Windows Azure Active Directory Connector for FIM 2010 R2 Quick Start Guide
Tip
For feedback, click here.
The objective of this guide is to provide you with the information you need to deploy the Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference in a lab environment.
Before You Begin
The objective of this section is to provide you with information about:
Prerequisite Knowledge
Target Audience
Scope
Prerequisite Knowledge
This guide assumes that you are familiar with configuring and administering FIM 2010, AD DS, AD FS and Office 365 for enterprises.
The following table provides links to related information:
| Area | Link |
|---|---|
Overview of FIM 2010 documentation and guidance for using it |
|
Overview of AD FS documentation and guidance for deployment and configuration |
In addition to this, this guide also assumes that you are familiar with the concepts outlined in the Multi-forest Directory Sync with Single Sign-On Scenario.
Target Audience
This guide is intended for IT planners, systems architects, technology decision makers, consultants, infrastructure planners, and secondary IT personnel involved in planning and deploying a multi-forest solution.
Scope
The scenario outlined in this document has been simplified to address the requirements of a simple lab environment. The focus is on helping the reader obtain a basic understanding of the technologies. This scenario is not intended for deployment in a production environment.
For more details, see the Scenario Description later in this guide.
Getting Support
If you have questions regarding the content of this document or if you have general feedback, post a message to the Forefront Identity Manager 2010 Discussion Forum.
Scenario Description
Fabrikam, a fictitious company, is investigating how to enable a hybrid deployment with AAD for their multiple Active Directory forests and configure Single Sign-On to allow their users to access Office 365 resources with their on-premises identities.
The decision was made to deploy a simple scenario in the corporate lab environment.
The Active Directory topology at Fabrikam consists of the following forests:
Three account forests containing logon-enabled user objects
One resource forest containing Exchange mailbox-enabled, logon-disabled user objects.
The two forests (fabrikam.com and sales.fabrikam.com) have two-way trusts with the Exchange resource forest, but the contoso.com only has a one-way trust with the resource forest. The synchronization solution for Fabrikam must combine the attributes from both forests when synchronizing objects into Office 365.
.jpg "Scenario")
In this guide, we will only include one of the account forests and the resource forest when we describe the identity synchronization solution. The pattern will be the same for all three account forests. For Identity single sign on the trust relationship is important and will be different for these different scenarios.
The objective of this lab is to test the following essential requirements:
On-Premise Logon and Mailbox Enabled Users – All users that are logon enabled and mailbox enabled must synchronize to AAD.
On-Premise Mail Enabled Contacts – All contacts that are mail enabled must synchronize to Office 365.
On-Premise Groups – All groups must synchronize to AAD (including both security groups and distribution groups).
The diagram below illustrates the aggregation of attributes from Fabrikam’s forests into a single metaverse object for identity synchronization, then the provisioning to AAD. This pattern of aggregation and provisioning is repeated to include more object types including Contacts and Groups.
.jpg "Aggregation of attributes")
Scenario Design
This section describes the synchronization scenarios in terms of Fabrikam’s requirements. The configuration in the next section accomplishes these requirements, and the test cases in this guide validate the functionality and track it back to these use cases.
Fabrikam requires the following use cases for each of the object types in scope (User, Contact, Group):
Provision – create new objects in AAD
Attribute Flow – keep the attributes up-to-date based on attributes from Active Directory
Deprovision – remove objects from AAD as they are removed from Active Directory
Join – ensure that relationships are re-established, and that duplicates are not created
Provision
Objects should be provisioned to AAD according to the mappings in the table below.
| On-premises AD Object Type | Office 365 Object Type |
|---|---|
User |
User |
Contact |
Contact |
Group |
Group |
Setting the SourceAnchor Attribute
Objects in Azure Active Directory are uniquely identified by the sourceAnchor attribute across all scenarios including synchronization and Identity Federation. The value for sourceAnchor must be unique in the AAD enterprise, and it must uniquely identify the corresponding on-premises object.
Fabrikam has chosen to use objectGuid as the value for the sourceAnchor attribute because they do not move objects between forests or domains within the same forest.
Note
See the Prepare for Single Sign-On section below for an in-depth discussion on how to select and populate a SourceAnchor attribute.
Filtering Objects from Office 365
There are cases where objects should not be provisioned to Office 365. The details of the filters are in the table below
Note
A design alternative would be to filter in the Active Directory Management Agents using filter rules. This design chose to filter at the Metaverse using the Provisioning extension, to simplify the number of places where the filter rules would exist.
| Filter | Description |
|---|---|
Hidden Objects |
Contacts with displayName contains (MSOL) and msExchHideFromAddressLists = True |
CAS Objects |
Any objects where mailNickname starts with 'CAS_' or samAccountName starts with ‘CAS_’or Alias starts with ‘CAS_’ && Contains ‘{‘ |
Critical System Objects |
Any object where iscriticalSystemObject = True |
Invalid Groups |
Groups mailNickname is null and displayName is null |
Squiggles |
Any object where mailNickname contains '{' or samAccountName contains ‘}’ |
Missing SamAccountName |
User objects where samAccountName is not present |
System Mailboxes |
User objects where mailNickname starts with ‘SystemMailbox{‘ |
Support Accounts |
User objects where samAccountName equals ‘SUPPORT_388945a0’ |
MSOL_AD_Sync Accounts |
Users objects where samAccountName equals ‘MSOL_AD_Sync’ |
Attribute Flow
You can find a complete list of attribute flows and the metaverse schema definition in the Configuration Reference section later in this guide.
For more details, see List of Attributes that are Synced by the Windows Azure Active Directory Sync Tool.
Note
The services in Office 365 only supports synchronizing the full set of attributes as documented. Only synchronizing a subset of attributes is not supported.
Users
Most attributes for User objects will come from the Resource Forest objects since it is expected that the data quality is best in the forest where Exchange is located. The attributes related to the logon object will come from the Account Forest.
Contacts
All attributes for Contact objects are taken from the Resource Forest because the Contact objects are not represented in the Account Forest.
Groups
Groups can be distribution groups (used by Exchange Online) and / or security groups (used by SharePoint Online).
In the scenario outlined in this article, attributes for group objects are taken from:
The Resource Forest when it is a distribution group.
The Account Forest when it is a security group.
Fabrikam has security groups in both the Resource Forest and the Account Forest so their FIM 2010 implementation Fabrikam includes synchronization rules to source groups from both forests. Security groups at Fabrikam do not includes members from other forests (all group members are in the same forest as the group). If Fabrikam were to start including group members from other forests then they would need to include Foreign Security Principal objects in their FIM 2010 implementation.
Distribution groups are always created in the resource forest.
Deprovision from AAD
Fabrikam requires that objects in AAD are removed when the corresponding object in the On-Premises AD is removed. This requirement applies to all of the in-scope object types (User, Contact, Group).
Testing environment
The following lab environment is recommended to test the procedures in this topic:
Windows Server domain controller hosting the Fabrikam.com domain
Windows Server domain controller hosting the Sales.fabrikam.com domain
Windows Server domain controller hosting the Contoso.com domain
Windows Server domain controller hosting the Exch.fabrikam.com domain
Windows Server member server hosting FIM 2010 Synchronization Service
FIM 2010 R2 Synchronization Service 4.1.3451.0 (KB2849119) or later
Visual Studio 2010 to be able to compile the sample code
Note
FIM 2010 R2 Synchronization Service with mentioned hotfix is required for the multi-forest synchronization solution in this guide.
Scenario Roadmap
The scenario roadmap in this document consists of two main building blocks:
Installing the Windows Azure AD connector for FIM 2010
Configuring the FIM Synchronization Service
Installing the Windows Azure AD connector for FIM 2010
The Windows Azure Active Directory Connector for FIM 2010 is available as a download from the Microsoft Download Center.
For a detailed overview of this connector including instructions about how to install it, see the Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference.
Configuring the FIM Synchronization Service
The configuration of the FIM synchronization service consists of three procedures:
Downloading the scenario configuration files
Loading the Server Configuration
Importing the Active Directory Management Agent
Implementing the rules extensions
Verifying the metaverse deletion rules
Performing an initial synchronization
Downloading the scenario configuration files
The scenario steps in this guide are based on an existing set of files that help you automate the configuration procedures.
To download the scenario configuration files, perform the following step:
- Download the configuration files for the Windows Azure Active Directory Connector for FIM 2010 from the Microsoft Download Center.
After you have download the scenario configuration zip file, you should extract its content to a folder on your FIM server.
Loading the Server Configuration
By loading the server configuration, you get the metaverse schema and the AAD connector with its attribute flows configured. The server configuration is the same as in DirSync but without the source AD MA.
.jpg "AAD connector")
To load the server configuration, perform the following steps:
In Synchronization Service Manager, select File and then Import Server Configuration. Import the server configuration located in the ServerConfig folder.
Warning
This step removes any other configuration on the server.
During the server configuration import, you are required to provide credentials for your AAD tenant.
.jpg "AAD connector credentials")
You will receive a message that you must do a “Refresh DLL”. Click OK on this popup.
After server import has completed, select the Connector, and Properties from the Actions menu. Click OK to save the Connector. This satisfied the “Refresh DLL” popup.
Importing the Active Directory Management Agent
The management agent imported with the server configuration in the previous section has just the synchronization rules for the AAD Connector.
This section provides instructions for adding an ADMA and the related synchronization rules for it.
To import an ADMA, perform the following steps:
Open the FIM Synchronization Service Manager.
Click on Management Agents.
From the Scripted Configuration\SourceMA folder, select the file that best matches the schema in the connected Active Directory forest.
.jpg "Select management agent")
Click Open to open the Create Management Agent dialog.
On the Create Management Agent page, provide a name for the management agent, such as “Fabrikam”.
.jpg "Create management agent")
On the Connect to Active Directory Forest page, provide the connection details for the forest you are connecting to.
.jpg "Connect to Active Directory Forest")
On the Partition Matching page, use the New, Match and Deselect buttons to manage the partitions for the management agent being created.
.jpg "Partition Matching")
On the Configure Directory Partitions page, select the containers and partitions to be in scope for this management agent. Also, on this page you can configure other ADMA options.
.jpg "Configure Directory Partitions")
Click Next on all of the remaining pages.
Note
If you are using the Exchange feature Hierarchical Address Book then you want to also add an attribute flow for the attribute msDS-HABSeniorityIndex on the attribute flow page.
On the last page, click Finish.
Implementing the rules extensions
Because the ADMA has several advanced import attribute flows configured, you need to implement a rules extension for this management agent and a metaverse rules extension to handle provisioning. The code for both extensions is included in the AADRulesExtensions project. You need to compile the AADRulesExtensions project to generate the related dll files.
To implementing the rules extensions, perform the following steps:
On the FIM server, open Visual Studio.
Load the AADRulesExtensions project which is part of the ZIP file.
In Visual Studio, change the Project properties in the Build section so that the output path refers to C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions.
Compile the project and verify that the AADRulesExtension.dll becomes available in the Extensions directory.
Verifying the metaverse deletion rules
The templates that comes with this guide configures the object deletion rule to delete a metaverse object when all source MAs have disconnected from the MV object. If this is not appropriate in your environment, please go to “Metaverse Designer” and select “Configure Object Deletion Rules” for the user, contact, and group objects.
Performing an initial synchronization
The management agents in this guide need to be initialized. The objective of the initialization is to load data into the connector spaces of the management agents and to initialize the configured synchronization rules.
Note
You can use the PowerShell script code from the Sample Run Script section for this procedure.
Troubleshooting
Unable to find configuration settings
The event log may contain informational events with a source of ‘Directory Synchronization’.
The events pertaining to configuration settings and configuration files can safely be ignored.
Configuration Reference
This section provides reference information about the following components:
Metaverse Schema for AAD Synchronization
Import Attribute Flow Rules for the ADMA
Metaverse Schema for AAD Synchronization
This section lists the complete list of metaverse attributes used in the solution for Office 365 Synchronization.
For the scenario in this article, the metaverse schema has been configured for the following object types:
Person Object
Contact Object
Group Object
Person Object
This section lists the metaverse configuration for the person object.
| Attribute Name | Syntax | Indexable | Indexed | Multivalued |
|---|---|---|---|---|
accountEnabled |
String |
FALSE |
FALSE |
FALSE |
alias |
String |
TRUE |
FALSE |
FALSE |
assistant |
Reference |
FALSE |
FALSE |
FALSE |
authOrig |
Reference |
FALSE |
FALSE |
TRUE |
c |
String |
TRUE |
FALSE |
FALSE |
city |
String |
TRUE |
FALSE |
FALSE |
cloudLegacyExchangeDN |
String |
TRUE |
FALSE |
FALSE |
cloudMSExchArchiveStatus |
Number |
FALSE |
FALSE |
FALSE |
cloudMSExchBlockedSendersHash |
Binary |
FALSE |
FALSE |
FALSE |
cloudMSExchRecipientDisplayType |
Number |
FALSE |
FALSE |
FALSE |
cloudMSExchSafeRecipientsHash |
Binary |
FALSE |
FALSE |
FALSE |
cloudMSExchSafeSendersHash |
Binary |
FALSE |
FALSE |
FALSE |
cloudMSExchUCVoiceMailSettings |
String |
FALSE |
FALSE |
TRUE |
cloudPublicDelegates |
Reference |
FALSE |
FALSE |
TRUE |
cn |
String |
TRUE |
FALSE |
FALSE |
codePage |
Number |
FALSE |
FALSE |
FALSE |
commonName |
String |
TRUE |
FALSE |
FALSE |
company |
String |
TRUE |
FALSE |
FALSE |
country |
String |
TRUE |
FALSE |
FALSE |
countryLetterCode |
String |
TRUE |
FALSE |
FALSE |
department |
String |
TRUE |
FALSE |
FALSE |
description |
String |
FALSE |
FALSE |
FALSE |
displayName |
String |
TRUE |
FALSE |
FALSE |
dLMemRejectPerms |
Reference |
FALSE |
FALSE |
TRUE |
dLMemSubmitPerms |
Reference |
FALSE |
FALSE |
TRUE |
extensionAttribute1 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute10 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute11 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute12 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute13 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute14 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute15 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute2 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute3 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute4 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute5 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute6 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute7 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute8 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute9 |
String |
FALSE |
FALSE |
FALSE |
facsimileTelephoneNumber |
String |
TRUE |
FALSE |
FALSE |
givenName |
String |
TRUE |
FALSE |
FALSE |
homePhone |
String |
TRUE |
FALSE |
FALSE |
info |
String |
FALSE |
FALSE |
FALSE |
initials |
String |
TRUE |
FALSE |
FALSE |
internetEncoding |
Number |
FALSE |
FALSE |
FALSE |
ipPhone |
String |
TRUE |
FALSE |
FALSE |
IsContact |
String |
TRUE |
FALSE |
FALSE |
isDisabled |
String |
FALSE |
FALSE |
FALSE |
l |
String |
TRUE |
FALSE |
FALSE |
legacyExchangeDN |
String |
TRUE |
TRUE |
FALSE |
String |
TRUE |
FALSE |
FALSE |
|
mailNickname |
String |
TRUE |
FALSE |
FALSE |
manager |
Reference |
FALSE |
FALSE |
FALSE |
middleName |
String |
TRUE |
FALSE |
FALSE |
mobile |
String |
TRUE |
FALSE |
FALSE |
msDshabSeniorityIndex |
Number |
FALSE |
FALSE |
FALSE |
msDsPhoneticDisplayName |
String |
TRUE |
FALSE |
FALSE |
msExchArchiveGuid |
Binary |
TRUE |
FALSE |
FALSE |
msExchArchiveName |
String |
FALSE |
FALSE |
TRUE |
msExchAssistantName |
String |
TRUE |
FALSE |
FALSE |
msExchAuditAdmin |
Number |
FALSE |
FALSE |
FALSE |
msExchAuditDelegate |
Number |
FALSE |
FALSE |
FALSE |
msExchAuditDelegateAdmin |
Number |
FALSE |
FALSE |
FALSE |
msExchAuditOwner |
Number |
FALSE |
FALSE |
FALSE |
msExchBlockedSendersHash |
Binary |
FALSE |
FALSE |
FALSE |
msExchBypassAudit |
Number |
FALSE |
FALSE |
FALSE |
msExchBypassModerationFromDLMembersLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchBypassModerationLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchDelegateListLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchELCExpirySuspensionEnd |
String |
TRUE |
FALSE |
FALSE |
msExchELCExpirySuspensionStart |
String |
TRUE |
FALSE |
FALSE |
msExchELCMailboxFlags |
Number |
FALSE |
FALSE |
FALSE |
msexchEnableModeration |
Binary |
FALSE |
FALSE |
FALSE |
msExchExtensionCustomAttribute1 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute2 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute3 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute4 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute5 |
String |
FALSE |
FALSE |
TRUE |
msExchHideFromAddressLists |
String |
FALSE |
FALSE |
FALSE |
msExchImmutableId |
String |
TRUE |
FALSE |
FALSE |
msExchLitigationHoldDate |
String |
TRUE |
FALSE |
FALSE |
msExchLitigationHoldOwner |
String |
FALSE |
FALSE |
FALSE |
msExchMailboxAuditEnable |
Number |
FALSE |
FALSE |
FALSE |
msExchMailboxAuditLogAgeLimit |
Number |
FALSE |
FALSE |
FALSE |
msExchMailboxGuid |
Binary |
TRUE |
FALSE |
FALSE |
msExchModeratedByLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchModerationFlags |
Number |
FALSE |
FALSE |
FALSE |
msExchRecipientDisplayType |
Number |
FALSE |
FALSE |
FALSE |
msExchRecipientTypeDetails |
Number |
FALSE |
FALSE |
FALSE |
msExchRemoteRecipientType |
Number |
FALSE |
FALSE |
FALSE |
msExchRequireAuthToSendTo |
String |
FALSE |
FALSE |
FALSE |
msExchResourceCapacity |
Number |
FALSE |
FALSE |
FALSE |
msExchResourceDisplay |
String |
FALSE |
FALSE |
FALSE |
msExchResourceMetaData |
String |
FALSE |
FALSE |
TRUE |
msExchResourceSearchProperties |
String |
FALSE |
FALSE |
TRUE |
msExchRetentionComment |
String |
FALSE |
FALSE |
FALSE |
msExchRetentionURL |
String |
FALSE |
FALSE |
FALSE |
msExchSafeRecipientsHash |
Binary |
FALSE |
FALSE |
FALSE |
msExchSafeSendersHash |
Binary |
FALSE |
FALSE |
FALSE |
msExchSenderHintTranslations |
String |
FALSE |
FALSE |
TRUE |
msExchTeamMailboxOwners |
Reference |
FALSE |
FALSE |
TRUE |
msExchTeamMailboxSharePointLinkedBy |
Reference |
FALSE |
FALSE |
FALSE |
msExchTeamMailboxSharePointUrl |
String |
FALSE |
FALSE |
FALSE |
MSRtcSipDeploymentLocator |
String |
FALSE |
FALSE |
FALSE |
msrtcSipLine |
String |
FALSE |
FALSE |
FALSE |
MSRtcSipOptionFlags |
Number |
FALSE |
FALSE |
FALSE |
MSRtcSipPrimaryUserAddress |
String |
FALSE |
FALSE |
FALSE |
MSRtcSipUserEnabled |
String |
FALSE |
FALSE |
FALSE |
objectSid |
Binary |
TRUE |
TRUE |
FALSE |
otherFacsimileTelephoneNumber |
String |
TRUE |
TRUE |
TRUE |
otherHomePhone |
String |
TRUE |
TRUE |
TRUE |
otherIpPhone |
String |
TRUE |
TRUE |
TRUE |
otherMobile |
String |
TRUE |
TRUE |
TRUE |
otherPager |
String |
TRUE |
TRUE |
TRUE |
otherTelephone |
String |
TRUE |
TRUE |
TRUE |
ou |
String |
TRUE |
FALSE |
FALSE |
pager |
String |
TRUE |
FALSE |
FALSE |
photo |
Binary |
FALSE |
FALSE |
FALSE |
physicalDeliveryOfficeName |
String |
TRUE |
FALSE |
FALSE |
postalCode |
String |
TRUE |
FALSE |
FALSE |
postOfficeBox |
String |
TRUE |
TRUE |
TRUE |
preferredLanguage |
String |
TRUE |
FALSE |
FALSE |
proxyAddresses |
String |
FALSE |
FALSE |
TRUE |
publicDelegates |
Reference |
FALSE |
FALSE |
TRUE |
sourceAnchor |
String |
TRUE |
TRUE |
FALSE |
state |
String |
TRUE |
FALSE |
FALSE |
streetAddress |
String |
FALSE |
FALSE |
FALSE |
surname |
String |
TRUE |
FALSE |
FALSE |
targetAddress |
String |
FALSE |
FALSE |
FALSE |
telephoneAssistant |
String |
TRUE |
FALSE |
FALSE |
telephoneNumber |
String |
TRUE |
FALSE |
FALSE |
thumbnailPhoto |
Binary |
FALSE |
FALSE |
FALSE |
title |
String |
TRUE |
FALSE |
FALSE |
countryCode |
Number |
FALSE |
FALSE |
FALSE |
distinguishedName |
String |
TRUE |
FALSE |
FALSE |
memberOf |
Reference |
FALSE |
FALSE |
TRUE |
name |
String |
TRUE |
FALSE |
FALSE |
sAMAccountName |
String |
TRUE |
TRUE |
FALSE |
unauthOrig |
Reference |
FALSE |
FALSE |
TRUE |
url |
String |
FALSE |
FALSE |
TRUE |
usageLocation |
String |
TRUE |
FALSE |
FALSE |
userAccountControl |
Number |
FALSE |
FALSE |
FALSE |
userPrincipalName |
String |
FALSE |
FALSE |
FALSE |
wWWHomePage |
String |
FALSE |
FALSE |
FALSE |
Contact Object
This section lists the metaverse configuration for the contact object.
