立即与支持人员聊天
与支持团队交流

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Configuring data synchronization with the Office 365 Connector
Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization
ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services
Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data
Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

User object attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following User object attributes for synchronization.

License plan and Service attributes

The following attributes allow you to get or set the license plans and services available to the user in Microsoft 365. The attributes support both Read and Write operations.

The names and display names of these attributes are formed dynamically according to the following patterns:

Table 106: Naming patterns for attributes

Item

Naming pattern

Examples

Attribute display name

<LicensePlanNameOnGUI> - <ServiceNameOnGUI>

In this pattern:

  • LicensePlanNameOnGUI is the license plan name as it is displayed on the Microsoft 365 user interface.

  • ServiceNameOnGUI is the service name as it is displayed below the corresponding license plan on the Microsoft 365 user interface.

Microsoft Office 365 Plan E3 - Office Web Apps

Microsoft Office 365 Plan K2 - Exchange Online Kiosk

Attribute name

<LicensePlanName>-<ServiceName>

In this pattern:

  • LicensePlanName is the license plan name in the form used by the Microsoft 365 cmdlets for Windows PowerShell.

  • ServiceName is the service name in the corresponding license plan. The service name is displayed in the form used by the Microsoft 365 cmdlets for Windows PowerShell.

ENTERPRISEPACK-SHAREPOINTWAC

DESKLESSWOFFPACK-EXCHANGE_S_DESKLESS

These attributes can take one of the following values:

  • True: The service is selected in the corresponding license plan in Microsoft 365.
  • False. The service is not selected in the corresponding license plan in Microsoft 365.

TIP: You can modify the display names of Microsoft 365 license plans and services that appear in the Active Roles Synchronization Service Console. For more information, see Changing the display names of synchronized Microsoft 365 licenses and services.

Other attributes

The following attributes contain additional information and settings regarding the users in your Microsoft 365 organization.

Table 107: Other attributes

Attribute

Description

Supported operations

AllowUMCallsFromNonUsers

Gets or sets whether to exclude or include the object in directory searches.

This attribute can take one of the following values:

  • None: Specifies to exclude the object from directory searches.
  • SearchEnabled: Specifies to include the object in directory searches.

Read, Write

AlternateEmailAddresses

Gets or sets the alternate email addresses of the user.

Read, Write

AssistantName

Gets or sets the name of the assistant associated with the object.

Read, Write

BlockCredential

Gets or sets whether the user can sign in and use the Microsoft 365 services.

This attribute can take one of the following values:

  • TRUE: Disables the Microsoft Online Services ID of the user to block their access to the Microsoft 365 services.
  • FALSE: (default). The user can sign in and use the Microsoft 365 services of your organization.

Read, Write

City

Gets or sets the city associated with the object.

Read, Write

Company

Gets or sets the company associated with the object.

Read, Write

Country

Gets or sets the country of the user.

Read, Write

CountryOrRegion

Gets or sets the country or region associated with the object.

Read, Write

Department

Gets or sets the department associated with the object.

Read, Write

DisplayName

Gets or sets the display name used in Microsoft 365 for the object.

Read, Write

Fax

Gets or sets the fax number of the object.

Read, Write

FirstName

Gets or sets the first name of the object.

Read, Write

ForceChangePassword

Sets whether the user is forced to change their password the next time they sign in to Microsoft 365.

This attribute can take one of the following values:

  • TRUE: The user must change their password the next time they log in to Microsoft 365.
  • FALSE (default): No password change is required.

NOTE: To write data using this attribute, you must also write data using the Password attribute at the same time.

Write

HomePhone

Gets or sets the home phone number associated with the object.

Read, Write

ImmutableId

Gets or sets a unique immutable ID in the form of an SMTP address.

NOTE: The Office 365 Connector can read the value of this attribute only if it is stored in Microsoft 365 in a base64 encoding format. If the attribute value is stored in any other format, the connector will return an error when reading that value.

This ID is used to verify the identity of the Active Directory user when the user accesses Microsoft 365 using single sign-on.

Read, Write

Initials

Gets or sets the initials associated with the object.

Read, Write

LastName

Gets or sets the last name of the object.

Read, Write

LiveID

Gets the unique login ID of the user.

Read

MailboxId

Gets the GUID of the mailbox associated with the user.

Read

Manager

Gets or sets the manager of the object.

Read, Write

MobilePhone

Gets or sets the mobile phone number associated with the object.

Read, Write

Name

Gets or sets the name of the object.

Read, Write

Notes

Gets or sets notes about the object.

Read, Write

ObjectID

Gets the globally unique object identifier (GUID) of the object.

Read

Office

Gets or sets the company office location associated with the object.

Read, Write

OtherFax

Gets or sets the alternate fax number of the object.

Read, Write

OtherHomePhone

Gets or sets the alternate home phone number of the object.

Read, Write

OtherTelephone

Gets or sets the alternate phone number of the user.

Read, Write

Pager

Gets or sets the pager number of the object.

Read, Write

Password

Sets the password of the user.

Write

PasswordNeverExpires

Gets or sets whether the password of the user periodically expires.

This attribute can take one of the following values:

  • TRUE (Default): The user password never expires.
  • FALSE: The user password periodically expires.

Read, Write

Phone

Gets or sets the work phone number of the object.

Read, Write

PhoneNumber

Gets or sets the phone number of the user.

Read, Write

PhoneticDisplayName

Gets or sets the phonetic pronunciation of the DisplayName attribute value of the object.

Read, Write

PostalCode

Gets or sets the postal code of the object.

Read, Write

PostOfficeBox

Gets or sets the post office box number of the object.

Read, Write

PreferredLanguage

Gets or sets the preferred language of the user.

Read, Write

RemotePowerShellEnabled

Gets or sets whether remote Windows PowerShell cmdlets are available to the user.

This attribute can take one of the following values:

  • TRUE: Remote PowerShell cmdlets are available to the user.
  • FALSE: No remote PowerShell cmdlets are available to the user.

Read, Write

ResetPasswordOnNextLogon

Gets or sets whether the user must reset their password at their next logon.

This attribute can take one of the following values:

  • TRUE: The user must change their password on their next logon.
  • FALSE: No password change will be required.

Read, Write

SimpleDisplayName

Gets or sets an alternate description of the object if only a limited set of characters is allowed.

The limited set of characters includes ASCII characters 26–126.

Read, Write

State

Gets or sets the state where the user is located.

Read, Write

StateOrProvince

Gets or sets the state or province information of the object.

Read, Write

StreetAddress

Gets or sets the street address information of the object.

Read, Write

Title

Gets or sets the title of the object.

Read, Write

UMDtmfMap

Gets or sets whether to create a user-defined DTMF map for the object if it has Unified Messaging enabled.

Read, Write

UsageLocation

Gets a two-letter country code (for example, FR, GB or NL) that defines the location of the user. The usage location determines the services available to the user.

Read, Write

UserPrincipalName

Gets or sets the Microsoft Online Services ID of the user.

Read, Write

WebPage

Gets or sets the web page contact information of the object.

Read, Write

WindowsEmailAddress

Gets or sets the email address of the object stored in Active Directory.

Read, Write

VoicePolicy object attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following VoicePolicy object attributes for synchronization.

Table 108: VoicePolicy attributes

Attribute

Description

Supported operations

Anchor

Gets the Anchor property value of the object.

Read

Description

Gets the description of the object.

Read

Identity

Gets the unique identifier assigned to the object.

Read

Members

Gets the users who have been assigned to the object.

Read

ObjectID

Gets the globally unique object identifier (GUID) of the object.

Read

Microsoft 365 Group attributes supported for Microsoft 365 data synchronization

The Office 365 Connector supports the following Microsoft 365 Group object attributes for synchronization.

Table 109: Office 365 group attributes

Attribute

Description

Supported operations
AcceptMessagesOnlyFromSendersOrMembers

Gets or sets the senders who can send email messages to the object.

This attribute can take senders in any of the following formats. For example:

  • Name

  • Alias

  • Distinguished name (DN)

  • Email address
Read, Write
AccessType

Gets or sets the privacy type for the Microsoft 365 group. The acceptable values are:

  • Public

  • Private
Read, Write
Alias

Gets or sets the alias of the object.

 Read, Write
AlwaysSubscribeMembersToCalendarEvents Gets or sets the default subscription settings of new members added to the Microsoft 365 group. Read, Write
AuditLogAgeLimit

Gets or sets the retention period for the mailbox audit logs. Logs whose age exceeds the specified retention period will be deleted.

This attribute accepts the retention period in the following format: DD.HH:MM:SS

The maximum value the attribute can accept is 24855.03:14:07

Examples of use

  • A value of 30.05:00:00 retains mailbox audit logs for 30 days and 5 hours.

  • A value of 00.00:00:00 retains mailbox audit logs indefinitely, and will never be deleted.

 Read, Write
AutoSubscribeNewMembers Gets or sets if new members added to the Microsoft 365 group are automatically subscribed to conversations and calendar events. Read, Write
CalendarMemberReadOnly Gets if the Microsoft 365 group members have read-only Calendar permissions. Read
Classification Gets the classification for the Microsoft 365 group. Read
CustomAttribute1

Gets or sets the additional custom values you specified.

 Read, Write
CustomAttribute2
CustomAttribute3
CustomAttribute4
CustomAttribute5
CustomAttribute6
CustomAttribute7
CustomAttribute8
CustomAttribute9
DataEncryptionPolicy Gets the data encryption policy applied to the Microsoft 365 group. Read
DisplayName

Gets or sets the display name used in Microsoft 365 for the object.

 Read, Write
EmailAddresses

Gets all the proxy addresses of the Microsoft 365 group. The proxy addresses also include the primary SMTP address.

 Read
ExtensionCustomAttribute1

Gets or sets the additional custom values you specify. These attributes are multivalued.

