I will get BMG 9 up in my lab enivornment shortly but thought I would ask here.
Q: Can the new version use multiple ldap sources to query for email routing destination?
A: YES. You can have as many LDAP sources as you'd like. An LDAP source should be a DISCTICT LDAP domain. It's NOT normally multiple entries for different SERVERS in an LDAP domain.
Q: Eq. There is a requirement in a very large environment for all email users to have the same FQDN.
The departments are split all over the place though and there is more than one AD server that services the same FQDN.
A: You need an LDAP source for each LDAP (AD) instance. If you have a single AD structure, it doesn't matter what the user's e-mail domain is (we have a single LDAP with 3 different domains (e.g. @domain1.com, @Otherdomain.com, @thirddomain.com) all in a single AD instance. We also have TWO seperate AD domains. The 2nd AD environment has 2 other e-mail domains it it. So we have two LDAP sources - one for each of the AD trees.
Q:One AD server may have information on 20% of the users and another 40% and another 40% etc.
The AD servers are split apart geographically, physically and firewalled as well.
A: that sounds like you have multiple AD trees. Yes, you can create an LDAP source for each. You will need to have a patch from EACH Scanner and Control Center to each LDAP source server(s). So you will need some firewall rules. I recommend you use LDAP over SSL if any of your Scanners are in a DMZ.
Q: I am wondering if Brightmail can query one ldap source, and if it does not find a mail route, then query the next one in a list.
Or that the ldap sources are all synchronised back to an internal DB on the scanners that is aware of all possible routes.
A: Brightmail will query each LDAP source until it finds a match on the recipient's e-mail address. BTW: It also caches results (positive and negative to minimize network traffic and improve performance.
While Recipient Validation doesn't care, Address Resolution requires that any users be unique across ALL LDAP sources, since Brightmail would have no way to decide which source is authoritive for the route.
And, only one AD object should have any specific e-mail address.
Q: Just wanted to understand that with the advent of Directory integration as we call it in BMG 9, is it possible to customize a query by which I can actually query the e-mail addresses inside the group?
A: Define "Query" Are you asking about custom queries in the LDAP source, or about policy groups.
If you want to write content policies that only apply to a group of users, based on AD group membership, you use the Admin / Policy Groups feature and add the DN as the membership source.