Last Updated: April 02, 2005
| AD LDAP Display Name | Single Valued | Mapped-from U-M Dir attribute | Comment |
| dn | n/a | uid and static string | The uid ( U-M Uniqname ) is used as the RDN of the AD user object, i.e. the cn part of the dn. The rest of dn is the static, and represents the People OU in the UMICH W2k domain. Example: cn=bjensen,ou=People,ou=UMICH, dc=ads,dc=itcs,dc=umich,dc=edu |
| cn | TRUE | uid | The uid ( U-M Uniqname ) is used as the RDN of the AD user object, i.e. the cn part of the dn. The rest of dn is the static, and represents the People OU in the UMICH W2k domain. Example: cn=bjensen,ou=People,ou=UMICH, dc=ads,dc=itcs,dc=umich,dc=edu |
| objectCategory | TRUE | static string | static string cn=Person,cn=Schema,cn=Configuration, followed by dc name of forest root server. Example: cn=Person,cn=Schema,cn=Configuration, dc=adsroot,dc=itcs,dc=umich,dc=edu |
| objectClass | TRUE | static string | Example: top; person; organizationalPerson; user; |
| userPrincipalName | TRUE | uid and static string | uid followed by "@umich.edu" User Principal name (UPN) is unique in W2k forest. The "umich.edu" suffix is unique to the UMICH (ads.itcs.umich.edu ) domain, which contains users synced from the U-M Online directory. Example: bjensen@umich.edu |
| sAMAccountName | TRUE | uid | uid is U-M uniqname; The uniqname is used as 1) the W2k user account name (sAMAccountName), 2) the W2k cn, and as the cn value of the user dn in the UMICH domain. See "dn" above. Example: bjensen |
| displayName | TRUE | cn with changes | Use cn value with trailing "uniqifier" number removed: Example: "Robert T Smith 3" becomes "Robert T Smith" |
| Description | FALSE | use AD displayName, derived from cn | The Description attribute is one of three attributes displayed when browsing the AD using the "Users and Computers" tool. Since the U-M uniqname will be used for the dn/cn, the user's full name will be used for the description, and the AD browser can then see both the user's uniqname and full name, unless the user is "private". Example: "Robert T Smith" |
| userAccountControl | TRUE | static string | An or'd binary value; Update daemon will set this to 66080, or 10220 hex. Value implies "user password never expires", which is necessary for Windows 2000 Kerberos interoperability. Example: 66080 |
| sn | TRUE | sn | User surname. Example: Smith |
| middleName | TRUE | extracted from cn | User middle name. Example: Tobin |
| givenName | TRUE | extracted from cn | User first name. Example: Robert |
| name | TRUE | same as AD displayName | User full name. Example: "Robert T Smith" |
| initials | TRUE | extracted from cn | User middle initial. Example: T |
| company | TRUE | n/a | not set. Could be "University of Michigan". |
| title | TRUE | 1st value of title | Multi-to-Single valued mapping. One option would be to concatenate titles into one value, but length of AD title attribute is probably too short. Example: "Teaching assistant, Physics department" |
| department | TRUE | n/a | not set. No direct equivalent in U-M Directory. |
| streetAddress | TRUE | n/a | not set. Current address attributes in U-M Online Directory will not map to AD address attributes. |
| postOfficeBox | FALSE | n/a | not set. Current address attributes in U-M Online Directory will not map to AD address attributes. |
| l | TRUE | n/a | not set. Current address attributes in U-M Online Directory will not map to AD address attributes. |
| st | TRUE | n/a | not set. Current address attributes in U-M Online Directory will not map to AD address attributes. |
| postalCode | TRUE | n/a | not set. Current address attributes in U-M Online Directory will not map to AD address attributes. |
| c | TRUE | n/a | not set. Current address attributes in U-M Online Directory will not map to AD address attributes. |
| TRUE | uid and static string | The AD mail attribute is constructed from the uid (U-M uniqname) and the standard U-M address, "umich.edu". Example: bjensen@umich.edu |
|
| otherMailbox | FALSE | all values of mail | All U-M mail attribute values are placed in the AD "otherMail" attribute. These are usually secondary, real email address pointed to by the user@umich.edu virtual email address. Order is indeterminate because LDAP protocol does not support ordered retrieval of multi-valued attributes. Example: bjensen@j.imap.itd.umich.edu;bjensen@hotmail.com |
| telephoneNumber | TRUE | 1st value of telephonenumber | Multi-to-SingleAndOther mapping. First value placed in telephoneNumberattribute. Remaining mail values are placed in the AD "otherTelephone" attribute. Order is indeterminate because LDAP protocol does not support ordered retrieval of multi-valued attributes. Example: +1 234.567.8901 |
| otherTelephone | FALSE | 2-n values of telephonenumber | See telephoneNumber attribute. Example: +1 345.678.9012;+1 456.789.0123 |
| homePhone | TRUE | 1st value of homephone | Multi-to-SingleAndOther mapping. First value placed in homePhoneattribute. Remaining mail values are placed in the AD "otherHomePhone" attribute. Order is indeterminate because LDAP protocol does not support ordered retrieval of multi-valued attributes. Example: +1 234.567.8901 |
| otherHomePhone | FALSE | 2-n values of homephone | See homePhoneattribute. Example: +1 345.678.9012;+1 456.789.0123 |
| mobile | TRUE | n/a | no U-M Directory equivalent |
| otherMobile | FALSE | n/a | no U-M Directory equivalent |
| pager | TRUE | 1st value of pager | Multi-to-SingleAndOther mapping. First value placed in pager attribute. Remaining mail values are placed in the AD "otherPager" attribute. Order is indeterminate because LDAP protocol does not support ordered retrieval of multi-valued attributes. Example: +1 234.567.8901 |
| otherPager | FALSE | 2-n values of pager | See pager attribute. Example: +1 345.678.9012;+1 456.789.0123 |
| facsimileTelephoneNumber | TRUE | 1st value of facsimileTelephoneNumber | Multi-to-SingleAndOther mapping. First value placed in facsimileTelephoneNumber attribute. Remaining mail values are placed in the AD "otherFacsimileTelephoneNumber" attribute. Order is indeterminate because LDAP protocol does not support ordered retrieval of multi-valued attributes. Example: +1 234.567.8901 |
| otherFacsimileTelephoneNumber | FALSE | 2-n values of facsimileTelephoneNumber | See facsimileTelephoneNumber attribute. Example: +1 345.678.9012;+1 456.789.0123 |
| ipPhone | TRUE | n/a | no U-M Directory equivalent |
| otherIpPhone | FALSE | n/a | no U-M Directory equivalent |
| wWWHomePage | TRUE | labeledURL | This field often contains text, multiple url's, etc. Parsing on best effort basis. Example: http://www-personal.umich.edu/~bjensen/ |
| url | TRUE | n/a | not set. See wWWHomePage. |
| umichadOU | FALSE | ou | Multi-valued attribute of organizations with which user is associated. Example: "College of LSA; Department of Physics" |
| umichadRole | FALSE | extracted from dn | An index "role" attribute; taken from last part of ou values in user's dn. Source will change when U-M Directory goes to flat namespace. Example: "students; faculty and staff" |
| umichadNoBatchUpdates | FALSE | noBatchUpdates | Flag in U-M Directory, set by user, which prohibits updates to user data from batch processes. Directory sync program assumes changes are made by user, rather than batch updates. For future use, perhaps same role for AD batch updates. Example: TRUE |
| umichadUMDirToADSyncFlag | FALSE | set by directory "sync" program | Used to flag update on Windows 2000 DC. Values are added as changes to AD user object take place. AD monitoring service looks for changes, recording a log, and resetting value of umichadUMDirToADSyncFlag to null.
2 = user added Example: "2;4;4" |