The default way for a connector to find which users to service is to use broadcasting, as mentioned in the section The connector above. By this method, the DME server poses a request to the joint grouped of connectors, asking: "Which of you is able to synchronize e-mail (or calendar, etc.) for user xxx ?". As each function (authentication, e-mail, calendar, contacts, etc.) is independent of the others, there could potentially be a different connector for each function, even for the same user.
When a DME connector sends a positive reply, a route is saved for this combination of user and function for the connector.
For example, in order to check if the password of a new user is valid, the DME server asks all the connectors for which the "Authentication" function is enabled to check if they are able to authenticate this user.
Since each connector may in principle be configured to a different domain, the DME server sends the user name as entered in the DME client, which is usually the short name for the user.
Then the specific domain name is appended by each connector, and the credentials are tested against the defined Authentication LDAP server.
Note
In a setup that involves multiple companies, this is a major security risk, since the user name and password are sent to all connectors.
See below for a resolution to this security risk, and see Connector routing for alternative configuration options in multi-company setups.
To avoid broadcasting across companies, users can be set up to authenticate using their full user domain name, such as user@domain.local or even something that looks like an e-mail address user@domain.com - the difference being that domain.com is not always an SMTP domain, but can be an AD domain.
The DME user domain is set up in the Domain section of the connector setup page.
The DME user domain field should only be completed when users log in to DME using the full user@domain format.
The @domain part is used by the connector to answer authentication requests concerning this specific domain only.
Note
In 95% of DME installations, there will be only one domain, and the field must therefore be left blank.
See Domain for more information.
When multiple connectors are set to Automatic in the Route users part of the Supported users section of the Domain connector setup page (meaning that they use broadcasting), they must be configured in exactly the same way.
They must all be set to either Primary or Failover in the Main connector setup section, and they must connect to the same backend servers, both LDAP and collaboration servers in order to service the same users.
If you want to specify which connector should service users from an Exchange 2003 environment compared to users from Exchange 2007/10 (which are two different e-mail systems seen from a DME perspective), you must use a specific routing. See below.