![]() ![]() If you rerun the installation wizard, this option is read-only. ![]() The sourceAnchor attribute can only be set during initial installation.The sourceAnchor attribute value can't be changed after the object has been created in Azure AD and the identity is synchronized.įor this reason, the following restrictions apply to Azure AD Connect: Those attributes also contain the character, which isn't allowed in the sourceAnchor. This is also one reason why attributes such as userPrincipalName, mail, and targetAddress aren't even possible to select in the Azure AD Connect installation wizard. In a marriage or divorce, the name is expected to change, which isn't allowed for this attribute. Bad attributes that shouldn't be used include those attributes with the name of the user. lower case) can change for the attribute's value. If you consider an attribute that contains letters, make sure there's no chance the case (upper case vs. Commonly used attributes include employeeID. When you move the object, make sure to also copy the content of this value.Īnother solution is to pick an existing attribute you know doesn't change. A custom sync rule can be created in the sync engine server to create this value based on the objectGUID and update the selected attribute in AD DS. During object creation, a new GUID is created and stamped on the user. An attribute that could hold something that looks like a GUID would be suitable. A recommended approach is to introduce a synthetic attribute. If you move users between forests and domains, then you must find an attribute that doesn't change or can be moved with the users during the move. ![]() ![]() If you've multiple forests and don't move users between forests and domains, then objectGUID is a good attribute to use even in this case. This is also the attribute used when you use express settings in Azure AD Connect and also the attribute used by DirSync. If you've a single forest on-premises, then the attribute you should use is objectGUID. But you shouldn't have two different objects with only a difference in case. A value of “JohnDoe” isn't the same as “johndoe”. The sourceAnchor attribute is case-sensitive. If you use another federation server than ADFS, make sure your server can also Base64Encode the attribute. If the selected sourceAnchor isn't of type string, then Azure AD Connect Base64Encode the attribute value to ensure no special characters appear. Should be assigned when the object is created.Shouldn't be case-sensitive and avoid values that may vary by case.Shouldn't be based on user's name because these can change.Must be either a string, integer, or binary.Not contain a special character: \ ! # $ %
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |