Chat now with support
Chat with Support

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Configuring data synchronization with the Office 365 Connector
Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization
ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services
Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data
Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following DynamicDistributionGroup attributes for synchronization.

Table 94: DynamicDistributionGroup attributes

Attribute

Description

Supported operations

AcceptMessagesOnlyFrom

Gets or sets the senders that can send email messages to the object.

This reference attribute can take senders in any of the following formats:

  • Alias
  • Canonical name
  • Display name
  • DN
  • Exchange DN
  • GUID
  • Name
  • Primary SMTP email address

This reference attribute accepts the following object types:

  • MailUser
  • Mailbox
  • Contact

Read, Write

AcceptMessagesOnlyFromDLMembers

Gets or sets the distribution groups whose members are allowed to send email messages to the object.

This reference attribute accepts any of the following values for the distribution groups:

  • DN
  • Canonical name
  • GUID
  • Name
  • Display name
  • Legacy Exchange DN
  • Primary SMTP email address

This reference attribute accepts the following object types:

  • DistributionGroup
  • DynamicDistributionGroup

Read, Write

AcceptMessagesOnlyFromSendersOrMembers

Gets or sets the senders who can send email messages to the object.

This reference attribute can take any of the following values for the senders:

  • DN
  • Canonical name
  • GUID
  • Name
  • Display name
  • Alias
  • Exchange DN
  • Primary SMTP email address

This reference attribute accepts the following object types:

  • Contact
  • DistributionGroup
  • DynamicDistributionGroup
  • Mailbox
  • MailUser

Read, Write

Alias

Gets or sets the alias of the object.

Read, Write

BypassModerationFromSendersOrMembers

Gets or sets the senders whose messages bypass moderation for the object.

This reference attribute can take any of the following values for the senders:

  • DN
  • Canonical name
  • GUID
  • Name
  • Display name
  • Legacy Exchange DN
  • Primary SMTP email address

The values in this attribute do not apply to the senders that are the moderators of the dynamic distribution group.

This reference attribute accepts the following object types:

  • Contact
  • DistributionGroup
  • DynamicDistributionGroup
  • Mailbox
  • MailUser

Read, Write

ConditionalCustomAttribute1

Get or set recipients based on the corresponding CustomAttribute<X> value.

For example, ConditionalCustomAttribute1 corresponds to CustomAttribute1, ConditionalCustomAttribute2 corresponds to CustomAttribute2, and so on.

Read, Write

ConditionalCustomAttribute2

ConditionalCustomAttribute3

ConditionalCustomAttribute4

ConditionalCustomAttribute5

ConditionalCustomAttribute6

ConditionalCustomAttribute7

ConditionalCustomAttribute8

ConditionalCustomAttribute9

ConditionalCustomAttribute10

ConditionalCustomAttribute11

ConditionalCustomAttribute12

ConditionalCustomAttribute13

ConditionalCustomAttribute14

ConditionalCustomAttribute15

ConditionalDepartment

Get or set the recipients of the dynamic distribution group by their Department attribute.

TIP: This attribute is multivalued and uses comma as separator. Specifying multiple departments with a comma acts as an OR operator.

Read, Write

NOTE: When writing data using this attribute, you cannot use the RecipientFilter attribute to write data.

ConditionalStateOrProvince

Get or set the recipients of the dynamic distribution group by their StateOrProvince attribute.

TIP: This attribute is multivalued and uses comma as separator. Specifying multiple departments with a comma acts as an OR operator.

Read, Write

CustomAttribute1

Gets or sets the additional custom values you specified.

Read, Write

CustomAttribute2

CustomAttribute3

CustomAttribute4

CustomAttribute5

CustomAttribute6

CustomAttribute7

CustomAttribute8

CustomAttribute9

CustomAttribute10

CustomAttribute11

CustomAttribute12

CustomAttribute13

CustomAttribute14

CustomAttribute15

DisplayName

Gets or sets the display name used in Microsoft 365 for the object.

Read, Write

EmailAddresses

Gets or sets the email alias(es) of the object.