| Attribute Name | Syntax | Indexable | Indexed | Multivalued |
|---|---|---|---|---|
alias |
String |
TRUE |
FALSE |
FALSE |
assistant |
Reference |
FALSE |
FALSE |
FALSE |
authOrig |
Reference |
FALSE |
FALSE |
TRUE |
c |
String |
TRUE |
FALSE |
FALSE |
city |
String |
TRUE |
FALSE |
FALSE |
cloudLegacyExchangeDN |
String |
TRUE |
FALSE |
FALSE |
cloudPublicDelegates |
Reference |
FALSE |
FALSE |
TRUE |
commonName |
String |
TRUE |
FALSE |
FALSE |
company |
String |
TRUE |
FALSE |
FALSE |
country |
String |
TRUE |
FALSE |
FALSE |
countryCode |
Number |
FALSE |
FALSE |
FALSE |
countryLetterCode |
String |
TRUE |
FALSE |
FALSE |
department |
String |
TRUE |
FALSE |
FALSE |
description |
String |
FALSE |
FALSE |
FALSE |
displayName |
String |
TRUE |
FALSE |
FALSE |
dLMemRejectPerms |
Reference |
FALSE |
FALSE |
TRUE |
dLMemSubmitPerms |
Reference |
FALSE |
FALSE |
TRUE |
employeeID |
String |
TRUE |
FALSE |
FALSE |
employeeStatus |
String |
TRUE |
FALSE |
FALSE |
employeeType |
String |
TRUE |
FALSE |
FALSE |
extensionAttribute1 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute10 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute11 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute12 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute13 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute14 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute15 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute2 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute3 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute4 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute5 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute6 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute7 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute8 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute9 |
String |
FALSE |
FALSE |
FALSE |
facsimileTelephoneNumber |
String |
TRUE |
FALSE |
FALSE |
generationQualifier |
String |
TRUE |
FALSE |
FALSE |
givenName |
String |
TRUE |
FALSE |
FALSE |
homePhone |
String |
TRUE |
FALSE |
FALSE |
hostedName |
String |
TRUE |
FALSE |
FALSE |
info |
String |
FALSE |
FALSE |
FALSE |
initials |
String |
TRUE |
FALSE |
FALSE |
internetEncoding |
Number |
FALSE |
FALSE |
FALSE |
ipPhone |
String |
TRUE |
FALSE |
FALSE |
legacyExchangeDN |
String |
TRUE |
TRUE |
FALSE |
location |
String |
TRUE |
FALSE |
FALSE |
String |
TRUE |
FALSE |
FALSE |
|
mailNickname |
String |
TRUE |
FALSE |
FALSE |
manager |
Reference |
FALSE |
FALSE |
FALSE |
memberOf |
Reference |
FALSE |
FALSE |
TRUE |
middleName |
String |
TRUE |
FALSE |
FALSE |
mobile |
String |
TRUE |
FALSE |
FALSE |
msDshabSeniorityIndex |
Number |
FALSE |
FALSE |
FALSE |
msDsPhoneticDisplayName |
String |
TRUE |
FALSE |
FALSE |
msExchAssistantName |
String |
TRUE |
FALSE |
FALSE |
msExchBlockedSendersHash |
Binary |
FALSE |
FALSE |
FALSE |
msExchBypassModerationFromDLMembersLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchBypassModerationLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchEnableModeration |
Binary |
FALSE |
FALSE |
FALSE |
msExchExtensionCustomAttribute1 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute2 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute3 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute4 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute5 |
String |
FALSE |
FALSE |
TRUE |
msExchHideFromAddressLists |
String |
FALSE |
FALSE |
FALSE |
msExchLitigationHoldDate |
String |
TRUE |
FALSE |
FALSE |
msExchLitigationHoldOwner |
String |
FALSE |
FALSE |
FALSE |
msExchModeratedByLink |
Reference |
FALSE |
FALSE |
TRUE |
msexchModerationFlags |
Number |
FALSE |
FALSE |
FALSE |
msexchRecipientDisplayType |
Number |
FALSE |
FALSE |
FALSE |
msExchRecipientTypeDetails |
Number |
FALSE |
FALSE |
FALSE |
msExchRequireAuthToSendTo |
String |
FALSE |
FALSE |
FALSE |
msExchRetentionComment |
String |
FALSE |
FALSE |
FALSE |
msExchRetentionURL |
String |
FALSE |
FALSE |
FALSE |
msExchSafeRecipientsHash |
Binary |
FALSE |
FALSE |
FALSE |
msExchSafeSendersHash |
Binary |
FALSE |
FALSE |
FALSE |
msExchSenderHintTranslations |
String |
FALSE |
FALSE |
TRUE |
MSRtcSipDeploymentLocator |
String |
FALSE |
FALSE |
FALSE |
msrtcSipLine |
String |
FALSE |
FALSE |
FALSE |
MSRtcSipOptionFlags |
Number |
FALSE |
FALSE |
FALSE |
MSRtcSipPrimaryUserAddress |
String |
FALSE |
FALSE |
FALSE |
MSRtcSipUserEnabled |
String |
FALSE |
FALSE |
FALSE |
O |
String |
TRUE |
FALSE |
FALSE |
otherFacsimileTelephoneNumber |
String |
TRUE |
TRUE |
TRUE |
otherHomePhone |
String |
TRUE |
TRUE |
TRUE |
otherIpPhone |
String |
TRUE |
TRUE |
TRUE |
otherMailbox |
String |
TRUE |
TRUE |
TRUE |
otherMobile |
String |
TRUE |
TRUE |
TRUE |
otherPager |
String |
TRUE |
TRUE |
TRUE |
otherTelephone |
String |
TRUE |
TRUE |
TRUE |
Ou |
String |
TRUE |
FALSE |
FALSE |
pager |
String |
TRUE |
FALSE |
FALSE |
personalTitle |
String |
TRUE |
FALSE |
FALSE |
physicalDeliveryOfficeName |
String |
TRUE |
FALSE |
FALSE |
postalAddress |
String |
TRUE |
FALSE |
FALSE |
postalCode |
String |
TRUE |
FALSE |
FALSE |
postOfficeBox |
String |
TRUE |
TRUE |
TRUE |
proxyAddresses |
String |
FALSE |
FALSE |
TRUE |
publicDelegates |
Reference |
FALSE |
FALSE |
TRUE |
sAMAccountName |
String |
TRUE |
TRUE |
FALSE |
secretary |
Reference |
FALSE |
FALSE |
FALSE |
seeAlso |
Reference |
FALSE |
FALSE |
FALSE |
sourceAnchor |
String |
TRUE |
TRUE |
FALSE |
state |
String |
TRUE |
FALSE |
FALSE |
street |
String |
TRUE |
FALSE |
FALSE |
streetAddress |
String |
FALSE |
FALSE |
FALSE |
surname |
String |
TRUE |
FALSE |
FALSE |
targetAddress |
String |
FALSE |
FALSE |
FALSE |
telephoneAssistant |
String |
TRUE |
FALSE |
FALSE |
telephoneNumber |
String |
TRUE |
FALSE |
FALSE |
thumbnailPhoto |
Binary |
FALSE |
FALSE |
FALSE |
title |
String |
TRUE |
FALSE |
FALSE |
uid |
String |
TRUE |
FALSE |
FALSE |
unauthOrig |
Reference |
FALSE |
FALSE |
TRUE |
url |
String |
FALSE |
FALSE |
TRUE |
userCertificate |
Binary |
FALSE |
FALSE |
TRUE |
userSMIMECertificate |
Binary |
FALSE |
FALSE |
TRUE |
wWWHomePage |
String |
FALSE |
FALSE |
FALSE |
Group Object
This section lists the metaverse configuration for the group object.
