Chat now with support
Chat with Support

Directory Sync Pro for Active Directory 20.11.2 - User Guide

Using the User and Group LDAP Filters

Active Directory provides a powerful way of retrieving data through the use LDAP filters. Directory Synchronization exposes two filters during the creation of a synchronization profile: User OU Filter and Group OU Filter whose defaults are:

  • Users: (&(!(adminDescription=Created By DirSync))(|(objectClass=Person)(objectClass=room))(!(objectClass=computer)))
  • Groups: (&(!(adminDescription=Created By DirSync))(objectClass=Group))

These filters are per organizational unit and apply to sub-OUs when the Sync Sub-OUs option is selected.

Modifying these filters requires a basic understanding of the attributes, their value representations, and their data types. LDAP filters support any number of options including filtering by date ranges, wildcards, and the use of bitmasks as in the userAccountControl property.

The use of the objectClass and objectCategory properties can greatly reduce the number of records retrieved resulting in improved performance. You may use other attributes to further restrict your results.

  • Selecting users that are part of the ‘Accounting’ department:
    • (&(objectClass=User)(objectCategory=Person)(department=Accounting))
  • Selecting mailbox-enabled users:
    • (&(objectClass=User)(objectCategory=Person)(homeMDB=*))
  • Selecting mail-enabled users and contacts:
    • (|(&(objectClass=User)(objectCategory=Person)(!homeMDB=*))(objectClass=Contact))
  • Selecting users created after January 1, 2011:
    • (&(objectClass=User)(objectCategory=Person)(whenCreated>=20110101000000.0Z))
  • Selecting distribution lists:
    • (&(objectClass=Group)(groupType=2))

The following are common examples of queries and their LDAP query syntax.

Quest recommends that you use the Active Directory Users and Computers management console to test your filters to prevent Directory Synchronization from failing due to an invalid filter.

Default Mappings

AD Source – AD Target Default Mapping

The below table displays the default values of the AD Source to AD Target mapping table.

 

Source Field Internal Field Target Field Source Type Target Type 1 Target Type 2 Comments

accountExpires

AccountExpires

accountExpires

any

any

 

 

altRecipient

ForwardingAddress

altRecipient

any

any

 

 

assistant

Assistant

 

any

any

 

 

authOrig

AuthOrig

authOrig

any

any

 

 

C

CountryAbbreviation

C

any

any

 

 

cn

CommonName

cn

any

any

 

 

Co

CountryName

Co

any

any

 

 

codePage

CodePage

codePage

any

any

 

 

Comment

Comment

Comment

any

any

 

 

company

Company

company

any

any

 

 

countryCode

CountryCode

countryCode

any

any

 

 

deletedItemFlags

DeletedItemFlags

deletedItemFlags

any

any

 

 

delivContLength

DelivContLength

delivContLength

any

any

 

 

department

Department

department

any

any

 

 

departmentNumber

DepartmentNumber

departmentNumber

any

any

 

 

description

Description

description

any

any

 

 

displayName

DisplayName

displayName

any

any

 

 

division

Division

division

any

any

 

 

dLMemSubmitPerms

DLMemSubmitPerms

dLMemSubmitPerms

any

any

 

 

dLMemRejectPerms

DLMemRejectPerms

dLMemRejectPerms

any

any

 

 

employeeID

EmployeeID

employeeID

any

any

 

 

employeeNumber

EmployeeNumber

employeeNumber

any

any

 

 

employeeType

EmployeeType

employeeType

any

any

 

 

expirationTime

ExpirationTime

expirationTime

any

any

 

 

extensionAttribute1

Extension1

extensionAttribute1

any

any

 

These are Exchange defined custom attributes.

extensionAttribute10

Extension10

extensionAttribute10

any

any

 

These are Exchange defined custom attributes.

extensionAttribute11

Extension11

extensionAttribute11

any

any

 

These are Exchange defined custom attributes.

extensionAttribute12

Extension12

extensionAttribute12

any

any

 