TIP: To specify multiple email addresses, use comma (,) as a separator.

Read, Write

GrantSendOnBehalfTo

Gets or sets the distinguished name (DN) of other senders that can send messages on behalf of the object.

Read, Write

IncludedRecipients

Gets or sets the recipient types used to build the dynamic distribution group.

This attribute can take the following values:

  • AllRecipients
  • MailContacts
  • MailGroups
  • MailUsers
  • MailboxUsers
  • Resources
  • None

NOTE: You can use either:

  • The AllRecipients attribute only.

  • A combination of any other values, except AllRecipients.

Read, Write

LdapRecipientFilter

Gets the recipient filter that was created by using the RecipientFilter attribute.

Read

ManagedBy

Gets or sets the owner of the object.

This reference attribute accepts the following object types:

  • Mailbox

  • MailUser

Read, Write

ManagedBy

Gets or sets the name of the mail-enabled user, group, or contact displayed in the Managed by tab of the Active Directory object.

This reference attribute accepts the name in one of the following formats:

  • Alias
  • Canonical DN
  • Display Name
  • Distinguished Name (DN)
  • Domain\Account
  • GUID
  • Immutable ID
  • Legacy Exchange DN
  • SMTP Address
  • User Principal Name

This reference attribute accepts the following object types:

  • Mailbox
  • MailUser

Read, Write

ModeratedBy

Gets or sets the users who are moderating the messages sent to the object.

TIP: To specify multiple users as moderators, use comma as separator.

NOTE: This reference attribute is required if you set the value of the ModerationEnabled attribute to TRUE.

This reference attribute accepts the following object types:

  • Mailbox
  • MailUser

Read, Write

ModerationEnabled

Gets or sets whether moderation is enabled for the object.

This attribute can take one of the following values:

  • TRUE
  • FALSE

Read, Write

Name

Gets or sets the name of the object.

Read, Write

Notes

Gets or sets notes about the object.

Read, Write

ObjectID

Gets the globally unique object identifier (GUID) of the object.

Read

PhoneticDisplayName

Gets or sets the phonetic pronunciation of the DisplayName attribute value of the object.

Read, Write

PrimarySmtpAddress

Gets or sets the primary SMTP email address of the object.

NOTE: You can use this attribute if the object has two or more SMTP email addresses configured.

Read, Write

RecipientContainer

Gets or sets the recipients used to build the dynamic distribution group, based on their location in Active Directory.

This attribute can take the canonical name of the Active Directory organizational unit (OU) or domain where the recipients reside.

NOTE: When this attribute is omitted, the local container is used.

Read, Write

RecipientFilter

Gets or sets the mail-enabled recipients to include in the dynamic distribution group. This attribute accepts OPATH filtering syntax.

Syntax example:

((Company -eq 'MyCompany') -and (City -eq 'London'))

Read, Write

NOTE: When writing data using this attribute, you cannot use any of the following attributes to write data:

  • IncludedRecipients
  • ConditionalCompany
  • ConditionalCustomAttribute<x>
  • ConditionalDepartment
  • ConditionalStateOrProvince

RejectMessagesFrom

Gets or sets the senders whose messages to the object will be rejected.

This reference attribute can take senders in one of the following formats:

  • Alias
  • Canonical DN
  • Display name
  • Distinguished name (DN)
  • Domain\account
  • GUID
  • Immutable ID
  • Legacy Exchange DN
  • SMTP address
  • User principal name

This reference attribute accepts the following object types:

  • Contact
  • Mailbox

Read, Write

RejectMessagesFromDLMembers

Gets or sets the distribution groups whose members cannot send email messages to the object (their messages will be rejected).

This reference attribute can take distribution groups in one of the following formats:

  • Alias
  • Canonical DN
  • Display name
  • Distinguished name (DN)
  • Domain\account
  • GUID
  • Immutable ID
  • Legacy Exchange DN
  • SMTP address
  • User principal name

This reference attribute accepts the following object types:

  • DistributionGroup
  • DynamicDistributionGroup

Read, Write

RejectMessagesFromSendersOrMembers

Gets or sets the senders that cannot send email messages to the object (their messages will be rejected).

