立即与支持人员聊天
与支持团队交流

Active Roles Sync Service 8.2 - Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

User object attributes

The Microsoft 365 Connector provides the following attributes for the User object in Microsoft 365:

  • Attributes Related to License Plans and Services

  • Other attributes

Attributes Related to License Plans and Services

These attributes allow you to get or set the license plans and services available to the user in Microsoft 365. The attributes support Read and Write operations.

The names and display names of these attributes are formed dynamically according to the following patterns:

Table 90: Naming patterns for attributes

Item

Naming pattern

Examples

Attribute display name

<LicensePlanNameOnGUI> - <ServiceNameOnGUI>

In this pattern:

LicensePlanNameOnGUI is the license plan name as it is displayed on the Microsoft 365 user interface.

ServiceNameOnGUI is the service name as it is displayed below the corresponding license plan on the Microsoft 365 user interface.

Microsoft 365 Plan E3 - Office Web Apps

Microsoft 365 Plan K2 - Exchange Online Kiosk

Attribute name

<LicensePlanName>-<ServiceName>

In this pattern:

LicensePlanName is the license plan name in the form used by the Microsoft 365 cmdlets for Windows PowerShell.

ServiceName is the service name in the corresponding license plan. The service name is displayed in the form used by the Microsoft 365 cmdlets for Windows PowerShell.

ENTERPRISEPACK-SHAREPOINTWAC

DESKLESSWOFFPACK-EXCHANGE_S_DESKLESS

These attributes can take one of the following values:

  • True: Specifies that the service is selected in the corresponding license plan in Microsoft 365.

  • False: Specifies that the service is selected in the corresponding license plan in Microsoft 365.

If necessary, you can modify the display names of Microsoft 365 license plans and services that appear in the Synchronization Service Console. These display names are part of the Office 365 Connector schema and saved in the O365LicensePlansServices.xml file located in the Synchronization Service installation folder (by default, this is %ProgramFiles%\One Identity\Active Roles\7.4\SyncService).

For example, you may need to modify the name of a license plan or service in the Microsoft 365 Connector schema when the corresponding name changes in the Microsoft 365 user interface and therefore the related attribute display name becomes outdated in the Synchronization Service Console.

To modify the display names of attributes in the Microsoft 365 Connector schema

  1. Open the O365LicensePlansServices.xml file located in the Synchronization Service installation folder.

  2. In the appropriate XML elements, modify the values of the PlanDisplayName and ServiceDisplayName attributes as necessary. See the table below for more information about the XML elements used in the file.

  3. When you are finished, click OK.

Table 91: XML elements

XML element

Description

Example

<Plan>

Defines the name and display name of the attribute related to a particular Microsoft 365 license plan in the Microsoft 365 Connector schema.

This element has the following attributes:

  • PlanName: The license plan name in the form used by the Microsoft 365 cmdlets for Windows PowerShell.

  • PlanDisplayName: The license plan name as it displays in the Synchronization Service Console.

<Plan PlanName="STANDARDPACK" PlanDisplayName="Microsoft Office 365 Plan E1"/>

<Service>

Defines the name and display name of the attribute related to a particular Microsoft 365 service in the Microsoft 365 Connector schema.

This element has the following attributes:

  • ServiceName: The service name in the form used by the Microsoft 365 cmdlets for Windows PowerShell.

  • ServiceDisplayName: The service name as it displays in the Synchronization Service Console.

<Service ServiceName="OFFICESUBSCRIPTION" ServiceDisplayName="Office Professional Plus" />

Other attributes
Table 92: Other attributes

Attribute

Description

Supported operations

AllowUMCallsFromNonUsers

Gets or sets whether to exclude or include the user in directory searches.

This attribute can take one of the following values:

  • None: Specifies to exclude the user from directory searches.

  • SearchEnabled: Specifies to include the user in directory searches.

Read, Write

AlternateEmailAddresses

Gets or sets the alternate email addresses of the user.

Read, Write

AssistantName

Gets or sets the name of the user’s assistant.

Read, Write

BlockCredential

Gets or sets whether or not the user can sign in and use Microsoft 365 services.

This attribute can take one of the following values:

  • TRUE: Specifies that user’s Microsoft Online Services ID is disabled and the user cannot sign in and use Microsoft 365 services.

  • FALSE (default): Specifies that user’s Microsoft Online Services ID is enabled and the user can sign in and use Microsoft 365 services.

Read, Write

City

Gets or sets the user’s city.

Read, Write

Company

Gets or sets the name of user’s company.

Read, Write

Country

Gets or sets the user’s country.

Read, Write

CountryOrRegion

Gets or sets the country or region of the user.

Read, Write

Department

Gets or sets the user’s department.

Read, Write

DisplayName

Gets or sets the display name of the user.

Read, Write

Fax

Gets or sets the user’s fax number.

Read, Write

FirstName

Gets or sets the first name of the user.

Read, Write

ForceChangePassword

Gets or sets whether or not the user is forced to change their password the next time the user signs in to Microsoft 365.

  • TRUE: Specifies that the user must change their password the next time the user signs in to Microsoft 365.

  • FALSE (default): Specifies that the user does not have to change their password the next time the user signs in to Microsoft 365.

Write

NOTE: To write data by using this attribute, you must at the same time write data by using the Password attribute.

HomePhone

Gets or sets the home phone number of the user.

Read, Write

ImmutableId

Gets or sets the GUID of the user in Microsoft 365.

This GUID is used to verify the identity of the Active Directory user when the user accesses Microsoft 365 by using single sign-on.

Note that in order the Microsoft 365 Connector could read the ImmutableId attribute value stored in Microsoft 365, that value must be in base64 encoding format. If the ImmutableId attribute value has any other encoding format, the Microsoft 365 Connector returns an error when reading that value.

Read, Write

Initials

Gets or sets the initials of the user.

Read, Write

LastName

Gets or sets the last name of the user.

Read, Write

LiveID

Gets the user’s unique login ID.

Read

MailboxId

Gets the GUID of the user’s mailbox.

Read

Manager

Gets or sets the name of the user’s manager.

Read, Write

MobilePhone

Gets or sets the user’s mobile phone number.

Read, Write

Name

Gets or sets the name of the user.

Read, Write

Notes

Gets or sets notes about the user.

Read, Write

ObjectID

Gets the unique object identifier (GUID).

Read

Office

Gets or sets the user’s office.

Read, Write

OtherFax

Gets or sets the alternate fax number of the user.

Read, Write

OtherHomePhone

Gets or sets the alternate home phone number of the user.

Read, Write

OtherTelephone

Gets or sets the alternate phone number of the user.

Read, Write

Pager

Gets or sets the pager of the user.

Read, Write

Password

Sets a password for the user.

Write

PasswordNeverExpires

Gets or sets whether or not the user’s password periodically expires.

This attribute can take one of the following values:

  • TRUE (default): Specifies that the user’s password never expires.

  • FALSE: Specifies that the user’s password periodically expires.

Read, Write

Phone

Gets or sets the phone number of the user.

Read, Write

PhoneNumber

Gets or sets the user’s phone number.

Read, Write

PhoneticDisplayName

Gets or sets a phonetic pronunciation of the value specified in the DisplayName attribute for the user.

Read, Write

PostalCode

Gets or sets the user’s postal code.

Read, Write

PostOfficeBox

Gets or sets the post office box number of the user.

Read, Write

PreferredLanguage

Gets or sets the preferred language for the user.

Read, Write

RemotePowerShellEnabled

Gets or sets whether remote Windows PowerShell cmdlets are available to the user.

This attribute can take one of the following values:

  • TRUE

  • FALSE

Read, Write

ResetPasswordOnNextLogon

Gets or sets whether the user must reset their password at next logon.

This attribute can take one of the following values:

  • TRUE

  • FALSE

Read, Write

SimpleDisplayName

Gets or sets an alternate description of the user in a situation where a limited set of characters is allowed.

The limited set of characters includes ASCII characters from 26 to 126.

Read, Write

State

Gets or sets the state where the user is located.

Read, Write

StateOrProvince

Gets or sets the state or province of the user.

Read, Write

StreetAddress

Gets or sets the user’s street address.

Read, Write

Title

Gets or sets the user’s title.

Read, Write

UMDtmfMap

Gets or sets whether to create a user-defined DTMF map for the user if it has Unified Messaging enabled.

Read, Write

UsageLocation

Gets or sets the two-letter ISO country designation. This attribute specifies the user’s country where services are consumed.

Read, Write

UserPrincipalName

Gets or sets the user’s Microsoft Online Services ID.

Read, Write

WebPage

Gets or sets the web page address of the user.

Read, Write

WindowsEmailAddress

Gets or sets the email address of the user stored in Active Directory.

Read, Write

VoicePolicy object attributes

Table 93: VoicePolicy object attributes

Attribute

Description

Supported operations

Anchor

Gets the Anchor property value of the policy.

Read

Description

Gets the policy description.

Read

Identity

Gets the unique identifier assigned to the policy.

Read

Members

Gets the users who have been assigned the policy.

Read

ObjectID

Gets the unique object identifier (GUID).

Read

Microsoft 365 group attributes

Table 94: Microsoft 365 group attributes

Attribute

Description

Supported operations

AcceptMessagesOnlyFromSendersOrMembers

Gets or sets the senders who can send email messages to the Microsoft 365 group.

This attribute can take senders in any of the following formats. For example:

  • Name

  • Alias

  • Distinguished name (DN)

  • Email address

Read, Write

AccessType

The AccessType parameter specifies the privacy type for the Microsoft 365 group. The acceptable values are:

  • Public

  • Private

Read, Write

Alias

Gets or sets the alias of the Microsoft 365 group.

