User Tools

Site Tools


AD Sync Attribute Sync Changes

AD Sync will synchronize a number of different Active Directory attributes for your user objects. If your agency uses an attribute that is not already configured and is available for use in Office 365, you may modify your AD Sync configuration to suit your needs.

By default, AD Sync will only synchronize the following Active Directory attributes:

  • displayName
  • givenName
  • sn
  • password
  • phsyicalDeliveryOfficeName
  • department
  • userPrincipalName
  • description
  • telephoneNumber
  • wWWHomePage
  • streetAddress
  • postOfficeBox
  • l
  • co
  • info
  • st
  • postalCode
  • homePhone
  • pager
  • mobile
  • facsimileTelephoneNumber
  • ipPhone
  • title
  • manager.sAMAccountName
  • objectSid
  • userEnabled

If you wish to synchronize additional attributes, it is relatively simple to modify the AD Sync configuration files to accomplish your goal.

While it is technically only required to make this change to the “listener” domain controller, the changes below should be applied to all AD Sync installations in case you need to change the “listener” in the future.

Supported Additional Attributes

In addition to the default attributes listed above, you may add any of the following to your AD Sync configuration.

  • division
  • company
  • extensionAttribute2
  • extensionAttribute3
  • extensionAttribute4
  • extensionAttribute5
  • extensionAttribute6

Sakari Kouti, author of Inside Active Directory, maintains a web page with a list of all Active Directory attributes and what their friendly names are in Active Directory Users and Computers (ADUC).

Stop the AD Sync Service

Before you can modify the configuration file, you will need to stop the AD Sync service in the Services application on your server.

Modify the Configuration File

Before modifying any configuration files, please remember to make a backup copy.

In File Explorer, navigate to your AD Sync Requests folder. By default, this is C:\Program Files\AD Sync\Requests.

Open the SetUser.xml file in a text editor such as Notepad. You will need to add your attribute to the additionalproperties section of the file. For instance, in the screenshot below, extensionAttribute2 has been added to the XML file.

Your entry should look like this, substituting your chosen attribute for extensionAttribute2.

<property templatedependency="extensionAttribute2">
  <name>extensionAttribute2</name>
  <value>{extensionAttribute2}</value>
</property>

Start the AD Sync Service

Once you have added your attributes, save the file and start the AD Sync service.

Testing Your Changes

Since AD Sync will only synchronize users when something has changed, you should now modify the relevant attribute of a user object in the AD Sync global security group. The change should upload to CloudPortal Services Manager (CPSM) and be visible in the Edit User screen.