This reference attribute can take senders in one of the following formats:

  • Alias
  • Canonical DN
  • Display name
  • Distinguished name (DN)
  • Domain\account
  • GUID
  • Immutable ID
  • Legacy Exchange DN
  • SMTP address
  • User principal name

This reference attribute accepts the following object types:

  • Contact
  • DistributionGroup
  • DynamicDistributionGroup
  • Mailbox

Read, Write

ReportToManagerEnabled

Gets or sets whether to send delivery reports to the manager of the object.

This Boolean attribute can take one of the following values:

  • TRUE: Enables delivery reports to the manager.

  • FALSE (default): Disables delivery reports to the manager.

Read, Write.

ReportToOriginatorEnabled

Gets or sets whether to send delivery reports to the user who sent an email message to the object.

This Boolean attribute can take one of the following values:

  • TRUE: Enables delivery reports to the user.
  • FALSE (default): Disables delivery reports to the user.

Read, Write

SendModerationNotifications

Gets or sets whether to send status notifications to users when a message they sent to the moderated object is rejected by a moderator.

This attribute can take one of the following values:

  • Always: Specifies that notifications are sent to all senders.
  • Internal: Specifies that notifications are only sent to the senders internal to your organization.
  • Never: Specifies that all status notifications are disabled.

Read, Write

SendOofMessageToOriginatorEnabled

Gets or sets whether to send out-of-office messages to users who sent an email message to the object.

This attribute can take one of the following values:

  • TRUE: Enables sending out-of-office messages.
  • FALSE: Disables sending out-of-office messages.

Read, Write

ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following ExternalAccessPolicy attributes for synchronization.

Table 95: ExternalAccessPolicy attributes

Attribute

Description

Supported operations

Anchor

Gets the Anchor property value of the object.

Read

Description

Gets the description of the object.

Read

Identity

Gets the unique identifier assigned to the object.

Read

Members

Gets the users who have been assigned to the object.

Read

ObjectID

Gets the globally unique object identifier (GUID) of the object.

Read

HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following HostedVoicemailPolicy attributes for synchronization.

Table 96: HostedVoicemailPolicy attributes

Attribute

Description

Supported operations

Anchor

Gets the Anchor property value of the object.

Read

Description

Gets the description of the object.

Read

Identity

Gets the unique identifier assigned to the object.

Read

Members

Gets the users who have been assigned to the object.

Read

ObjectID

Gets the globally unique object identifier (GUID) of the object.

Read

LicensePlanService object attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following LicensePlanService attributes for synchronization.

Table 97: LicensePlanService attributes

Attribute

Description

Supported operations

AssignedLicenses

Gets the number of used licenses in Microsoft 365. This number includes both valid and expired licenses that are currently assigned.

Read

ExpiredLicenses

Gets the number of expired licenses in Microsoft 365.

Read

ObjectID

Gets the globally unique object identifier (GUID) of the object.

Read

PlanDisplayName

Gets the name of the currently used license plan as it appears on the Microsoft 365 GUI.

Read

PlanName

Gets the name of the currently used license plan as it is returned by the Windows PowerShell cmdlets for Microsoft 365.

Read

ReducedFunctionalityLicenses

Gets the number of licenses that are in reduced functionality mode (RFM).

Read

RelatedAttributeName

Gets the name of the attribute in the Office 365 Connector schema that allows you to work (for example, read and write) with the specified Microsoft 365 service.

Read

ServiceDisplayName

Gets the license service name as it appears on the Microsoft 365 GUI. The service names are the names of the check boxes shown under a license plan.

Read

ServiceName

Gets the license service name as it is returned by the Windows PowerShell cmdlets for Microsoft 365.

Read

ValidLicenses

Gets the number of valid licenses in your Microsoft 365 organization. This number includes both assigned and available licenses.

Read

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating