How to configure Trend Active Directory Sync Client for Hosted Email Security (HES)

What:

Windows Domain Controller with Trend Active Directory Sync Client

Problem:

Default configuration works only for user email address's, not groups.

Solution:

Navigate to the following location:

"C:\Program Files (x86)\Trend Micro\Hosted Email Security ActiveDirectory Sync Client"

Edit "IMHS_AD_ACL.config" file and replace content with the one below.

<?xml version="1.0" encoding="utf-8"?>
<ad_acl>
    <ldap_path name="default">
        <objectClass name="User">
          <displayNameAttr>displayName</displayNameAttr>
          <emailAttr>mail</emailAttr>
          <emailAttr>proxyAddresses</emailAttr>
        </objectClass>
        <objectClass name="group">
         <displayNameAttr>displayName</displayNameAttr>
         <emailAttr>proxyAddresses</emailAttr>
        </objectClass>
    </ldap_path>
</ad_acl>

Save file and restart  "Trend Active Directory Sync Client" service to apply changes.

Sample sync configuration for the below Active Directory structure, which will sync all user and group's emails located under MyBusiness organization unit.

LDAP://OU=MyBusiness, DC=company, DC=local
LDAP://CN=Users, DC=company, DC=local

Important: In case you've changed domain admin password make sure that log in credentials have been updated for HES active sync service.