Read, Write

AlwaysSubscribeMembersToCalendarEvents

Controls the default subscription settings of the new members that are added to the Microsoft 365 group.

Read, Write

AuditLogAgeLimit

Gets or sets the retention period for the mailbox audit logs. Logs whose age exceeds the specified retention period are deleted.

Read, Write

AutoSubscribeNewMembers

Specifies if you have to automatically subscribe new members that are added to the Microsoft 365 Group to conversations and calendar events.

Read, Write

CalendarMemberReadOnly

Specifies if you have to set read-only Calendar permissions to the Microsoft 365 group for members of the group.

Read

Classification

Specifies the classification for the Microsoft 365 Group.

Read

CustomAttribute1

Get or set the additional custom values you specify.

Read, Write

CustomAttribute2

CustomAttribute3

CustomAttribute4

CustomAttribute5

CustomAttribute6

CustomAttribute7

CustomAttribute8

CustomAttribute9

DataEncryptionPolicy

Specifies the data encryption policy that is applied to the Microsoft 365 group.

Read

DisplayName

Gets or sets the display name of the Microsoft 365 group.

Read, Write

EmailAddresses

Get all the Microsoft 365 proxy addresses of the mailbox. The proxy addresses also include the primary SMTP address.

Read

ExtensionCustomAttribute1

Get or set the additional custom values you specify. These attributes are multivalued.

Read, Write

ExtensionCustomAttribute2

ExtensionCustomAttribute3

ExtensionCustomAttribute4

ExtensionCustomAttribute5

GrantSendOnBehalfTo

Specifies the sender who can send on behalf of this Microsoft 365 group.

Read, Write

HiddenFromAddressListsEnabled

Gets or sets whether this mailbox is hidden from address lists.

Read, Write

HiddenFromExchangeClientsEnabled

Specifies if the Microsoft 365 Group is hidden from the Outlook clients connected to Microsoft 365.

Read, Write

Language

Gets or sets preferred languages for the Microsoft 365 group.

Read, Write

MailboxRegion

This is reserved for internal Microsoft use.

Read

MailTip

Gets or sets the message displayed to senders when they start writing an email message to this recipient.

Read

MailTipTranslations

Gets or sets the MailTip message translations in additional languages.

Read

MaxReceiveSize

Specifies the maximum size of an email message that can be sent to this group

Read, Write

MaxSendSize

Specifies the maximum size of an email message that can be sent by this group.

Read, Write

ModeratedBy

Gets or sets the users who are moderating the messages sent to the Microsoft 365 group.

Read, Write

ModerationEnabled

Gets or sets whether moderation is enabled for the Microsoft 365 group.

Read, Write

Notes

Gets or sets notes about the user.

Read, Write

PrimarySmtpAddress

Gets or sets primary SMTP address of the Microsoft 365 group.

Read, Write

RejectMessagesFromSendersOrMembers

Gets or sets the senders that cannot send email messages to the Microsoft 365 group. The messages sent are rejected.

Read, Write

RequireSenderAuthenticationEnabled

Gets or sets if the senders that send messages to this Microsoft 365 group must be authenticated.

Read, Write

SubscriptionEnabled

Specifies if the subscriptions to conversations and calendar events are enabled for the Microsoft 365 group.

Read, Write

UnifiedGroupWelcomeMessageEnabled

Specifies if the option to send the system-generated welcome messages to users who are added as members to the Microsoft 365 group should be enable or disabled.

Read, Write

Objects and attributes specific to Microsoft 365 services

In the Microsoft 365 connection settings, you can select the services you want to work with, such as SharePoint Online, Exchange Online, or Skype for Business Online.

The next table describes the object types and attributes that become available in the Synchronization Service Console user interface when you select a particular check box in the connection settings. The objects and object attributes not mentioned in the table are always available in the Synchronization Service Console user interface.

Table 95: Objects and attributes specific to Microsoft 365 services

Check box

Related objects

Related attributes

SharePoint Online

SPOSiteGroup

All

SPOWebTemplate

All

SPOTenant

All

Exchange Online

Contact

All

DistributionGroup

All

DynamicDistributionGroup

All

User

Manager

Skype for Business Online

ClientPolicy

All

ConferencingPolicy

All

ExternalAccessPolicy

All

HostedVoicemailPolicy

All

VoicePolicy

All

PresencePolicy

All

User

  • AudioVideoDisabled

  • ClientPolicy

  • ConferencingPolicy

  • Enabled

  • EnterpriseVoiceEnabled

  • ExchangeArchivingPolicy

  • ExternalAccessPolicy

  • HostedVoicemailPolicy

  • LineURI

  • LineServerURI

  • PresencePolicy

  • PrivateLine

  • RegistrarPool

  • RemoteCallControlTelephonyEnabled

  • SipAddress

  • VoicePolicy

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级