at http://srvweb01.custdom.local/www.customer.com/homepage.html The problem we were seeing is that some of the returned HTML page still contained paths like <script=”/www.customer.com/scriptresource.axd?aze232LKJ22LJ”. So that problem is the explanation of this post. We wanted to replace /www.customer.com with nothing. ISA was configured to add that path to internal requests anyway…

The translation table on which ISA/TMG base their logic is built from the mappings specified by the publishing rule. But one can add as many custom translations as desired.

clip_image001

Now if you take the link translation tab, you can click the Mappings button. You’ll see all the mappings ISA is currently maintaining. They were all preceded by http://srvweb01.customer.local We wanted to add a mapping which replaced /www.customer.com with “” [nothing]. We really just wanted to get rid of it… However in the to field you are obliged to enter something… So TechNet to the rescue! I posted my question up on the forums and got some good tips really fast: ISA 2006:Link Translation: Replace Part of path with nothing

Tip #1: replace  ="/folder  with  ="/ 

Tip #2: replace /folder with /.

I’m not sure which options my colleague tested, but he reported back that a small variation, namely “”/www.customer.com" with “”. Only use what’s between quotes, including the leading “.

Thanks Kai and f3rrix!

0 comments

Provisioning Mail Enabled Users with FIM 2010

Published on Saturday, September 10, 2011 in ,

Using FIM it’s easy to provision mailboxes for users. In my current project we also needed to provision mail enabled users. The difference between a mailbox enabled and mail enabled is that the latter only has an email address associated with it’s account. The mailbox is typically located at an external organization.

Here’s a table from Exchange Provisioning using ILM 2007 and FIM 2010

It shows which attributes to flow for each recipient type. As we are going to provision mail enabled users we only need to flow

  • mailNickname
  • targetAddress

I like to use the sAMAccountName for the mailNickname. The reason why we wanted to mail enable some users is that we’d want external users (like consultants) to appear in the GAL. The customer itself was using a (fictive) domain like @internalAD.local.

At first I had my rules configured as:

  • sAMAccountName –> mailNickname
  • TargetAddress –> targetAddress

Where TargetAddress has values like “thomas@setspn.com”.

The result:

image

While it looks ok at first sight, when you look for the user in the GAL, it will appear with an e-mail address of the customer his address space...  Not exactly what we were looking for.

image

I did some testing using the Exchange Management Console, and the what I wanted to achieve seemed to be possible using the GUI, I must have done something wrong! It seems the targetAddress attribute in AD is supposed to contain “SMTP:emailaddress” and not merely “emailaddress”. So I changed the rules:

  • sAMAccountName –> mailNickname
  • TargetAddress –> “SMTP:”+targetAddress

And now my user looks like:

image

You can clearly see that the “primary” address is now the external address. And below you can see the difference in the GAL lookup. The first entry is bad, the second entry is OK.

image