These are Exchange defined custom attributes.

extensionAttribute13

Extension13

extensionAttribute13

any

any

 

These are Exchange defined custom attributes.

extensionAttribute14

Extension14

extensionAttribute14

any

any

 

These are Exchange defined custom attributes.

extensionAttribute15

Extension15

extensionAttribute15

any

any

 

These are Exchange defined custom attributes.

extensionAttribute2

Extension2

extensionAttribute2

any

any

 

These are Exchange defined custom attributes.

extensionAttribute3

Extension3

extensionAttribute3

any

any

 

These are Exchange defined custom attributes.

extensionAttribute4

Extension4

extensionAttribute4

any

any

 

These are Exchange defined custom attributes.

extensionAttribute5

Extension5

extensionAttribute5

any

any

 

These are Exchange defined custom attributes.

extensionAttribute6

Extension6

extensionAttribute6

any

any

 

These are Exchange defined custom attributes.

extensionAttribute7

Extension7

extensionAttribute7

any

any

 

These are Exchange defined custom attributes.

extensionAttribute8

Extension8

extensionAttribute8

any

any

 

These are Exchange defined custom attributes.

extensionAttribute9

Extension9

extensionAttribute9

any

any

 

These are Exchange defined custom attributes.

facsimileTelephoneNumber

OfficeFAXNumber

facsimileTelephoneNumber

any

any

 

 

generationQualifier

Suffix

generationQualifier

any

any

 

 

givenName

FirstName

givenName

any

any

 

 

homePhone

HomePhoneNumber

homePhone

any

any

 

 

HomePostalAddress

HomePostalAddress

HomePostalAddress

any

any

 

 

Info

Info

Info

any

any

 

 

initials

Initials

initials

any

any

 

 

internationalISDNNumber

InternationalISDNNumber

internationalISDNNumber

any

any

 

 

internetEncoding

internetEncoding

internetEncoding

any

any

 

 

ipPhone

IPPhone

ipPhone

any

any

 

 

jpegPhoto

JPEGPhoto

jpegPhoto

any

any

 

 

l

OfficeCity

l

any

any

 

 

language

Language

language

any

any

 

 

legacyExchangeDN

LegacyExchangeDN

legacyExchangeDN

any

any

 

Created using the source object's GUID as the CN.

localeID

LocaleID

localeID

any

any

 

 

mail

InternetAddress

mail

any

any

 

 

mailNickname

PrimaryAlias

mailNickname

any

any

 

 

manager

Manager

 

any

any

 

 

mAPIRecipient

MAPIRecipient

mAPIRecipient

any

any

 

 

middleName

MiddleName

middleName

any

any

 

 

mobile

CellPhoneNumber

mobile

any

any

 

 

msDS-PhoneticCompanyName

msDSPhoneticCompanyName

msDS-PhoneticCompanyName

any

any

 

 

msDS-PhoneticDepartment

msDSPhoneticDepartment

msDS-PhoneticDepartment

any

any

 

 

msDS-PhoneticDisplayName

msDSPhoneticDisplayName

msDS-PhoneticDisplayName

any

any

 

 

msDS-PhoneticFirstName

msDSPhoneticFirstName

msDS-PhoneticFirstName

any

any

 

 

msDS-PhoneticLastName

msDSPhoneticLastName

msDS-PhoneticLastName

any

any

 

 

msExchAddressBookFlags

msExchAddressBookFlags

msExchAddressBookFlags

any

any

 

 

msExchALObjectVersion

msExchALObjectVersion

msExchALObjectVersion

any

any

 

 

msExchArchiveGuid

msExchArchiveGuid

msExchArchiveGuid

any

any

 

 

msExchArchivename

msExchArchivename

msExchArchivename

any

any

 

 

msExchAssistantName

msExchAssistantName

msExchAssistantName

any

any

 

 

msExchBlockedSendersHash

msExchBlockedSendersHash

msExchBlockedSendersHash

any

any

 

 

msExchBypassAudit

msExchBypassAudit

msExchBypassAudit

any

any

 

 

msExchELCExpirySuspensionEnd

msExchELCExpirySuspensionEnd

msExchELCExpirySuspensionEnd

any

any

 

 

msExchELCExpirySuspensionStart

msExchELCExpirySuspensionStart

msExchELCExpirySuspensionStart

any

any

 

 

msExchELCMailboxFlags

msExchELCMailboxFlags

msExchELCMailboxFlags

any

any

 

 

msExchExternalOOFOptions

msExchExternalOOFOptions

msExchExternalOOFOptions

any

any

 

 

msExchHideFromAddressLists

msExchHideFromAddressLists

msExchHideFromAddressLists

any

any

 

 

msExchMailboxAuditEnable

msExchMailboxAuditEnable

msExchMailboxAuditEnable

any

any

 

 

msExchMailboxAuditLogAgeLimit

msExchMailboxAuditLogAgeLimit

msExchMailboxAuditLogAgeLimit

any

any

 

 

msExchMailboxGuid

msExchMailboxGUID

msExchMailboxGuid

any

any

 

 

msExchMDBRulesQuota

msExchMDBRulesQuota

msExchMDBRulesQuota

any

any

 

 

msExchMessageHygieneFlags

msExchMessageHygieneFlags

msExchMessageHygieneFlags

any

any

 

 

msExchMessageHygieneSCLDeleteThreshold

msExchMessageHygieneSCLDeleteThreshold

msExchMessageHygieneSCLDeleteThreshold

any

any

 

 

msExchMessageHygieneSCLJunkThreshold

msExchMessageHygieneSCLJunkThreshold

msExchMessageHygieneSCLJunkThreshold

any

any

 

 

msExchMessageHygieneSCLQuarantineThreshold

msExchMessageHygieneSCLQuarantineThreshold

msExchMessageHygieneSCLQuarantineThreshold

any

any

 

 

msExchMessageHygieneSCLRejectThreshold

msExchMessageHygieneSCLRejectThreshold

msExchMessageHygieneSCLRejectThreshold

any

any

 

 

msExchModerationFlags

msExchModerationFlags

msExchModerationFlags

any

any

 

 

msExchPoliciesExcluded

msExchPoliciesExcluded

msExchPoliciesExcluded

any

any

 

 

msExchPoliciesIncluded

msExchPoliciesIncluded

msExchPoliciesIncluded

any

any

 

 

msExchProvisioningFlags

msExchProvisioningFlags

msExchProvisioningFlags

any

any

 

 

msExchRecipientDisplayType

msExchRecipientDisplayType

msExchRecipientDisplayType

any

any

 

This mapping is ignored and msExchRecipientDisplayType is set to 6 when the profile is set to sync users as Mail-Enabled Users or Disabled Mail-Enabled Users, or the profile is set to sync users “As-Is” and the object in the source is Mailbox-Enabled.

msExchRecipientTypeDetails

msExchRecipientTypeDetails

msExchRecipientTypeDetails

any

any

 

This mapping is ignored and msExchRecipientTypeDetails is set to 128 when the profile is set to sync users as Mail-Enabled Users or Disabled Mail-Enabled Users, or the profile is set to sync users “As-Is” and the object in the source is Mailbox-Enabled.

msExchRequireAuthToSendTo

msExchRequireAuthToSendTo

msExchRequireAuthToSendTo

any

any

 

 

msExchResourceCapacity

msExchResourceCapacity

msExchResourceCapacity

any

any

 

 

msExchResourceDisplay

msExchResourceDisplay

msExchResourceDisplay

any

any

 

 

msExchResourceMetaData

msExchResourceMetaData

msExchResourceMetaData

any

any

 

 

msExchResourceSearchProperties

msExchResourceSearchProperties

msExchResourceSearchProperties

any

any

 

 

msExchSafeRecipientsHash

msExchSafeRecipientsHash

msExchSafeRecipientsHash

any

any

 

