Settings
Environments
What is an Environment?
If a workflow is a series of action steps, an environment is the receiver of those actions. On the Select Environments screen you will choose two or more environments that the workflow will take actions against. You need at least two so that you have at least one source and one target, but you can choose several in a more complex migration scenario. For example, you may choose to read from two different environments as sources, to be written to a single target environment.
Where do I manage Environments?
To manage environments, simply open the left navigation menu and click Environments, located under Settings, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
How are Local Environments added?
To add a local environment:
On the Environments page, Click the New button. The Select your Environment type page appears.
Select Local and click Next.
Enter a name for your environment and click Next.
- Enter a name for your agent and click Next.
Enter values in the following fields:
Target Domain Controller IP Address – The IP address of the target Domain Controller.
Target Domain Controller Ping Interval - The number of seconds the script will sleep between pings to the defined target domain controller. The default value is 300 seconds.
Timeout Before Job Failure – The number of minutes to wait after Credential Cache job is downloaded by the agent before marking the job a failure due to timeout. The default value is 180 minutes.
Timeout for User Credential Prompt – The number of minutes to prompt the user with a dialog box to enter their target domain credentials for caching. The default value is 5 minutes
Click Save Profile. The Credential Cache Profile is added to the list.
How do you export a list of Users, Groups, Contacts, and Devices in an environment?
Select an environment in the Environments table and then click Details. On the Details page, click the Export button to download a CSV file of the Users, Groups, Contacts, and Devices.
How do you unmatch Users, Groups, Contacts, and Devices so they will not be synchronized?
Select an environment in the Environments table and then click Details. On the Details page, select an object in the table and click the Unmatch button. The Match Status for the object will change to "Unmatched" and the object will not be synchronized.
The Unmatch action is not supported for objects belonging to the Tenant-to-Tenant project and registered devices.
How do you view logs for local environments?
Select a local environment in the Environments table and then click Password Logs or Discovery Logs to export a CSV with password or discovery information.
How do you discover local environments?
Select a local environment in the Environments table and then click Discover to begin the discovery process for the environment.
How do you filter out users and groups in cloud environments you do not want to synchronize?
Select a cloud environment in the Environments table and then click Settings. Then select the Object Filter tab to view the filter options. Uncheck the object types you wish to exclude. Options to exclude unlicensed and disabled accounts are also available. Click Attribute Filters to build filters that allow you to be more specific as to which object(s) to sync. Select the Filter Groups tab to enable Group filters.
How do you set the object filter to synchronize Microsoft Entra ID Joined devices in cloud environments?
If you subscribe to the Microsoft Entra ID Joined Device add on feature, you can enable the Microsoft Entra ID Joined device object filter option in Settings. To enable the Microsoft Entra ID Joined device option, select a cloud environment in the Environments table and then click Settings. Then select the Object Filter tab to view the filter options. Check the Microsoft Entra ID Joined devices option. Click Attribute Filters to build filters that allow you to be more specific as to which device(s) to sync.
The below table displays filterable properties and the object types that can be filtered by them. ✓= The property can be used to filter this object type.
| Property Name | Users | Contacts | Distribution And Mail Enabled Security Groups | Unified Groups And Teams | Devices |
|---|---|---|---|---|---|
| AcceptMessagesOnlyFrom | ✓ | ✓ | ✓ | ||
| AcceptMessagesOnlyFromDLMembers | ✓ | ✓ | ✓ | ||
| AcceptMessagesOnlyFromSendersOrMembers | ✓ | ✓ | ✓ | ||
| AccessType | ✓ | ||||
| AccountDisabled | ✓ | ||||
| AddressListMembership | ✓ | ✓ | ✓ | ||
| AdministrativeUnits | ✓ | ✓ | ✓ | ✓ | |
| Alias | ✓ | ✓ | ✓ | ||
| AllowAddGuests | ✓ | ||||
| AllowUMCallsFromNonUsers | ✓ | ||||
| AlwaysSubscribeMembersToCalendarEvents | ✓ | ||||
| ArbitrationMailbox | ✓ | ✓ | |||
| ArchiveRelease | ✓ | ||||
| AssistantName | ✓ | ||||
| AuditLogAgeLimit | ✓ | ||||
| AuthenticationPolicy | ✓ | ||||
| AutoSubscribeNewMembers | ✓ | ||||
| BypassModerationFromSendersOrMembers | ✓ | ✓ | ✓ | ||
| BypassNestedModerationEnabled | ✓ | ||||
| CalendarMemberReadOnly | ✓ | ||||
| CalendarUrl | ✓ | ||||
| CertificateSubject | ✓ | ||||
| City | ✓ | ||||
| Classification | ✓ | ||||
| Company | ✓ | ||||
| ConnectorsEnabled | ✓ | ||||
| ConsumerNetID | ✓ | ||||
| CountryOrRegion | ✓ | ||||
| CustomAttribute1 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute10 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute11 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute12 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute13 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute14 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute15 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute2 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute3 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute4 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute5 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute6 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute7 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute8 | ✓ | ✓ | ✓ | ✓ | |
| CustomAttribute9 | ✓ | ✓ | ✓ | ✓ | |
| Database | ✓ | ||||
| DataEncryptionPolicy | ✓ | ||||
| Department | ✓ | ||||
| DirectReports | ✓ | ||||
| DisplayName | ✓ | ✓ | ✓ | ✓ | ✓ |
| DistinguishedName | ✓ | ✓ | ✓ | ✓ | |
| EmailAddressPolicyEnabled | ✓ | ✓ | ✓ | ||
| ExchangeGuid | ✓ | ||||
| ExchangeVersion | ✓ | ✓ | ✓ | ✓ | |
| ExpansionServer | ✓ | ✓ | |||
| ExtensionCustomAttribute1 | ✓ | ✓ | ✓ | ||
| ExtensionCustomAttribute2 | ✓ | ✓ | ✓ | ||
| ExtensionCustomAttribute3 | ✓ | ✓ | ✓ | ||
| ExtensionCustomAttribute4 | ✓ | ✓ | ✓ | ||
| ExtensionCustomAttribute5 | ✓ | ✓ | ✓ | ||
| Extensions | ✓ | ||||
| ExternalDirectoryObjectId | ✓ | ✓ | ✓ | ✓ | |
| ExternalEmailAddress | ✓ | ||||
| Fax | ✓ | ||||
| FileNotificationsSettings | ✓ | ||||
| FirstName | ✓ | ||||
| GeoCoordinates | ✓ | ||||
| GrantSendOnBehalfTo | ✓ | ✓ | ✓ | ||
| GroupExternalMemberCount | ✓ | ||||
| GroupMemberCount | ✓ | ||||
| GroupPersonification | ✓ | ||||
| GroupSKU | ✓ | ||||
| GroupType | ✓ | ✓ | |||
| Guid | ✓ | ✓ | ✓ | ✓ | |
| HasPicture | ✓ | ||||
| HasSpokenName | ✓ | ||||
| HiddenFromAddressListsEnabled | ✓ | ✓ | ✓ | ||
| HiddenFromExchangeClientsEnabled | ✓ | ||||
| HiddenGroupMembershipEnabled | ✓ | ✓ | |||
| HomePhone | ✓ | ||||
| Id | ✓ | ✓ | ✓ | ✓ | |
| Identity | ✓ | ✓ | ✓ | ✓ | |
| InboxUrl | ✓ | ||||
| Initials | ✓ | ||||
| InPlaceHolds | ✓ | ||||
| InPlaceHoldsRaw | ✓ | ✓ | |||
| IsExternalResourcesPublished | ✓ | ||||
| IsLinked | ✓ | ||||
| IsMailboxConfigured | ✓ | ||||
| IsMembershipDynamic | ✓ | ||||
| IsSecurityPrincipal | ✓ | ||||
| IsSoftDeletedByDisable | ✓ | ||||