TIP: To specify multiple values, use comma as a separator.

 Read, Write
ExtensionCustomAttribute2
ExtensionCustomAttribute3
ExtensionCustomAttribute4
ExtensionCustomAttribute5
GrantSendOnBehalfTo

Gets or sets the distinguished name (DN) of other senders that can send messages on behalf of the object.

 Read, Write
HiddenFromAddressListsEnabled

Gets or sets whether Microsoft 365 hides the object from address lists.

This attribute can take one of the following values:

  • TRUE: Hides the object from address lists.
  • FALSE (default): Shows the object in address lists.
Read, Write
HiddenFromExchangeClientsEnabled Gets or sets if the Microsoft 365 group is hidden from the Outlook clients connected to Microsoft 365. Read, Write
Language

Gets or sets preferred languages for the object in the order of their priority.

 Read, Write
MailboxRegion

Gets the geolocation code of the mailbox associated with the Microsoft 365 group.

NOTE: This attribute is reserved for internal Microsoft use.

 Read
MailTip

Gets the message displayed to senders when they start writing an email message to the Microsoft 365 group.

 Read
MailTipTranslations

Gets the MailTip message translations in additional languages.

This attribute accepts the following format:

<LanguageLocale>:<MailTip
MessageTranslation>

NOTE: MailTip message translations cannot be longer than 250 characters.

 Read
MaxReceiveSize Specifies the maximum size of the email messages that can be sent to the Microsoft 365 group. Read, Write
MaxSendSize Specifies the maximum size of the email messages that can be sent by members of the Microsoft 365 group. Read, Write
ModeratedBy

Gets or sets the users who are moderating the messages sent to the object.

TIP: To specify multiple users as moderators, use comma as separator.

NOTE: This reference attribute is required if you set the value of the ModerationEnabled attribute to TRUE.

 Read, Write
ModerationEnabled

Gets or sets whether moderation is enabled for the object.

This attribute can take one of the following values:

  • TRUE
  • FALSE
Read, Write
Notes

Gets or sets notes about the object.

 Read, Write
PrimarySmtpAddress

Gets or sets the primary SMTP email address of the object.

NOTE: You can use this attribute if the object has two or more SMTP email addresses configured.

 Read, Write
RejectMessagesFromSendersOrMembers

Gets or sets the senders that cannot send email messages to the object (their messages will be rejected).

 Read, Write
RequireSenderAuthenticationEnabled

Gets or sets whether the senders that send messages to this object must be authenticated.

This attribute can take one of the following values:

  • TRUE: Messages sent to this object must be authenticated.
  • FALSE: No message authentication is required.
Read, Write
SubscriptionEnabled Gets or sets if subscriptions to conversations and calendar events are enabled for the Microsoft 365 group. Read, Write
UnifiedGroupWelcomeMessageEnabled Gets or sets if system-generated welcome messages will be sent to users who are added as members to the Microsoft 365 group. Read, Write

Changing the display names of synchronized Microsoft 365 licenses and services

You can modify the display names of Microsoft 365 license plans and services that appear in the Active Roles Synchronization Service Console. This is typically required when the name of a license or service changes in the Microsoft 365 user interface, rendering the corresponding attribute display name outdated in the Active Roles Synchronization Service.

These display names are part of the Office 365 Connector schema and are saved in the file O365LicensePlansServices.xml file located in the Synchronization Service installation folder:

%ProgramFiles%\One Identity\Active Roles\8.0 LTS\SyncService

To modify the attribute display names in the Office 365 Connector schema

  1. Open the schema file O365LicensePlansServices.xml with an XML or text editor of your choice. The file is located in the Synchronization Service installation folder, at the following location by default:

    %ProgramFiles%\One Identity\Active Roles\8.0 LTS\SyncService

  2. In the appropriate XML elements, modify the values of the PlanDisplayName and ServiceDisplayName attributes as necessary. See the following table for more information about the XML elements used in the file:

    Table 110: XML elements for M365 license plans and services in the O365LicensePlansServices.xml schema file

    XML element

    Description

    Example

    <Plan>

    Defines the name and display name of the attribute related to a specific Microsoft 365 license plan in the Office 365 Connector schema.

    This element has the following attributes:

    • PlanName: The license plan name as it is referred to by the Microsoft 365 cmdlets for Windows PowerShell.
    • PlanDisplayName. The license plan name as it appears in the Active Roles Synchronization Service.

    <Plan PlanName="STANDARDPACK" PlanDisplayName="Microsoft Office 365 Plan E1"/>

    <Service>

    Defines the name and display name of the attribute related to a particular Microsoft 365 service in the Office 365 Connector schema.

    This element has the following attributes:

    • ServiceName: The service name as it is referred to by the Microsoft 365 cmdlets for Windows PowerShell.
    • ServiceDisplayName: The service name as it appears in the Active Roles Synchronization Service.

    <Service ServiceName="OFFICESUBSCRIPTION" ServiceDisplayName="Office Professional Plus" />

  3. Save your changes, then close the file.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级