 

msExchSafeSendersHash

msExchSafeSendersHash

msExchSafeSendersHash

any

any

 

 

msExchTransportRecipientSettingsFlags

msExchTransportRecipientSettingsFlags

msExchTransportRecipientSettingsFlags

any

any

 

 

msExchUMDtmfMap

msExchUMDtmfMap

msExchUMDtmfMap

any

any

 

 

msExchUMSpokenName

msExchUMSpokenName

msExchUMSpokenName

any

any

 

 

msExchUserCulture

msExchUserCulture

msExchUserCulture

any

any

 

 

msExchVersion

msExchVersion

msExchVersion

any

any

 

 

name

Name

name

any

any

 

 

O

O

O

any

any

 

 

objectGUID

AdminDisplayName

adminDisplayName

any

any

 

 

otherFacsimileTelephoneNumber

OtherFacsimileTelephoneNumber

otherFacsimileTelephoneNumber

any

any

 

 

otherHomePhone

OtherHomePhone

otherHomePhone

any

any

 

 

otherIpPhone

OtherIpPhone

otherIpPhone

any

any

 

 

otherMobile

OtherMobile

otherMobile

any

any

 

 

otherPager

OtherPager

otherPager

any

any

 

 

otherTelephone

OtherTelephone

otherTelephone

any

any

 

 

pager

PagerNumber

pager

any

any

 

 

personalPager

PersonalPager

personalPager

any

any

 

 

personalTitle

PersonalTitle

personalTitle

any

any

 

 

Photo

Photo

Photo

any

any

 

 

physicalDeliveryOfficeName

Location

physicalDeliveryOfficeName

any

any

 

Important, particularly for printers.

pOPCharacterSet

POPCharacterSet

pOPCharacterSet

any

any

 

 

pOPContentFormat

POPContentFormat

pOPContentFormat

any

any

 

 

postalAddress

PostalAddress

postalAddress

any

any

 

 

postalCode

OfficeZip

postalCode

any

any

 

 

postOfficeBox

PostOfficeBox

postOfficeBox

any

any

 

 

preferredDeliveryMethod

PreferredDeliveryMethod

preferredDeliveryMethod

any

any

 

 

primaryInternationalISDNNumber

PrimaryInternationalISDNNumber

primaryInternationalISDNNumber

any

any

 

 

primaryTelexNumber

PrimaryTelexNumber

primaryTelexNumber

any

any

 

 

proxyAddresses

ProxyAddresses

 

any

any

 

ProxyAddresses contains the InternetAddress as the primary SMTP, the legacyExchangeDN of both the source and target as X500 addresses, and any email policies from the target (if enabled).

pwdLastSet

PwdLastSet

 

 

 

 

 

roomNumber

RoomNumber

roomNumber

any

any

 

 

sAMAccountName

SAMAccountName

sAMAccountName

any

any

 

The following restricted chars will be replaced with underscores:

, + " < > ; = / [ ] : | * ? \

showInAdvancedViewOnly

ShowInAdvancedViewOnly

showInAdvancedViewOnly

any

any

 

 

sn

LastName

sn

any

any

 

Sometimes used as surname.

st

OfficeState

st

any

any

 

 

street

Street

street

any

any

 

 

streetAddress

OfficeStreetAddress

streetAddress

any

any

 

 

 

TargetAddress

targetAddress

any

any

 

 

telephoneAssistant

TelephoneAssistant

telephoneAssistant

any

any

 

 

telephoneNumber

OfficePhoneNumber

telephoneNumber

any

any

 

 

terminalServer

TerminalServer

terminalServer

any

any

 

 

textEncodedORAddress

TextEncodedORAddress

textEncodedORAddress

any

any

 

 

thumbnailLogo

ThumbnailLogo

thumbnailLogo

any

any

 

 

thumbnailPhoto *

ThumbnailPhoto *

thumbnailPhoto *

any

any

 

 

title

JobTitle

title

any

any

 

 

unauthOrig

UnauthOrig

unauthOrig

any

any

 

 

url

WebSite

url

any

any

 

 

userCert

UserCert

userCert

any

any

 

 

userCertificate

UserCertificate

userCertificate

any

any

 

 

userPrincipalName

UserPrincipalName

userPrincipalName

any

any

 

 

userSMIMECertificate

UserSMIMECertificate

userSMIMECertificate

any

any

 

 

wWWHomePage

WWWHomePage

wWWHomePage

any

any

 

 

managedBy

ManagedBy

 

group

group

contact

 

groupType

GroupType

groupType

group

group

 

 

* thumbnailPhoto values are synced directly from the Source to the Target.

Customizing Overrides

In Directory Sync Pro for Active Directory, an override is used to transform values in the target directory based upon a formula.

The formula language used is T-SQL, used in Microsoft’s SQL Server product line. A valid select statement in T-SQL would be Select (FirstName + LastName) from BT_Person. When adding an override you do not need to include a full SQL select statement as portions of the SQL statement are generated for you. Specifically, you are not required to use the select or from commands in the override. It is only required to enter the columns that should be selected. To continue the example above, a valid override would only need to contain the value of FirstName + LastName.

To add an Override:

  1. From the project overview, select your profile and choose Manage.
  2. From the summary page, choose Settings, then Advanced, then Overrides.
  3. Click Add Override. The Override dialog appears.
  4. Select a Person or Groups from the View drop-down list.
  5. Enter a Field Name for the new override. This must be a valid internal field name in SQL.
  6. Enter a Field Value for the new override. This must be a correctly formatted SQL statement.
  7. Enter optional Comments for the new override.
  8. Click Save.

When you save an override, Directory Sync Pro for Active Directory re-generates the Person or Groups view. It does this by dynamically generating a single SQL statement using the snippet of SQL code that is part of all overrides. The max size for this SQL statement is 8000 total characters. If many new overrides are added, this limit could be exceeded and an error when adding the overrides will occur. In addition to the default overrides, approximately 15-20 more Person and 20-25 Group overrides can be added before hitting the size limit.

To edit an override:

  1. From the project overview, select your profile and choose Manage.
  2. From the summary page, choose Settings, then Advanced, then Overrides.
  3. Select the desired override and double-click on it.
  4. The dialog box for the selected override opens.
  5. Make any desired edits to the Field Value and or Comments. (The View type and Field Name cannot be modified.)
  6. Click Save.

To delete an override:

  1. From the project overview, select your profile and choose Manage.
  2. From the summary page, choose Settings, then Advanced, then Overrides.
  3. Select one or more overrides and click Remove Override(s).
  4. Choose Yes in the confirmation box.

To export overrides:

  1. From the project overview, select your profile and choose Manage.
  2. From the summary page, choose Settings, then Advanced, then Overrides.
  3. Select one or more overrides using Ctrl-click.
  4. Choose Export.
  5. In the export dialog box, choose a file format, and enter a file location.
  6. Click Export.

You can reset all overrides to the “factory defaults” by clicking the Reset Overrides button. Caution: This will remove any custom overrides or any edits to existing overrides. If you have made changes, you may want to export those changed overrides before a reset. You can import them later if you wish.

Controlling actions with Overrides

Directory Sync Pro for Active Directory uses the TypeOfTransaction column from the BT_Person table, or the Operation column from the BT_Groups table to determine what action to perform on the target object. These may have overrides applied to them, to control what actions Directory Sync Pro for Active Directory will take for an object. The below image shows an example of this kind of override.

Matching user accounts with Overrides

The values used for matching can have overrides applied to them. This is accomplished by setting up a new override using the field names MatchValue1, MatchValue2, MatchValue3 and MatchValue4. Each MatchValue1-4 corresponds the respective Source and Target pair on the matching tab.

These values are used for matching only. Values that get written to the target are based on the mappings, not the matching.

 

When updating an existing object, the attributes UserPrincipalName and SAMAccountName will only be written in response to a change after the initial sync. To always update these attributes, change the Internal Field mapping to an unused CustomXXX field.

Internal field must be entirely blank/NULL or source written to a different Custom value.

Make your override for Custom001 and map Custom001 to UserPrincipalName…then un-map userPrincipalName.

Make your override for Custom002 and map Custom002 to sAMAccountName…then un-map sAMAccountName

Example Overrides - For informational purposes only. Please create and test overrides for each project.

Field Name Field Value Description
TargetAddress CASE EntryType WHEN 'user' THEN 'SMTP:' + P.Custom20 + '@exchange.contoso.com' ELSE 'SMTP:' + dbo.ReplaceDomain(InternetAddress,'exchange.contoso.com') END This formula will dynamically set the targetaddress value based on the EntryType.
TargetAddress 'SMTP:' + dbo.UpdateInternetAddress(InternetAddress,'exchange.') This formula will set the TargetAddress value based on the InternetAddress and prefix the domain with the value specified, in this case "exchange.".
TargetAddress ' 'SMTP:' + dbo.ReplaceDomain(InternetAddress,'exchange.contoso.com') This formula will set the TargetAddress value based on the InternetAddress and replace the domain with the value specified, in this case "exchange.contoso.com".
TargetAddress CASE WHEN InternetAddress LIKE '%@example.com' THEN 'smtp:' + dbo.UpdateInternetAddress(P.InternetAddress, 'exchange.') WHEN InternetAddress LIKE '%@knotes.contoso.com' THEN 'smtp:' + dbo.ReplaceDomain(P.InternetAddress, 'exchange.contoso.com') ELSE P.InternetAddress END This formula will dynamically set the targetaddress value based on the existing InternetAddress domain name value. If the first domain is found then the TargetAddress will be set to one value, if the second domain is found another value will be used and if neither domain is found then the TargetAddress will be set the same as the current InternetAddress value.
CommonName CASE EntryType WHEN 'user' THEN 'do$$' + SourceDirectoryID WHEN 'sharedmail' THEN 'do$$' + SourceDirectoryID ELSE CommonName END This formula will dynamically set the CommonName value based on the EntryType.
CommonName CASE WHEN LEN(CommonName) > 64 THEN LTRIM(RTRIM(LEFT(CommonName,64))) ELSE CommonName END This formula will limit the CommonName value to 64 characters if it exceeds that limit.
ProxyAddresses CASE ProxyAddresses WHEN '' THEN 'smtp:' + dbo.ReplaceDomain(InternetAddress,'@contoso.mail.onmicrosoft.com;smtp:') + dbo.UpdateInternetAddress(InternetAddress,'exchange.') ELSE ProxyAddresses + ';smtp:' + dbo.ReplaceDomain(InternetAddress,'@contoso.mail.onmicrosoft.com;smtp:') + dbo.UpdateInternetAddress(InternetAddress,'exchange.') END This formula will set or append to the list of ProxyAddresses values the coexistence routing addresses. This example specifically is designed for Office 365.
Company LTRIM(RTRIM(LEFT(company, 50))) This formula will Trim, then limit the string value by 50 characters.
Custom001 'this is a string' This formula will set any string value to the any SQL field.
Custom001 REPLACE(InternetAddress,'@','.') This formula will replace the '@' symbol with a period '.' to create a string like so. (i.e. first.last.contoso.com)
Custom001 LEFT(InternetAddress,CHARINDEX('@',InternetAddress)-1) This formula will extract the localpart of InternetAddress.

Directory Sync Pro for Active Directory Fields with Special Processing

AD Directory Sync Pro for Active Directory Fields with Special Processing

The below tables include AD fields with some kind of special processing in Directory Sync Pro for Active Directory. Fields can have the following characteristics:

  • Cannot be mapped
  • Can be mapped and have an override
  • May be explicitly ignored or changed by Directory Sync Pro for Active Directory if object meets certain conditions, even if mapping and override exists
  • Actual attribute may be set via config file

Additional notes are available below for field marked with a *.

 

Writing Users to AD

Attributes that may be set by Directory Sync Pro for Active Directory regardless of mapping:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file
distinguishedName      
objectClass      
userPassword      
unicodePwd      
userAccountControl      
msExchRecipientDisplayType    
msExchRecipientTypeDetails    
msExchResourceDisplay      
msExchResourceSearchProperties      
msExchResourceMetaData      
showInAddressBook*    
msExchMasterAccountSid    
msExchPoliciesExcluded    
msExchPoliciesIncluded    
userAccountControl    
pwdLastSet      
adminDescription    

Special processing if mapped:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file
mail    
assistant*      
manager*      
managedBy*      
altRecipient*      
authoring      
unauthOrig      
dLMemSubmitPerms      
dLMemRejectPerms      
sAMAccountName*    
legacyExchangeDN*    
mailNickname    

Never set:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file
objectGUID      
objectSid      
whenCreated      
whenChanged      
uSNChanged      
name      
cn      

 

Writing Groups to AD

Attributes that may be set by Directory Sync Pro for Active Directory regardless of mapping:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file
objectClass      
msExchRecipientDisplayType    
msExchVersion      
showInAddressBook*    
msExchPoliciesExcluded    
msExchPoliciesIncluded      
adminDescription    

Special processing if mapped:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file
mail    
assistant*      
manager*      
managedBy*      
altRecipient*      
authOring      
unauthOrig      
dLMemSubmitPerms      
dLMemRejectPerms      
sAMAccountName*    
legacyExchangeDN*      
groupType    
mailNickname    

Never set:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file
objectGUID      
objectSid      
whenCreated      
whenChanged      
uSNChanged      
name      
cn      

Special processing by Internal Field Name:

Field Cannot be mapped Can be mapped / have override May be explicitly ignored May be set with config file If this internal field name is mapped and value is empty, actual value comes from different internal field
DisplayName      
PrimaryAlias      
SAMAccountName*      
InternetAddress      
Name      
CommonName      

 

Additional Notes

  1. TargetDN – this column contains the distinguishedName of the target object to be created or the existing distinguishedName of a matched target object. If the object is created, the following values are used:
    1. Non-group objects from AD sources use the DN column (or override value if specified) to compute a target object DN. This preserves the sub-OU hierarchy the object may be in from the source.
    2. Groups from AD sources, use the OU column (or override value if specified) to compute a target object DN. This preserves the sub-OU hierarchy the object may be in from the source.
  2. LegacyExchangeDN – the legacyExchangeDN of the target object is computed by constructing a value relative to the target Exchange organization.
  3. ShowInAddressBook – unless hiding from GAL is enabled. No override column is available for this field. To prevent overwriting object values in the target, GAL visibility for the ShowInAddressBook attribute should be set to Hidden.
    1. Rooms are added to the All Rooms address book, except for Exchange 2003 which doesn't have rooms or the All Rooms address book.
    2. Users are added to the All Users address book.
    3. Groups are added to the All Groups address book.
    4. All objects are added to the All Global Address Lists (GAL) address book.
  4. Manager – all objects except Groups
    1. Uses the Manager column (or override value if specified) for the source object.
    2. Locates the referenced Manager in the target.
    3. If the referenced Manager is a reference to itself, the Manager on the target object will be set on the next sync.
  5. ManagedBy – group objects only
    1. Uses the ManagedBy column (or override value if specified) for the source object.
    2. Follows the same process as Manager above.
  6. Assistant – all objects
    1. Uses the Assistant column (or override value if specified) for the source object.
    2. Follows the same process as Manager above.
  7. AltRecipient – all objects

    1. Uses the AltRecipient column (or override value if specified) for the source object.

    2. Follows the same process as Manager above.

  8. sAMAccountName – The sAMAccountName may be calculated under special circumstances, such as when a collision occurs. For this reason, during a sync following a reset, repush, or repushpull, the existing sAMAccountName in the target will be assumed to be current and therefore will be used in any mappings involving the sAMAccountName internal field.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating