The Schema Mapping policy is referenced by the driver object and applies to both the Subscriber and the Publisher channel. The purpose of the Schema Mapping policy is to map schema names (particularly attribute names and class names) between the Identity Vault and Office 365. Any modification or removal of existing entries in the Schema Mapping policy could affect the default configuration and policies processing behavior.You can add new attributes depending on your requirement. Table B-1 lists Identity Vault user and group attributes mapped to Office 365 user and group attributes.
Table B-1 Mapped User Attributes
|
Identity Vault |
Office 365 |
Attributes |
|---|---|---|
|
User |
MSolUser |
Type |
|
city |
City |
String |
|
CN |
UserPrincipalName |
String |
|
Facsimile Telephone Number |
Fax |
Structured |
|
Full Name |
DisplayName |
String |
|
homePhone |
Office |
String |
|
S |
State |
String |
|
Given Name |
FirstName |
String |
|
GUID |
ImmutableId |
String |
|
Internet EMail Address |
AlternateEmailAddresses |
String |
|
L |
Country |
String |
|
Login Disabled |
BlockCredential |
String |
|
mobile |
MobilePhone |
String |
|
Password Allow Change |
ForceChangePassword |
String |
|
Postal Address |
StreetAddress |
Structured |
|
Postal Code |
PostalCode |
String |
|
nspmDistributionPassword |
Password |
String |
|
OU |
Department |
String |
|
Owner |
ManagedBy |
String |
|
Member |
Member |
String |
|
Surname |
LastName |
String |
|
Telephone Number |
PhoneNumber |
String |
|
Title |
Title |
String |
|
workforceID |
Office |
String |
|
Group |
MSolGroup |
String |
|
businessCategory |
Group Type |
String |
|
CN |
DisplayName |
String |
|
Description |
Description |
String |
|
EMail Address |
EMailAddress NOTE:The events loopback into the Publisher channel if the EMail Address attribute is synchronized for distribution and security groups because the driver considers only the primary EMail address and removes any additional Email addresses in the subsequent poll cycles. |
Structured |
|
Member |
Member |
String |
|
Owner |
ManagedBy |
String |
NOTE:The driver ships with a default mapping of the attributes listed in Table B-1. In case of Structured attributes, the conversion between the attribute mapping is automatically handled by the driver. To change the default mappings, Identity Manager requires you to make appropriate changes to the policies.
In default mapping, Office 365 postal address is mapped to the eDirectory postal address. The street address is a structured attribute and with the default mapping, the driver works as expected. However, if the street address needs to be interpreted differently (For example: string type), then it should be mapped to string type in eDirectory as well and the policy must be changed to flatten the structured syntax.
Example:
<rule>
<description>Transform StreetAddress</description>
<conditions>
<and>
<if-op-attr name="StreetAddress" op="available"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="lv_streetaddress" scope="policy">
<arg-string>
<token-op-attr name="StreetAddress"/>
</arg-string>
</do-set-local-variable>
<do-strip-op-attr name="StreetAddress"/>
<do-set-dest-attr-value name="StreetAddress">
<arg-value type="structured">
<arg-component name="string">
<token-text xml:space="preserve">$lv_streetaddress$</token-text>
</arg-component>
<arg-component name="string"/>
<arg-component name="string"/>
<arg-component name="string"/>
<arg-component name="string"/>
<arg-component name="string"/>
</arg-value>
</do-set-dest-attr-value>
</actions>
</rule>
This policy changes the incoming and outgoing structured type to string type.
Table B-2 lists the new MsolUser attributes.
Table B-2 New Attributes supported for a Msoluser
|
AlternateMobilePhones |
|
CloudExchangeRecipientDisplayType |
|
IsBlackberryUser |
|
IsLicensed |
|
Licenses |
|
LiveId |
|
ProxyAddresses |
Table B-3 lists the new UserMailbox and MailUser attributes.
Table B-3 New MsolOnline UserMailbox/MailUser Attributes
|
MSExchRecipientTypeDetails |
ProxyAddresses |
ExternalEmailAddress |
|
HomePhone |
WebPage |
Notes |
|
Name |
Alias NOTE:By default, the Alias attribute of Office 356 is mapped to DisplayName attribute of the Identity Vault. Ensure that you do not have any spaces in the value for this attribute. The driver converts spaces in Alias value to underscore. |
SamAccountName |
|
MicrosoftOnlineServicesID |
DirectReports |
Manager |
|
OtherFax |
OtherHomePhone |
OtherTelephone |
|
Pager |
CountryOrRegion |
StateOrProvince |
|
CreateDTMFMap |
TelephoneAssistant |
WindowsEmailAddress |
|
Identity |
IsValid |
Phone |
|
FederatedIdentity |
CustomAttribute1 |
CustomAttribute2 |
|
CustomAttribute3 |
CustomAttribute4 |
CustomAttribute5 |
|
CustomAttribute6 |
CustomAttribute7 |
CustomAttribute8 |
|
CustomAttribute9 |
CustomAttribute10 |
CustomAttribute11 |
|
CustomAttribute12 |
CustomAttribute13 |
CustomAttribute14 |
|
CustomAttribute15 |
ExtensionCustomAttribute1 |
ExtensionCustomAttribute2 |
|
ExtensionCustomAttribute3 |
ExtensionCustomAttribute4 |
ExtensionCustomAttribute5 |
|
LitigationHoldEnabled |
RetentionHoldEnabled |
UnifiedMailbox |
|
IsMailboxEnabled |
ForwardingAddress |
ForwardingSmtpAddress |
|
IsShared |
IsLinked |
UMEnabled |
|
ArchiveStatus |
IsInactiveMailbox |
EmailAddresses |
NOTE:In Table B-3, ProxyAddresses, ArchiveStatus, UMEnabled, and LitigationHoldEnabled are the synced attributes used in an Exchange hybrid deployment scenario.
Table B-4 lists the attributes that are written back to the on-premises Active Directory from the Active Directory driver in an Exchange hybrid deployment scenario.
Table B-4 Synced Attributes in an Exchange Hybrid Deployment Scenario
|
Write-Back attribute |
MsolUser Attribute |
|---|---|
|
msExchArchiveStatus |
ArchiveStatus |
|
msExchUserHoldPolicies |
LitigationHoldEnabled |
|
ProxyAddresses(LegacyExchangeDN as X500) |
LegacyExchangeDN |
|
msExchUCVoiceMailSettings |
UMEnabled |
Table B-4 lists the new MsolGroup attributes. These MsolGroup attributes are synchronized only on the Subscriber channel. Set the filter as Ignore for the Publisher channel to retain the eDirectory values.
Table B-5 New MsolGroup Attributes
|
Name |
PrimarySmtpAddress |
SimpleDisplayName |
|
WindowsEmailAddress |
Notes |
RoomList |
|
SamAccountName |
CustomAttribute1 |
CustomAttribute2 |
|
CustomAttribute3 |
CustomAttribute4 |
CustomAttribute5 |
|
CustomAttribute6 |
CustomAttribute7 |
CustomAttribute8 |
|
CustomAttribute9 |
CustomAttribute10 |
CustomAttribute11 |
|
CustomAttribute12 |
CustomAttribute13 |
CustomAttribute14 |
|
CustomAttribute15 |
ExtensionCustomAttribute1 |
ExtensionCustomAttribute2 |
|
ExtensionCustomAttribute3 |
ExtensionCustomAttribute4 |
ExtensionCustomAttribute5 |
You can add custom attributes to the filter depending on your requirement. For example, the following filter entries include CustomAttribute15 and ExtensionCustomAttribute2 custom attributes.
<filter-attr attr-name="customAttribute15" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/
<filter-attr attr-name="ExtensionCustomAttribute2" merge-authority="default" priority-sync="false" publisher="sync" publisher-optimize-modify="true" subscriber="sync"/>