| Attribute Name | Syntax | Indexable | Indexed | Multivalued |
|---|---|---|---|---|
alias |
String |
TRUE |
FALSE |
FALSE |
assistant |
Reference |
FALSE |
FALSE |
FALSE |
authOrig |
Reference |
FALSE |
FALSE |
TRUE |
cloudLegacyExchangeDN |
String |
TRUE |
FALSE |
FALSE |
cloudPublicDelegates |
Reference |
FALSE |
FALSE |
TRUE |
commonName |
String |
TRUE |
FALSE |
FALSE |
description |
String |
FALSE |
FALSE |
FALSE |
displayName |
String |
TRUE |
FALSE |
FALSE |
dLMemRejectPerms |
Reference |
FALSE |
FALSE |
TRUE |
dLMemSubmitPerms |
Reference |
FALSE |
FALSE |
TRUE |
extensionAttribute1 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute10 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute11 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute12 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute13 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute14 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute15 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute2 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute3 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute4 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute5 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute6 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute7 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute8 |
String |
FALSE |
FALSE |
FALSE |
extensionAttribute9 |
String |
FALSE |
FALSE |
FALSE |
hideDLMembership |
String |
FALSE |
FALSE |
FALSE |
info |
String |
FALSE |
FALSE |
FALSE |
internetEncoding |
Number |
FALSE |
FALSE |
FALSE |
legacyExchangeDN |
String |
TRUE |
TRUE |
FALSE |
String |
TRUE |
FALSE |
FALSE |
|
mailNickname |
String |
TRUE |
FALSE |
FALSE |
managedBy |
Reference |
FALSE |
FALSE |
FALSE |
manager |
Reference |
FALSE |
FALSE |
FALSE |
member |
Reference |
FALSE |
FALSE |
TRUE |
msDshabSeniorityIndex |
Number |
FALSE |
FALSE |
FALSE |
msDsPhoneticDisplayName |
String |
TRUE |
FALSE |
FALSE |
msExchBypassModerationFromDLMembersLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchBypassModerationLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchCoManagedByLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchEnableModeration |
Binary |
FALSE |
FALSE |
FALSE |
msExchExtensionCustomAttribute1 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute2 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute3 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute4 |
String |
FALSE |
FALSE |
TRUE |
msExchExtensionCustomAttribute5 |
String |
FALSE |
FALSE |
TRUE |
msExchGroupDepartRestriction |
Number |
FALSE |
FALSE |
FALSE |
msExchGroupJoinRestriction |
Number |
FALSE |
FALSE |
FALSE |
msExchHideFromAddressLists |
String |
FALSE |
FALSE |
FALSE |
msExchLitigationHoldDate |
String |
TRUE |
FALSE |
FALSE |
msExchLitigationHoldOwner |
String |
FALSE |
FALSE |
FALSE |
msExchModeratedByLink |
Reference |
FALSE |
FALSE |
TRUE |
msExchModerationFlags |
Number |
FALSE |
FALSE |
FALSE |
msExchRecipientDisplayType |
Number |
FALSE |
FALSE |
FALSE |
msExchRecipientTypeDetails |
Number |
FALSE |
FALSE |
FALSE |
msExchRequireAuthToSendTo |
String |
FALSE |
FALSE |
FALSE |
msExchRetentionComment |
String |
FALSE |
FALSE |
FALSE |
msExchRetentionURL |
String |
FALSE |
FALSE |
FALSE |
msExchSenderHintTranslations |
String |
FALSE |
FALSE |
TRUE |
msOrgIsOrganizational |
Number |
FALSE |
FALSE |
FALSE |
O |
String |
TRUE |
FALSE |
FALSE |
oOFReplyToOriginator |
String |
FALSE |
FALSE |
FALSE |
ou |
String |
TRUE |
FALSE |
FALSE |
proxyAddresses |
String |
FALSE |
FALSE |
TRUE |
publicDelegates |
Reference |
FALSE |
FALSE |
TRUE |
reportToOriginator |
String |
FALSE |
FALSE |
FALSE |
reportToOwner |
String |
FALSE |
FALSE |
FALSE |
securityEnabled |
String |
FALSE |
FALSE |
FALSE |
seeAlso |
Reference |
FALSE |
FALSE |
FALSE |
sourceAnchor |
String |
TRUE |
TRUE |
FALSE |
targetAddress |
String |
FALSE |
FALSE |
FALSE |
telephoneNumber |
String |
TRUE |
FALSE |
FALSE |
uid |
String |
TRUE |
FALSE |
FALSE |
groupType |
Number |
FALSE |
FALSE |
FALSE |
memberOf |
Reference |
FALSE |
FALSE |
TRUE |
role |
String |
TRUE |
FALSE |
FALSE |
sAMAccountName |
String |
TRUE |
TRUE |
FALSE |
site |
String |
TRUE |
FALSE |
FALSE |
siteMember |
String |
TRUE |
TRUE |
TRUE |
unauthOrig |
Reference |
FALSE |
FALSE |
TRUE |
Import Attribute Flow Rules for the ADMA
This section lists the import attribute flow Rules for the ADMA.
For the scenario in this article, the following flow rule sets are configured:
User to Person Import Attribute Flow Rules
InetOrgPerson to Person Import Attribute Flow Rules
Contact to Contact Import Attribute Flow Rules
Group to Group Import Attribute Flow Rules
User to Person Import Attribute Flow Rules
This section lists the Person to Person import attribute flow rules.
| Data Source Attribute | Metaverse Attribute | Mapping Type | Script Context |
|---|---|---|---|
assistant |
assistant |
DIRECT |
|
authOrig |
authOrig |
DIRECT |
|
{c, homeMDB} |
CountryLetterCode |
SCRIPTED |
AccountForestIAF::c:CountryLetterCode |
{cn, homeMDB} |
CommonName |
SCRIPTED |
AccountForestIAF::cn:CommonName |
{co, homeMDB} |
Country |
SCRIPTED |
AccountForestIAF::co:Country |
{company, homeMDB} |
company |
SCRIPTED |
AccountForestIAF::company:company |
{countryCode, homeMDB} |
countryCode |
SCRIPTED |
AccountForestIAF::countryCode:countryCode |
{department, homeMDB} |
department |
SCRIPTED |
AccountForestIAF::department:department |
{description, homeMDB} |
description |
SCRIPTED |
AccountForestIAF::description:description |
{displayName, homeMDB} |
displayName |
SCRIPTED |
AccountForestIAF::displayName:displayName |
dLMemRejectPerms |
dLMemRejectPerms |
DIRECT |
|
dLMemSubmitPerms |
dLMemSubmitPerms |
DIRECT |
|
{extensionAttribute1, homeMDB} |
extensionAttribute1 |
SCRIPTED |
MailForestIAF::extensionAttribute1:extensionAttribute1 |
{extensionAttribute10, homeMDB} |
extensionAttribute10 |
SCRIPTED |
MailForestIAF::extensionAttribute10:extensionAttribute10 |
{extensionAttribute11, homeMDB} |
extensionAttribute11 |
SCRIPTED |
MailForestIAF::extensionAttribute11:extensionAttribute11 |
{extensionAttribute12, homeMDB} |
extensionAttribute12 |
SCRIPTED |
MailForestIAF::extensionAttribute12:extensionAttribute12 |
{extensionAttribute13, homeMDB} |
extensionAttribute13 |
SCRIPTED |
MailForestIAF::extensionAttribute13:extensionAttribute13 |
{extensionAttribute14, homeMDB} |
extensionAttribute14 |
SCRIPTED |
MailForestIAF::extensionAttribute14:extensionAttribute14 |
{extensionAttribute15, homeMDB} |
extensionAttribute15 |
SCRIPTED |
MailForestIAF::extensionAttribute15:extensionAttribute15 |
{extensionAttribute2, homeMDB} |
extensionAttribute2 |
SCRIPTED |
MailForestIAF::extensionAttribute2:extensionAttribute2 |
{extensionAttribute3, homeMDB} |
extensionAttribute3 |
SCRIPTED |
MailForestIAF::extensionAttribute3:extensionAttribute3 |
{extensionAttribute4, homeMDB} |
extensionAttribute4 |
SCRIPTED |
MailForestIAF::extensionAttribute4:extensionAttribute4 |
{extensionAttribute5, homeMDB} |
extensionAttribute5 |
SCRIPTED |
MailForestIAF::extensionAttribute5:extensionAttribute5 |
{extensionAttribute6, homeMDB} |
extensionAttribute6 |
SCRIPTED |
MailForestIAF::extensionAttribute6:extensionAttribute6 |
{extensionAttribute7, homeMDB} |
extensionAttribute7 |
SCRIPTED |
MailForestIAF::extensionAttribute7:extensionAttribute7 |
{extensionAttribute8, homeMDB} |
extensionAttribute8 |
SCRIPTED |
MailForestIAF::extensionAttribute8:extensionAttribute8 |
{extensionAttribute9, homeMDB} |
extensionAttribute9 |
SCRIPTED |
MailForestIAF::extensionAttribute9:extensionAttribute9 |
{facsimileTelephoneNumber, homeMDB} |
facsimileTelephoneNumber |
SCRIPTED |
AccountForestIAF::facsimileTelephoneNumber:facsimileTelephoneNumber |
{givenName, homeMDB} |
givenName |
SCRIPTED |
AccountForestIAF::givenName:givenName |
{homeMDB, objectSid} |
objectSid |
SCRIPTED |
AccountForestIAF::objectSid:objectSid |
{homePhone, homeMDB} |
homePhone |
SCRIPTED |
AccountForestIAF::homePhone:homePhone |
{info, homeMDB} |
info |
SCRIPTED |
AccountForestIAF::info:info |
{initials, homeMDB} |
initials |
SCRIPTED |
AccountForestIAF::initials:initials |
{ipPhone, homeMDB} |
ipPhone |
SCRIPTED |
AccountForestIAF::ipPhone:ipPhone |
{l, homeMDB} |
City |
SCRIPTED |
AccountForestIAF::l:City |
{legacyExchangeDN, homeMDB} |
legacyExchangeDN |
SCRIPTED |
AccountForestIAF::legacyExchangeDN:legacyExchangeDN |
{mail, homeMDB} |
SCRIPTED |
AccountForestIAF::mail:mail |
|
{mailNickname, homeMDB} |
alias |
SCRIPTED |
MailForestIAF::mailNickname:alias |
manager |
manager |
DIRECT |
|
{middleName, homeMDB} |
middleName |
SCRIPTED |
AccountForestIAF::middleName:middleName |
{mobile, homeMDB} |
mobile |
SCRIPTED |
AccountForestIAF::mobile:mobile |
{msDS-HABSeniorityIndex, homeMDB} |
msdshabSeniorityIndex |
SCRIPTED |
AccountForestIAF::msDS-HABSeniorityIndex:msdshabSeniorityIndex |
{msDS-PhoneticDisplayName, homeMDB} |
msdsPhoneticDisplayName |
SCRIPTED |
AccountForestIAF::msDS-PhoneticDisplayName:msdsPhoneticDisplayName |
{msExchArchiveGUID, homeMDB} |
msexchArchiveGuid |
SCRIPTED |
MailForestIAF::msExchArchiveGUID:msexchArchiveGuid |
{msExchArchiveName, homeMDB} |
msExchArchiveName |
SCRIPTED |
MailForestIAF::msExchArchiveName:msExchArchiveName |
{msExchAssistantName, homeMDB} |
msExchAssistantName |
SCRIPTED |
AccountForestIAF::msExchAssistantName:msExchAssistantName |
{msExchBlockedSendersHash, homeMDB} |
msExchBlockedSendersHash |
SCRIPTED |
MailForestIAF::msExchBlockedSendersHash:msExchBlockedSendersHash |
msExchBypassModerationFromDLMembersLink |
msExchBypassModerationFromDLMembersLink |
DIRECT |
|
msExchBypassModerationLink |
msExchBypassModerationLink |
DIRECT |
|
msExchDelegateListLink |
msExchDelegateListLink |
DIRECT |
|
{msExchELCExpirySuspensionEnd, homeMDB} |
msExchELCExpirySuspensionEnd |
SCRIPTED |
MailForestIAF::msExchELCExpirySuspensionEnd:msExchELCExpirySuspensionEnd |
{msExchELCExpirySuspensionStart, homeMDB} |
msExchELCExpirySuspensionStart |
SCRIPTED |
MailForestIAF::msExchELCExpirySuspensionStart:msExchELCExpirySuspensionStart |
{msExchELCMailboxFlags, homeMDB} |
msExchELCMailboxFlags |
SCRIPTED |
MailForestIAF::msExchELCMailboxFlags:msExchELCMailboxFlags |
{msExchEnableModeration, homeMDB} |
msexchEnableModeration |
SCRIPTED |
MailForestIAF::msExchEnableModeration:msexchEnableModeration |
{msExchHideFromAddressLists, homeMDB} |
msExchHideFromAddressLists |
SCRIPTED |
MailForestIAF::msExchHideFromAddressLists:msExchHideFromAddressLists |
{msExchImmutableId, homeMDB} |
msexchImmutableId |
SCRIPTED |
MailForestIAF::msExchImmutableId:msexchImmutableId |
{msExchMailboxGuid, homeMDB} |
msExchMailboxGuid |
SCRIPTED |
MailForestIAF::msExchMailboxGuid:msExchMailboxGuid |
msExchModeratedByLink |
msExchModeratedByLink |
DIRECT |
|
{msExchModerationFlags, homeMDB} |
msexchModerationFlags |
SCRIPTED |
MailForestIAF::msExchModerationFlags:msexchModerationFlags |
{msExchRecipientDisplayType, homeMDB} |
msexchRecipientDisplayType |
SCRIPTED |
MailForestIAF::msExchRecipientDisplayType:msexchRecipientDisplayType |
{msExchRecipientTypeDetails, homeMDB} |
msExchRecipientTypeDetails |
SCRIPTED |
MailForestIAF::msExchRecipientTypeDetails:msExchRecipientTypeDetails |
{msExchRequireAuthToSendTo, homeMDB} |
msExchRequireAuthToSendTo |
SCRIPTED |
MailForestIAF::msExchRequireAuthToSendTo:msExchRequireAuthToSendTo |
{msExchResourceCapacity, homeMDB} |
msexchResourceCapacity |
SCRIPTED |
MailForestIAF::msExchResourceCapacity:msexchResourceCapacity |
{msExchResourceDisplay, homeMDB} |
msExchResourceDisplay |
SCRIPTED |
MailForestIAF::msExchResourceDisplay:msExchResourceDisplay |
{msExchResourceMetaData, homeMDB} |
msexchResourceMetaData |
SCRIPTED |
MailForestIAF::msExchResourceMetaData:msexchResourceMetaData |
{msExchResourceSearchProperties, homeMDB} |
msexchResourceSearchProperties |
SCRIPTED |
MailForestIAF::msExchResourceSearchProperties:msexchResourceSearchProperties |
{msExchRetentionComment, homeMDB} |
msExchRetentionComment |
SCRIPTED |
MailForestIAF::msExchRetentionComment:msExchRetentionComment |
{msExchRetentionURL, homeMDB} |
msExchRetentionURL |
SCRIPTED |
MailForestIAF::msExchRetentionURL:msExchRetentionURL |
{msExchSafeRecipientsHash, homeMDB} |
msExchSafeRecipientsHash |
SCRIPTED |
MailForestIAF::msExchSafeRecipientsHash:msExchSafeRecipientsHash |
{msExchSafeSendersHash, homeMDB} |
msExchSafeSendersHash |
SCRIPTED |
MailForestIAF::msExchSafeSendersHash:msExchSafeSendersHash |
{msExchSenderHintTranslations, homeMDB} |
msexchSenderHintTranslations |
SCRIPTED |
MailForestIAF::msExchSenderHintTranslations:msexchSenderHintTranslations |
{objectGUID, userAccountControl, homeMDB} |
sourceAnchor |
SCRIPTED |
import::ad:objectGUID->mv:sourceAnchor |
{otherFacsimileTelephoneNumber, homeMDB} |
otherFacsimileTelephoneNumber |
SCRIPTED |
AccountForestIAF::otherFacsimileTelephoneNumber:otherFacsimileTelephoneNumber |
{otherHomePhone, homeMDB} |
otherHomePhone |
SCRIPTED |
AccountForestIAF::otherHomePhone:otherHomePhone |
{otherIpPhone, homeMDB} |
otherIpPhone |
SCRIPTED |
AccountForestIAF::otherIpPhone:otherIpPhone |
{otherMobile, homeMDB} |
otherMobile |
SCRIPTED |
AccountForestIAF::otherMobile:otherMobile |
{otherPager, homeMDB} |
otherPager |
SCRIPTED |
AccountForestIAF::otherPager:otherPager |
{otherTelephone, homeMDB} |
otherTelephone |
SCRIPTED |
AccountForestIAF::otherTelephone:otherTelephone |
{pager, homeMDB} |
pager |
SCRIPTED |
AccountForestIAF::pager:pager |
{photo, homeMDB} |
photo |
SCRIPTED |
AccountForestIAF::photo:photo |
{physicalDeliveryOfficeName, homeMDB} |
physicalDeliveryOfficeName |
SCRIPTED |
AccountForestIAF::physicalDeliveryOfficeName:physicalDeliveryOfficeName |
{postalCode, homeMDB} |
postalCode |
SCRIPTED |
AccountForestIAF::postalCode:postalCode |
{postOfficeBox, homeMDB} |
PostOfficeBox |
SCRIPTED |
AccountForestIAF::postOfficeBox:PostOfficeBox |
{preferredLanguage, homeMDB} |
preferredLanguage |
SCRIPTED |
AccountForestIAF::preferredLanguage:preferredLanguage |
{proxyAddresses, homeMDB} |
proxyAddresses |
SCRIPTED |
MailForestIAF::proxyAddresses:proxyAddresses |
publicDelegates |
publicDelegates |
DIRECT |
|
{sn, homeMDB} |
Surname |
SCRIPTED |
AccountForestIAF::sn:Surname |
{st, homeMDB} |
State |
SCRIPTED |
AccountForestIAF::st:State |
{streetAddress, homeMDB} |
streetAddress |
SCRIPTED |
AccountForestIAF::streetAddress:streetAddress |
{targetAddress, homeMDB} |
targetAddress |
SCRIPTED |
MailForestIAF::targetAddress:targetAddress |
{telephoneAssistant, homeMDB} |
telephoneAssistant |
SCRIPTED |
MailForestIAF::telephoneAssistant:telephoneAssistant |
{telephoneNumber, homeMDB} |
telephoneNumber |
SCRIPTED |
AccountForestIAF::telephoneNumber:telephoneNumber |
{thumbnailPhoto, homeMDB} |
thumbnailPhoto |
SCRIPTED |
AccountForestIAF::thumbnailPhoto:thumbnailPhoto |
{title, homeMDB} |
title |
SCRIPTED |
AccountForestIAF::title:title |
unauthOrig |
unauthOrig |
DIRECT |
|
{url, homeMDB} |
url |
SCRIPTED |
AccountForestIAF::url:url |
{userAccountControl, homeMDB} |
accountEnabled |
SCRIPTED |
cd.user:userAccountControl->mv.person:accountEnabled |
{wWWHomePage, homeMDB} |
wWWHomePage |
SCRIPTED |
AccountForestIAF::wWWHomePage:wWWHomePage |
msExchUserHoldPolicies |
msExchUserHoldPolicies |
DIRECT |
|
msRTCSIP-OwnerUrn |
msRTCSIPOwnerUrn |
DIRECT |
|
msRTCSIP-ApplicationOptions |
msRTCSIPApplicationOptions |
DIRECT |
|
msExchTeamMailboxExpiration |
msExchTeamMailboxExpiration |
DIRECT |
InetOrgPerson to Person Import Attribute Flow Rules
This section lists the inetOrgPerson to Person import attribute flow rules.