| IsSoftDeletedByRemove | ✓ | ||||
| IsValid | ✓ | ✓ | ✓ | ✓ | |
| Language | ✓ | ||||
| LastExchangeChangedTime | ✓ | ✓ | ✓ | ||
| LastName | ✓ | ||||
| LegacyExchangeDN | ✓ | ✓ | ✓ | ✓ | |
| LinkedMasterAccount | ✓ | ||||
| MacAttachmentFormat | ✓ | ||||
| MailboxLocations | ✓ | ||||
| MailboxProvisioningConstraint | ✓ | ✓ | |||
| MailboxProvisioningPreferences | ✓ | ||||
| MailboxRegion | ✓ | ✓ | |||
| MailboxRegionLastUpdateTime | ✓ | ||||
| MailboxRelease | ✓ | ||||
| MailTip | ✓ | ✓ | ✓ | ||
| MailTipTranslations | ✓ | ✓ | ✓ | ||
| ManagedBy | ✓ | ✓ | |||
| ManagedByDetails | ✓ | ||||
| Manager | ✓ | ||||
| MaxReceiveSize | ✓ | ✓ | ✓ | ||
| MaxRecipientPerMessage | ✓ | ||||
| MaxSendSize | ✓ | ✓ | ✓ | ||
| MemberDepartRestriction | ✓ | ||||
| MemberJoinRestriction | ✓ | ||||
| MessageBodyFormat | ✓ | ||||
| MessageFormat | ✓ | ||||
| MicrosoftOnlineServicesID | ✓ | ||||
| MigrationToUnifiedGroupInProgress | ✓ | ✓ | |||
| MobilePhone | ✓ | ||||
| ModeratedBy | ✓ | ✓ | ✓ | ||
| ModerationEnabled | ✓ | ✓ | ✓ | ||
| Name | ✓ | ✓ | ✓ | ✓ | |
| NetID | ✓ | ||||
| Notes | ✓ | ✓ | |||
| ObjectCategory | ✓ | ✓ | ✓ | ✓ | |
| ObjectClass | ✓ | ✓ | ✓ | ✓ | |
| ObjectState | ✓ | ✓ | ✓ | ✓ | |
| Office | ✓ | ||||
| OrganizationalUnit | ✓ | ✓ | ✓ | ✓ | |
| OrganizationId | ✓ | ✓ | ✓ | ✓ | |
| OriginatingServer | ✓ | ✓ | ✓ | ✓ | |
| OtherFax | ✓ | ||||
| OtherHomePhone | ✓ | ||||
| OtherTelephone | ✓ | ||||
| Pager | ✓ | ||||
| PeopleUrl | ✓ | ||||
| Phone | ✓ | ||||
| PhoneticDisplayName | ✓ | ||||
| PhotoUrl | ✓ | ||||
| PoliciesExcluded | ✓ | ✓ | ✓ | ||
| PoliciesIncluded | ✓ | ✓ | ✓ | ||
| PostalCode | ✓ | ||||
| PostOfficeBox | ✓ | ||||
| PreviousRecipientTypeDetails | ✓ | ||||
| RecipientType | ✓ | ✓ | ✓ | ✓ | |
| RecipientTypeDetails | ✓ | ✓ | ✓ | ✓ | |
| RejectMessagesFrom | ✓ | ✓ | ✓ | ||
| RejectMessagesFromDLMembers | ✓ | ✓ | ✓ | ||
| RejectMessagesFromSendersOrMembers | ✓ | ✓ | ✓ | ||
| RemotePowerShellEnabled | ✓ | ||||
| ReportToManagerEnabled | ✓ | ✓ | |||
| ReportToOriginatorEnabled | ✓ | ✓ | |||
| RequireSenderAuthenticationEnabled | ✓ | ✓ | ✓ | ||
| ResetPasswordOnNextLogon | ✓ | ||||
| RunspaceId | ✓ | ✓ | ✓ | ✓ | |
| SamAccountName | ✓ | ✓ | |||
| SendModerationNotifications | ✓ | ✓ | ✓ | ||
| SendOofMessageToOriginatorEnabled | ✓ | ✓ | |||
| SeniorityIndex | ✓ | ||||
| ServerName | ✓ | ||||
| SharePointDocumentsUrl | ✓ | ||||
| SharePointNotebookUrl | ✓ | ||||
| SharePointSiteUrl | ✓ | ||||
| Sid | ✓ | ||||
| SidHistory | ✓ | ||||
| SiloName | ✓ | ||||
| SimpleDisplayName | ✓ | ✓ | ✓ | ||
| SKUAssigned | ✓ | ||||
| StateOrProvince | ✓ | ||||
| StreetAddress | ✓ | ||||
| StsRefreshTokensValidFrom | ✓ | ||||
| SubscriptionEnabled | ✓ | ||||
| TelephoneAssistant | ✓ | ||||
| Title | ✓ | ||||
| UMCallingLineIds | ✓ | ||||
| UMDialPlan | ✓ | ||||
| UMDtmfMap | ✓ | ✓ | ✓ | ||
| UpgradeDetails | ✓ | ||||
| UpgradeMessage | ✓ | ||||
| UpgradeRequest | ✓ | ||||
| UpgradeStage | ✓ | ||||
| UpgradeStageTimeStamp | ✓ | ||||
| UpgradeStatus | ✓ | ||||
| UseMapiRichTextFormat | ✓ | ||||
| UsePreferMessageFormat | ✓ | ||||
| UserAccountControl | ✓ | ||||
| UserCertificate | ✓ | ||||
| UserPrincipalName | ✓ | ||||
| UserSMimeCertificate | ✓ | ||||
| VoiceMailSettings | ✓ | ||||
| WebPage | ✓ | ||||
| WelcomeMessageEnabled | ✓ | ||||
| WhenChanged | ✓ | ✓ | ✓ | ✓ | |
| WhenChangedUTC | ✓ | ✓ | ✓ | ✓ | |
| WhenCreated | ✓ | ✓ | ✓ | ✓ | |
| WhenCreatedUTC | ✓ | ✓ | ✓ | ✓ | |
| WhenSoftDeleted | ✓ | ✓ | |||
| WindowsEmailAddress | ✓ | ✓ | ✓ | ||
| WindowsLiveID | ✓ | ||||
| YammerEmailAddress | ✓ | ||||
| Description | ✓ | ✓ | |||
| OperatingSystem | ✓ | ||||
| OperatingSystemVersion | ✓ | ||||
| ProfileType | ✓ | ||||
| EmailAddresses | ✓ | ✓ | ✓ |
Additional Information
Alerts
What is an Alert?
Alerts may be added to keep administrators informed of the success completion and/or failure of any workflow. Alerts are delivered as status emails to the designated recipients. For each workflow choose the previously created alerts or add a new alert. Easily add multiple recipients, by separating the addresses with a semicolon.
Where do I manage Alerts?
To manage workflow alerts, simply open the left navigation menu and click Alerts, located under Settings, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
How do you setup a new Alert?
Follow these steps to create a new workflow alert.
- Navigate to Alerts.
- Click New.
- Enter a Name, click Next.
- Enter recipients. To add multiple recipients, separate addresses with a semicolon ( ; ).
- Click Next.
- Choose Language preference, click Next.
- Choose which events trigger alerts.
- Choose Workflow Failure at a minimum.
- Do not choose Local Agent Offline for a Cloud only workflows and environments.
- Click Next.
- Click Finish.
How do you add an Alert to a workflow?
Follow these steps to add an alert to an existing workflow.
- Navigate to Workflows.
- Locate and select Write workflow created earlier.
- Click the Settings button.
- Click Alerts.
- Click Add.
- Select the Alert created in the previous steps.
- Click OK.
- Navigate to Workflows.
- Repeat these steps for each workflow.
What workflow events can generate an alert?
You can select to have an email notification sent when the workflow finishes for the following events:
- Workflow Completion - A notification will be sent each time your workflow completes successfully.
- Workflow Failure - A notification will be sent each time your workflow completes successfully.
- Local Agent Offline - A notification will be sent each time local agents go offline.
How do I edit an Alert?
Alerts can be edited on the Alerts page by selecting an Alert in the table and clicking "Settings."
How do I enable or disable an Alert?
Active alerts can be disabled on the Alerts page by selecting the alert in the table and clicking "Disable." Disabled alerts can be activated on the Alerts page by selecting the alert in the table and clicking "Enable."
Additional Information
Scripts
What is a script?
A script entry is used to securely store a PowerShell script file and can be run as part of workflow at any point in the process using the Script Task.
Where do I manage saved Scripts?
To manage saved scripts, simply open the left navigation menu and click Scripts, located under Settings, see figure 1.
Figure 1: Directory Sync Setup and Settings Menu
How do you select a PowerShell script to run?
On the Run PowerShell Scripts screen, choose an existing script to run. Stop workflow on error will stop the workflow if an error is encountered, so placement of this step within the workflow sequence must be considered.
How do you add a new PowerShell script?
On the Scripts page, click the New button to add a new script to the collection. Name your script, and choose a local environment for it to apply to. Directory Sync does not validate your scripts, so be sure that you test them first in a non-production environment. Note that all scripts are run under the service account and an account with the required AD Rights must be configured to logon to the service.