| Data Source Attribute | Metaverse Attribute | Mapping Type | Script Context |
|---|---|---|---|
{cn, homeMDB} |
CommonName |
SCRIPTED |
AccountForestIAF::cn:CommonName |
{co, homeMDB} |
Country |
SCRIPTED |
AccountForestIAF::co:Country |
{company, homeMDB} |
company |
SCRIPTED |
AccountForestIAF::company:company |
{countryCode, homeMDB} |
countryCode |
SCRIPTED |
AccountForestIAF::countryCode:countryCode |
{department, homeMDB} |
department |
SCRIPTED |
AccountForestIAF::department:department |
{description, homeMDB} |
description |
SCRIPTED |
AccountForestIAF::description:description |
{displayName, homeMDB} |
displayName |
SCRIPTED |
AccountForestIAF::displayName:displayName |
{extensionAttribute1, homeMDB} |
extensionAttribute1 |
SCRIPTED |
MailForestIAF::extensionAttribute1:extensionAttribute1 |
{extensionAttribute10, homeMDB} |
extensionAttribute10 |
SCRIPTED |
MailForestIAF::extensionAttribute10:extensionAttribute10 |
{extensionAttribute11, homeMDB} |
extensionAttribute11 |
SCRIPTED |
MailForestIAF::extensionAttribute11:extensionAttribute11 |
{extensionAttribute12, homeMDB} |
extensionAttribute12 |
SCRIPTED |
MailForestIAF::extensionAttribute12:extensionAttribute12 |
{extensionAttribute13, homeMDB} |
extensionAttribute13 |
SCRIPTED |
MailForestIAF::extensionAttribute13:extensionAttribute13 |
{extensionAttribute14, homeMDB} |
extensionAttribute14 |
SCRIPTED |
MailForestIAF::extensionAttribute14:extensionAttribute14 |
{extensionAttribute15, homeMDB} |
extensionAttribute15 |
SCRIPTED |
MailForestIAF::extensionAttribute15:extensionAttribute15 |
{extensionAttribute2, homeMDB} |
extensionAttribute2 |
SCRIPTED |
MailForestIAF::extensionAttribute2:extensionAttribute2 |
{extensionAttribute3, homeMDB} |
extensionAttribute3 |
SCRIPTED |
MailForestIAF::extensionAttribute3:extensionAttribute3 |
{extensionAttribute4, homeMDB} |
extensionAttribute4 |
SCRIPTED |
MailForestIAF::extensionAttribute4:extensionAttribute4 |
{extensionAttribute5, homeMDB} |
extensionAttribute5 |
SCRIPTED |
MailForestIAF::extensionAttribute5:extensionAttribute5 |
{extensionAttribute6, homeMDB} |
extensionAttribute6 |
SCRIPTED |
MailForestIAF::extensionAttribute6:extensionAttribute6 |
{extensionAttribute7, homeMDB} |
extensionAttribute7 |
SCRIPTED |
MailForestIAF::extensionAttribute7:extensionAttribute7 |
{extensionAttribute8, homeMDB} |
extensionAttribute8 |
SCRIPTED |
MailForestIAF::extensionAttribute8:extensionAttribute8 |
{extensionAttribute9, homeMDB} |
extensionAttribute9 |
SCRIPTED |
MailForestIAF::extensionAttribute9:extensionAttribute9 |
{facsimileTelephoneNumber, homeMDB} |
facsimileTelephoneNumber |
SCRIPTED |
AccountForestIAF::facsimileTelephoneNumber:facsimileTelephoneNumber |
{givenName, homeMDB} |
givenName |
SCRIPTED |
AccountForestIAF::givenName:givenName |
{homePhone, homeMDB} |
homePhone |
SCRIPTED |
AccountForestIAF::homePhone:homePhone |
{info, homeMDB} |
info |
SCRIPTED |
AccountForestIAF::info:info |
{initials, homeMDB} |
initials |
SCRIPTED |
AccountForestIAF::initials:initials |
{ipPhone, homeMDB} |
ipPhone |
SCRIPTED |
AccountForestIAF::ipPhone:ipPhone |
{l, homeMDB} |
City |
SCRIPTED |
AccountForestIAF::l:City |
{legacyExchangeDN, homeMDB} |
legacyExchangeDN |
SCRIPTED |
AccountForestIAF::legacyExchangeDN:legacyExchangeDN |
{mail, homeMDB} |
SCRIPTED |
AccountForestIAF::mail:mail |
|
{mailNickname, homeMDB} |
alias |
SCRIPTED |
MailForestIAF::mailNickname:alias |
manager |
manager |
DIRECT |
|
{middleName, homeMDB} |
middleName |
SCRIPTED |
AccountForestIAF::middleName:middleName |
{mobile, homeMDB} |
mobile |
SCRIPTED |
AccountForestIAF::mobile:mobile |
{msDS-HABSeniorityIndex, homeMDB} |
msdshabSeniorityIndex |
SCRIPTED |
AccountForestIAF::msDS-HABSeniorityIndex:msdshabSeniorityIndex |
{msDS-PhoneticDisplayName, homeMDB} |
msdsPhoneticDisplayName |
SCRIPTED |
AccountForestIAF::msDS-PhoneticDisplayName:msdsPhoneticDisplayName |
{msExchArchiveGUID, homeMDB} |
msexchArchiveGuid |
SCRIPTED |
MailForestIAF::msExchArchiveGUID:msexchArchiveGuid |
{msExchArchiveName, homeMDB} |
msExchArchiveName |
SCRIPTED |
MailForestIAF::msExchArchiveName:msExchArchiveName |
{msExchAssistantName, homeMDB} |
msExchAssistantName |
SCRIPTED |
AccountForestIAF::msExchAssistantName:msExchAssistantName |
{msExchBlockedSendersHash, homeMDB} |
msExchBlockedSendersHash |
SCRIPTED |
MailForestIAF::msExchBlockedSendersHash:msExchBlockedSendersHash |
msExchBypassModerationFromDLMembersLink |
msExchBypassModerationFromDLMembersLink |
DIRECT |
|
msExchBypassModerationLink |
msExchBypassModerationLink |
DIRECT |
|
msExchDelegateListLink |
msExchDelegateListLink |
DIRECT |
|
{msExchELCExpirySuspensionEnd, homeMDB} |
msExchELCExpirySuspensionEnd |
SCRIPTED |
MailForestIAF::msExchELCExpirySuspensionEnd:msExchELCExpirySuspensionEnd |
{msExchELCExpirySuspensionStart, homeMDB} |
msExchELCExpirySuspensionStart |
SCRIPTED |
MailForestIAF::msExchELCExpirySuspensionStart:msExchELCExpirySuspensionStart |
{msExchELCMailboxFlags, homeMDB} |
msExchELCMailboxFlags |
SCRIPTED |
MailForestIAF::msExchELCMailboxFlags:msExchELCMailboxFlags |
{msExchEnableModeration, homeMDB} |
msexchEnableModeration |
SCRIPTED |
MailForestIAF::msExchEnableModeration:msexchEnableModeration |
{msExchHideFromAddressLists, homeMDB} |
msExchHideFromAddressLists |
SCRIPTED |
MailForestIAF::msExchHideFromAddressLists:msExchHideFromAddressLists |
{msExchImmutableId, homeMDB} |
msexchImmutableId |
SCRIPTED |
MailForestIAF::msExchImmutableId:msexchImmutableId |
{msExchMailboxGuid, homeMDB} |
msExchMailboxGuid |
SCRIPTED |
MailForestIAF::msExchMailboxGuid:msExchMailboxGuid |
msExchModeratedByLink |
msExchModeratedByLink |
DIRECT |
|
{msExchModerationFlags, homeMDB} |
msexchModerationFlags |
SCRIPTED |
MailForestIAF::msExchModerationFlags:msexchModerationFlags |
{msExchRecipientDisplayType, homeMDB} |
msexchRecipientDisplayType |
SCRIPTED |
MailForestIAF::msExchRecipientDisplayType:msexchRecipientDisplayType |
{msExchRecipientTypeDetails, homeMDB} |
msExchRecipientTypeDetails |
SCRIPTED |
MailForestIAF::msExchRecipientTypeDetails:msExchRecipientTypeDetails |
{msExchResourceCapacity, homeMDB} |
msexchResourceCapacity |
SCRIPTED |
MailForestIAF::msExchResourceCapacity:msexchResourceCapacity |
{msExchResourceDisplay, homeMDB} |
msExchResourceDisplay |
SCRIPTED |
MailForestIAF::msExchResourceDisplay:msExchResourceDisplay |
{msExchResourceMetaData, homeMDB} |
msexchResourceMetaData |
SCRIPTED |
MailForestIAF::msExchResourceMetaData:msexchResourceMetaData |
{msExchResourceSearchProperties, homeMDB} |
msexchResourceSearchProperties |
SCRIPTED |
MailForestIAF::msExchResourceSearchProperties:msexchResourceSearchProperties |
{msExchRetentionComment, homeMDB} |
msExchRetentionComment |
SCRIPTED |
MailForestIAF::msExchRetentionComment:msExchRetentionComment |
{msExchRetentionURL, homeMDB} |
msExchRetentionURL |
SCRIPTED |
MailForestIAF::msExchRetentionURL:msExchRetentionURL |
{msExchSafeRecipientsHash, homeMDB} |
msExchSafeRecipientsHash |
SCRIPTED |
MailForestIAF::msExchSafeRecipientsHash:msExchSafeRecipientsHash |
{msExchSafeSendersHash, homeMDB} |
msExchSafeSendersHash |
SCRIPTED |
MailForestIAF::msExchSafeSendersHash:msExchSafeSendersHash |
{msExchSenderHintTranslations, homeMDB} |
msexchSenderHintTranslations |
SCRIPTED |
MailForestIAF::msExchSenderHintTranslations:msexchSenderHintTranslations |
{objectGUID, homeMDB} |
sourceAnchor |
SCRIPTED |
import::ad:objectGUID->mv:sourceAnchor |
{otherFacsimileTelephoneNumber, homeMDB} |
otherFacsimileTelephoneNumber |
SCRIPTED |
AccountForestIAF::otherFacsimileTelephoneNumber:otherFacsimileTelephoneNumber |
{otherHomePhone, homeMDB} |
otherHomePhone |
SCRIPTED |
AccountForestIAF::otherHomePhone:otherHomePhone |
{otherIpPhone, homeMDB} |
otherIpPhone |
SCRIPTED |
AccountForestIAF::otherIpPhone:otherIpPhone |
{otherMobile, homeMDB} |
otherMobile |
SCRIPTED |
AccountForestIAF::otherMobile:otherMobile |
{otherPager, homeMDB} |
otherPager |
SCRIPTED |
AccountForestIAF::otherPager:otherPager |
{otherTelephone, homeMDB} |
otherTelephone |
SCRIPTED |
AccountForestIAF::otherTelephone:otherTelephone |
{pager, homeMDB} |
pager |
SCRIPTED |
AccountForestIAF::pager:pager |
{physicalDeliveryOfficeName, homeMDB} |
physicalDeliveryOfficeName |
SCRIPTED |
AccountForestIAF::physicalDeliveryOfficeName:physicalDeliveryOfficeName |
{postalCode, homeMDB} |
postalCode |
SCRIPTED |
AccountForestIAF::postalCode:postalCode |
{postOfficeBox, homeMDB} |
PostOfficeBox |
SCRIPTED |
AccountForestIAF::postOfficeBox:PostOfficeBox |
{preferredLanguage, homeMDB} |
preferredLanguage |
SCRIPTED |
AccountForestIAF::preferredLanguage:preferredLanguage |
{proxyAddresses, homeMDB} |
proxyAddresses |
SCRIPTED |
MailForestIAF::proxyAddresses:proxyAddresses |
publicDelegates |
publicDelegates |
DIRECT |
|
{sn, homeMDB} |
Surname |
SCRIPTED |
AccountForestIAF::sn:Surname |
{st, homeMDB} |
State |
SCRIPTED |
AccountForestIAF::st:State |
{streetAddress, homeMDB} |
streetAddress |
SCRIPTED |
AccountForestIAF::streetAddress:streetAddress |
{targetAddress, homeMDB} |
targetAddress |
SCRIPTED |
MailForestIAF::targetAddress:targetAddress |
{telephoneAssistant, homeMDB} |
telephoneAssistant |
SCRIPTED |
MailForestIAF::telephoneAssistant:telephoneAssistant |
{telephoneNumber, homeMDB} |
telephoneNumber |
SCRIPTED |
AccountForestIAF::telephoneNumber:telephoneNumber |
{thumbnailPhoto, homeMDB} |
thumbnailPhoto |
SCRIPTED |
AccountForestIAF::thumbnailPhoto:thumbnailPhoto |
{title, homeMDB} |
title |
SCRIPTED |
AccountForestIAF::title:title |
{url, homeMDB} |
url |
SCRIPTED |
AccountForestIAF::url:url |
{userAccountControl, homeMDB} |
accountEnabled |
SCRIPTED |
cd.inetOrgPerson:userAccountControl->mv.person:accountEnabled |
{wWWHomePage, homeMDB} |
wWWHomePage |
SCRIPTED |
AccountForestIAF::wWWHomePage:wWWHomePage |
Contact to Contact Import Attribute Flow Rules
This section lists the Contact to Contact import attribute flow rules.
| Data Source Attribute | Metaverse Attribute | Mapping Type | Script Context |
|---|---|---|---|
assistant |
assistant |
DIRECT |
|
authOrig |
authOrig |
DIRECT |
|
{c, homeMDB} |
CountryLetterCode |
SCRIPTED |
AccountForestIAF::c:CountryLetterCode |
{cn, homeMDB} |
CommonName |
SCRIPTED |
AccountForestIAF::cn:CommonName |
{co, homeMDB} |
Country |
SCRIPTED |
AccountForestIAF::co:Country |
{company, homeMDB} |
company |
SCRIPTED |
AccountForestIAF::company:company |
{countryCode, homeMDB} |
countryCode |
SCRIPTED |
AccountForestIAF::countryCode:countryCode |
{department, homeMDB} |
department |
SCRIPTED |
AccountForestIAF::department:department |
{description, homeMDB} |
description |
SCRIPTED |
AccountForestIAF::description:description |
{displayName, homeMDB} |
displayName |
SCRIPTED |
AccountForestIAF::displayName:displayName |
dLMemRejectPerms |
dLMemRejectPerms |
DIRECT |
|
dLMemSubmitPerms |
dLMemSubmitPerms |
DIRECT |
|
{extensionAttribute1, homeMDB} |
extensionAttribute1 |
SCRIPTED |
MailForestIAF::extensionAttribute1:extensionAttribute1 |
{extensionAttribute10, homeMDB} |
extensionAttribute10 |
SCRIPTED |
MailForestIAF::extensionAttribute10:extensionAttribute10 |
{extensionAttribute11, homeMDB} |
extensionAttribute11 |
SCRIPTED |
MailForestIAF::extensionAttribute11:extensionAttribute11 |
{extensionAttribute12, homeMDB} |
extensionAttribute12 |
SCRIPTED |
MailForestIAF::extensionAttribute12:extensionAttribute12 |
{extensionAttribute13, homeMDB} |
extensionAttribute13 |
SCRIPTED |
MailForestIAF::extensionAttribute13:extensionAttribute13 |
{extensionAttribute14, homeMDB} |
extensionAttribute14 |
SCRIPTED |
MailForestIAF::extensionAttribute14:extensionAttribute14 |
{extensionAttribute15, homeMDB} |
extensionAttribute15 |
SCRIPTED |
MailForestIAF::extensionAttribute15:extensionAttribute15 |
{extensionAttribute2, homeMDB} |
extensionAttribute2 |
SCRIPTED |
MailForestIAF::extensionAttribute2:extensionAttribute2 |
{extensionAttribute3, homeMDB} |
extensionAttribute3 |
SCRIPTED |
MailForestIAF::extensionAttribute3:extensionAttribute3 |
{extensionAttribute4, homeMDB} |
extensionAttribute4 |
SCRIPTED |
MailForestIAF::extensionAttribute4:extensionAttribute4 |
{extensionAttribute5, homeMDB} |
extensionAttribute5 |
SCRIPTED |
MailForestIAF::extensionAttribute5:extensionAttribute5 |
{extensionAttribute6, homeMDB} |
extensionAttribute6 |
SCRIPTED |
MailForestIAF::extensionAttribute6:extensionAttribute6 |
{extensionAttribute7, homeMDB} |
extensionAttribute7 |
SCRIPTED |
MailForestIAF::extensionAttribute7:extensionAttribute7 |
{extensionAttribute8, homeMDB} |
extensionAttribute8 |
SCRIPTED |
MailForestIAF::extensionAttribute8:extensionAttribute8 |
{extensionAttribute9, homeMDB} |
extensionAttribute9 |
SCRIPTED |
MailForestIAF::extensionAttribute9:extensionAttribute9 |
{facsimileTelephoneNumber, homeMDB} |
facsimileTelephoneNumber |
SCRIPTED |
AccountForestIAF::facsimileTelephoneNumber:facsimileTelephoneNumber |
{givenName, homeMDB} |
givenName |
SCRIPTED |
AccountForestIAF::givenName:givenName |
{homePhone, homeMDB} |
homePhone |
SCRIPTED |
AccountForestIAF::homePhone:homePhone |
{info, homeMDB} |
info |
SCRIPTED |
AccountForestIAF::info:info |
{initials, homeMDB} |
initials |
SCRIPTED |
AccountForestIAF::initials:initials |
{ipPhone, homeMDB} |
ipPhone |
SCRIPTED |
AccountForestIAF::ipPhone:ipPhone |
{l, homeMDB} |
City |
SCRIPTED |
AccountForestIAF::l:City |
{legacyExchangeDN, homeMDB} |
legacyExchangeDN |
SCRIPTED |
AccountForestIAF::legacyExchangeDN:legacyExchangeDN |
{mail, homeMDB} |
SCRIPTED |
AccountForestIAF::mail:mail |
|
{mailNickname, homeMDB} |
alias |
SCRIPTED |
MailForestIAF::mailNickname:alias |
manager |
manager |
DIRECT |
|
{middleName, homeMDB} |
middleName |
SCRIPTED |
AccountForestIAF::middleName:middleName |
{mobile, homeMDB} |
mobile |
SCRIPTED |
AccountForestIAF::mobile:mobile |
{msDS-HABSeniorityIndex, homeMDB} |
msdshabSeniorityIndex |
SCRIPTED |
AccountForestIAF::msDS-HABSeniorityIndex:msdshabSeniorityIndex |
{msDS-PhoneticDisplayName, homeMDB} |
msdsPhoneticDisplayName |
SCRIPTED |
AccountForestIAF::msDS-PhoneticDisplayName:msdsPhoneticDisplayName |
{msExchAssistantName, homeMDB} |
msExchAssistantName |
SCRIPTED |
AccountForestIAF::msExchAssistantName:msExchAssistantName |
{msExchBlockedSendersHash, homeMDB} |
msExchBlockedSendersHash |
SCRIPTED |
MailForestIAF::msExchBlockedSendersHash:msExchBlockedSendersHash |
msExchBypassModerationFromDLMembersLink |
msExchBypassModerationFromDLMembersLink |
DIRECT |
|
msExchBypassModerationLink |
msExchBypassModerationLink |
DIRECT |
|
{msExchEnableModeration, homeMDB} |
msexchEnableModeration |
SCRIPTED |
MailForestIAF::msExchEnableModeration:msexchEnableModeration |
{msExchHideFromAddressLists, homeMDB} |
msExchHideFromAddressLists |
SCRIPTED |
MailForestIAF::msExchHideFromAddressLists:msExchHideFromAddressLists |
msExchModeratedByLink |
msExchModeratedByLink |
DIRECT |
|
{msExchModerationFlags, homeMDB} |
msexchModerationFlags |
SCRIPTED |
MailForestIAF::msExchModerationFlags:msexchModerationFlags |
{msExchRecipientDisplayType, homeMDB} |
msexchRecipientDisplayType |
SCRIPTED |
MailForestIAF::msExchRecipientDisplayType:msexchRecipientDisplayType |
{msExchRecipientTypeDetails, homeMDB} |
msExchRecipientTypeDetails |
SCRIPTED |
MailForestIAF::msExchRecipientTypeDetails:msExchRecipientTypeDetails |
{msExchRequireAuthToSendTo, homeMDB} |
msExchRequireAuthToSendTo |
SCRIPTED |
MailForestIAF::msExchRequireAuthToSendTo:msExchRequireAuthToSendTo |
{msExchRetentionComment, homeMDB} |
msExchRetentionComment |
SCRIPTED |
MailForestIAF::msExchRetentionComment:msExchRetentionComment |
{msExchRetentionURL, homeMDB} |
msExchRetentionURL |
SCRIPTED |
MailForestIAF::msExchRetentionURL:msExchRetentionURL |
{msExchSafeRecipientsHash, homeMDB} |
msExchSafeRecipientsHash |
SCRIPTED |
MailForestIAF::msExchSafeRecipientsHash:msExchSafeRecipientsHash |
{msExchSafeSendersHash, homeMDB} |
msExchSafeSendersHash |
SCRIPTED |
MailForestIAF::msExchSafeSendersHash:msExchSafeSendersHash |
{msExchSenderHintTranslations, homeMDB} |
msexchSenderHintTranslations |
SCRIPTED |
MailForestIAF::msExchSenderHintTranslations:msexchSenderHintTranslations |
{objectGUID, homeMDB} |
sourceAnchor |
SCRIPTED |
import::ad:objectGUID->mv:sourceAnchor |
{otherFacsimileTelephoneNumber, homeMDB} |
otherFacsimileTelephoneNumber |
SCRIPTED |
AccountForestIAF::otherFacsimileTelephoneNumber:otherFacsimileTelephoneNumber |
{otherHomePhone, homeMDB} |
otherHomePhone |
SCRIPTED |
AccountForestIAF::otherHomePhone:otherHomePhone |
{otherIpPhone, homeMDB} |
otherIpPhone |
SCRIPTED |
AccountForestIAF::otherIpPhone:otherIpPhone |
{otherMobile, homeMDB} |
otherMobile |
SCRIPTED |
AccountForestIAF::otherMobile:otherMobile |
{otherPager, homeMDB} |
otherPager |
SCRIPTED |
AccountForestIAF::otherPager:otherPager |
{otherTelephone, homeMDB} |
otherTelephone |
SCRIPTED |
AccountForestIAF::otherTelephone:otherTelephone |
{pager, homeMDB} |
pager |
SCRIPTED |
AccountForestIAF::pager:pager |
{physicalDeliveryOfficeName, homeMDB} |
physicalDeliveryOfficeName |
SCRIPTED |
AccountForestIAF::physicalDeliveryOfficeName:physicalDeliveryOfficeName |
{postalCode, homeMDB} |
postalCode |
SCRIPTED |
AccountForestIAF::postalCode:postalCode |
{postOfficeBox, homeMDB} |
PostOfficeBox |
SCRIPTED |
AccountForestIAF::postOfficeBox:PostOfficeBox |
{proxyAddresses, homeMDB} |
proxyAddresses |
SCRIPTED |
MailForestIAF::proxyAddresses:proxyAddresses |
publicDelegates |
publicDelegates |
DIRECT |
|
{sn, homeMDB} |
Surname |
SCRIPTED |
AccountForestIAF::sn:Surname |
{st, homeMDB} |
State |
SCRIPTED |
AccountForestIAF::st:State |
{streetAddress, homeMDB} |
streetAddress |
SCRIPTED |
AccountForestIAF::streetAddress:streetAddress |
{targetAddress, homeMDB} |
targetAddress |
SCRIPTED |
MailForestIAF::targetAddress:targetAddress |
{telephoneAssistant, homeMDB} |
telephoneAssistant |
SCRIPTED |
MailForestIAF::telephoneAssistant:telephoneAssistant |
{telephoneNumber, homeMDB} |
telephoneNumber |
SCRIPTED |
AccountForestIAF::telephoneNumber:telephoneNumber |
{thumbnailPhoto, homeMDB} |
thumbnailPhoto |
SCRIPTED |
AccountForestIAF::thumbnailPhoto:thumbnailPhoto |
{title, homeMDB} |
title |
SCRIPTED |
AccountForestIAF::title:title |
unauthOrig |
unauthOrig |
DIRECT |
|
{url, homeMDB} |
url |
SCRIPTED |
AccountForestIAF::url:url |
{wWWHomePage, homeMDB} |
wWWHomePage |
SCRIPTED |
AccountForestIAF::wWWHomePage:wWWHomePage |
Group to Group Import Attribute Flow Rules
This section lists the Group to Group import attribute flow rules.
| Data Source Attribute | Metaverse Attribute | Mapping Type | Script Context |
|---|---|---|---|
authOrig |
authOrig |
DIRECT |
|
{cn, homeMDB} |
CommonName |
SCRIPTED |
AccountForestIAF::cn:CommonName |
{description, homeMDB} |
description |
SCRIPTED |
AccountForestIAF::description:description |
{displayName, homeMDB} |
displayName |
SCRIPTED |
AccountForestIAF::displayName:displayName |
dLMemRejectPerms |
dLMemRejectPerms |
DIRECT |
|
dLMemSubmitPerms |
dLMemSubmitPerms |
DIRECT |
|
{extensionAttribute1, homeMDB} |
extensionAttribute1 |
SCRIPTED |
MailForestIAF::extensionAttribute1:extensionAttribute1 |
{extensionAttribute10, homeMDB} |
extensionAttribute10 |
SCRIPTED |
MailForestIAF::extensionAttribute10:extensionAttribute10 |
{extensionAttribute11, homeMDB} |
extensionAttribute11 |
SCRIPTED |
MailForestIAF::extensionAttribute11:extensionAttribute11 |
{extensionAttribute12, homeMDB} |
extensionAttribute12 |
SCRIPTED |
MailForestIAF::extensionAttribute12:extensionAttribute12 |
{extensionAttribute13, homeMDB} |
extensionAttribute13 |
SCRIPTED |
MailForestIAF::extensionAttribute13:extensionAttribute13 |
{extensionAttribute14, homeMDB} |
extensionAttribute14 |
SCRIPTED |
MailForestIAF::extensionAttribute14:extensionAttribute14 |
{extensionAttribute15, homeMDB} |
extensionAttribute15 |
SCRIPTED |
MailForestIAF::extensionAttribute15:extensionAttribute15 |
{extensionAttribute2, homeMDB} |
extensionAttribute2 |
SCRIPTED |
MailForestIAF::extensionAttribute2:extensionAttribute2 |
{extensionAttribute3, homeMDB} |
extensionAttribute3 |
SCRIPTED |
MailForestIAF::extensionAttribute3:extensionAttribute3 |
{extensionAttribute4, homeMDB} |
extensionAttribute4 |
SCRIPTED |
MailForestIAF::extensionAttribute4:extensionAttribute4 |
{extensionAttribute5, homeMDB} |
extensionAttribute5 |
SCRIPTED |
MailForestIAF::extensionAttribute5:extensionAttribute5 |
{extensionAttribute6, homeMDB} |
extensionAttribute6 |
SCRIPTED |
MailForestIAF::extensionAttribute6:extensionAttribute6 |
{extensionAttribute7, homeMDB} |
extensionAttribute7 |
SCRIPTED |
MailForestIAF::extensionAttribute7:extensionAttribute7 |
{extensionAttribute8, homeMDB} |
extensionAttribute8 |
SCRIPTED |
MailForestIAF::extensionAttribute8:extensionAttribute8 |
{extensionAttribute9, homeMDB} |
extensionAttribute9 |
SCRIPTED |
MailForestIAF::extensionAttribute9:extensionAttribute9 |
{groupType, homeMDB} |
groupType |
SCRIPTED |
AccountForestIAF::groupType:groupType |
{groupType, homeMDB} |
securityEnabled |
SCRIPTED |
cd.group:groupType->mv.group:securityEnabled |
{hideDLMembership, homeMDB} |
hideDLMembership |
SCRIPTED |
MailForestIAF::hideDLMembership:hideDLMembership |
{info, homeMDB} |
info |
SCRIPTED |
AccountForestIAF::info:info |
{legacyExchangeDN, homeMDB} |
legacyExchangeDN |
SCRIPTED |
AccountForestIAF::legacyExchangeDN:legacyExchangeDN |
{mail, homeMDB} |
SCRIPTED |
AccountForestIAF::mail:mail |
|
{mailNickname, homeMDB} |
alias |
SCRIPTED |
MailForestIAF::mailNickname:alias |
managedBy |
managedBy |
DIRECT |
|
member |
member |
DIRECT |
|
{msDS-HABSeniorityIndex, homeMDB} |
msdshabSeniorityIndex |
SCRIPTED |
AccountForestIAF::msDS-HABSeniorityIndex:msdshabSeniorityIndex |
{msDS-PhoneticDisplayName, homeMDB} |
msdsPhoneticDisplayName |
SCRIPTED |
AccountForestIAF::msDS-PhoneticDisplayName:msdsPhoneticDisplayName |
msExchBypassModerationFromDLMembersLink |
msExchBypassModerationFromDLMembersLink |
DIRECT |
|
msExchBypassModerationLink |
msExchBypassModerationLink |
DIRECT |
|
msExchCoManagedByLink |
msExchCoManagedByLink |
DIRECT |
|
{msExchEnableModeration, homeMDB} |
msexchEnableModeration |
SCRIPTED |
MailForestIAF::msExchEnableModeration:msexchEnableModeration |
{msExchGroupDepartRestriction, homeMDB} |
msExchGroupDepartRestriction |
SCRIPTED |
MailForestIAF::msExchGroupDepartRestriction:msExchGroupDepartRestriction |
{msExchGroupJoinRestriction, homeMDB} |
msExchGroupJoinRestriction |
SCRIPTED |
MailForestIAF::msExchGroupJoinRestriction:msExchGroupJoinRestriction |
{msExchHideFromAddressLists, homeMDB} |
msExchHideFromAddressLists |
SCRIPTED |
MailForestIAF::msExchHideFromAddressLists:msExchHideFromAddressLists |
msExchModeratedByLink |
msExchModeratedByLink |
DIRECT |
|
{msExchModerationFlags, homeMDB} |
msexchModerationFlags |
SCRIPTED |
MailForestIAF::msExchModerationFlags:msexchModerationFlags |
{msExchRecipientDisplayType, homeMDB} |
msexchRecipientDisplayType |
SCRIPTED |
MailForestIAF::msExchRecipientDisplayType:msexchRecipientDisplayType |
{msExchRecipientTypeDetails, homeMDB} |
msExchRecipientTypeDetails |
SCRIPTED |
MailForestIAF::msExchRecipientTypeDetails:msExchRecipientTypeDetails |
{msExchRequireAuthToSendTo, homeMDB} |
msExchRequireAuthToSendTo |
SCRIPTED |
MailForestIAF::msExchRequireAuthToSendTo:msExchRequireAuthToSendTo |
{msExchRetentionComment, homeMDB} |
msExchRetentionComment |
SCRIPTED |
MailForestIAF::msExchRetentionComment:msExchRetentionComment |
{msExchRetentionURL, homeMDB} |
msExchRetentionURL |
SCRIPTED |
MailForestIAF::msExchRetentionURL:msExchRetentionURL |
{msExchSenderHintTranslations, homeMDB} |
msexchSenderHintTranslations |
SCRIPTED |
MailForestIAF::msExchSenderHintTranslations:msexchSenderHintTranslations |
{objectGUID, homeMDB} |
sourceAnchor |
SCRIPTED |
import::ad:objectGUID->mv:sourceAnchor |
{oOFReplyToOriginator, homeMDB} |
oOFReplyToOriginator |
SCRIPTED |
MailForestIAF::oOFReplyToOriginator:oOFReplyToOriginator |
{proxyAddresses, homeMDB} |
proxyAddresses |
SCRIPTED |
AccountForestIAF::proxyAddresses:proxyAddresses |
publicDelegates |
publicDelegates |
DIRECT |
|
{reportToOriginator, homeMDB} |
reportToOriginator |
SCRIPTED |
MailForestIAF::reportToOriginator:reportToOriginator |
{reportToOwner, homeMDB} |
reportToOwner |
SCRIPTED |
MailForestIAF::reportToOwner:reportToOwner |
{sAMAccountName, homeMDB} |
sAMAccountName |
SCRIPTED |
AccountForestIAF::sAMAccountName:sAMAccountName |
unauthOrig |
unauthOrig |
DIRECT |
Sample Run Script
Function Get-ManagementAgent
{
<#
.SYNOPSIS
Gets the Management Agents from a Sync Server
.DESCRIPTION
The Get-ManagementAgent function uses the MIIS_ManagementAgent WMI class to get the management agent
.PARAMETER ManagementAgentName
Specifies the name of the MA to be retrieved.
.OUTPUTS
The WMI object containing the management agent
#>
Param
(
[parameter(Mandatory=$false)]
$ManagementAgentName
)
End
{
### If ManagementAgentName was not supplied then return all MAs
if ([String]::IsNullOrEmpty($ManagementAgentName))
{
Get-WmiObject -Class MIIS_ManagementAgent -Namespace root/MicrosoftIdentityIntegrationServer
}
else
{
Get-WmiObject -Class MIIS_ManagementAgent -Namespace root/MicrosoftIdentityIntegrationServer -Filter ("Name='$ManagementAgentName'")
}
}
}
$fabrikamADMA = Get-ManagementAgent 'fabrikam.com ADMA'
$fabrikamExchangeADMA = Get-ManagementAgent 'exch.fabrikam.com ADMA'
$fabrikamOffice365MA = Get-ManagementAgent 'fabrikam.com AAD'
$fabrikamADMA.Execute('Full Import').ReturnValue
$fabrikamADMA.Execute('Full Synchronization').ReturnValue
$fabrikamExchangeADMA.Execute('Full Import').ReturnValue
$fabrikamExchangeADMA.Execute('Full Synchronization').ReturnValue
See Also
Concepts
Management Agents in FIM 2010 R2
Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference