- Article
- 13 minutes to read
This topic lists the attributes that are synchronized by Azure AD Connect sync.
The attributes are grouped by the related Azure AD app.
Attributes to synchronize
A common question is what is the list of minimum attributes to synchronize. The default and recommended approach is to keep the default attributes so a full GAL (Global Address List) can be constructed in the cloud and to get all features in Microsoft 365 workloads. In some cases, there are some attributes that your organization does not want synchronized to the cloud since these attributes contain sensitive personal data, like in this example:
In this case, start with the list of attributes in this topic and identify those attributes that would contain personal data and cannot be synchronized. Then deselect those attributes during installation using Azure AD app and attribute filtering.
Warning
When deselecting attributes, you should be cautious and only deselect those attributes absolutely not possible to synchronize. Unselecting other attributes might have a negative impact on features.
Microsoft 365 Apps for enterprise
| Attribute Name | User | Comment |
|---|---|---|
| accountEnabled | X | Defines if an account is enabled. |
| cn | X | |
| displayName | X | |
| objectSID | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password hash sync, pass-through authentication and federation. |
| samAccountName | X | |
| sourceAnchor | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. |
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. |
Exchange Online
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| altRecipient | X | Requires Azure AD Connect build 1.1.552.0 or after. | ||
| authOrig | X | X | X | |
| c | X | X | ||
| cn | X | X | ||
| co | X | X | ||
| company | X | X | ||
| countryCode | X | X | ||
| department | X | X | ||
| description | X | |||
| displayName | X | X | X | |
| dLMemRejectPerms | X | X | X | |
| dLMemSubmitPerms | X | X | X | |
| extensionAttribute1 | X | X | X | |
| extensionAttribute10 | X | X | X | |
| extensionAttribute11 | X | X | X | |
| extensionAttribute12 | X | X | X | |
| extensionAttribute13 | X | X | X | |
| extensionAttribute14 | X | X | X | |
| extensionAttribute15 | X | X | X | |
| extensionAttribute2 | X | X | X | |
| extensionAttribute3 | X | X | X | |
| extensionAttribute4 | X | X | X | |
| extensionAttribute5 | X | X | X | |
| extensionAttribute6 | X | X | X | |
| extensionAttribute7 | X | X | X | |
| extensionAttribute8 | X | X | X | |
| extensionAttribute9 | X | X | X | |
| facsimiletelephonenumber | X | X | ||
| givenName | X | X | ||
| homePhone | X | X | ||
| info | X | X | X | This attribute is currently not consumed for groups. |
| Initials | X | X | ||
| l | X | X | ||
| legacyExchangeDN | X | X | X | |
| mailNickname | X | X | X | |
| managedBy | X | |||
| manager | X | X | ||
| member | X | |||
| mobile | X | X | ||
| msDS-HABSeniorityIndex | X | X | X | |
| msDS-PhoneticDisplayName | X | X | X | |
| msExchArchiveGUID | X | |||
| msExchArchiveName | X | |||
| msExchAssistantName | X | X | ||
| msExchAuditAdmin | X | |||
| msExchAuditDelegate | X | |||
| msExchAuditDelegateAdmin | X | |||
| msExchAuditOwner | X | |||
| msExchBlockedSendersHash | X | X | ||
| msExchBypassAudit | X | |||
| msExchBypassModerationLink | X | Available in Azure AD Connect version 1.1.524.0 | ||
| msExchCoManagedByLink | X | |||
| msExchDelegateListLink | X | |||
| msExchELCExpirySuspensionEnd | X | |||
| msExchELCExpirySuspensionStart | X | |||
| msExchELCMailboxFlags | X | |||
| msExchEnableModeration | X | X | ||
| msExchExtensionCustomAttribute1 | X | X | X | This attribute is currently not consumed by Exchange Online. |
| msExchExtensionCustomAttribute2 | X | X | X | This attribute is currently not consumed by Exchange Online. |
| msExchExtensionCustomAttribute3 | X | X | X | This attribute is currently not consumed by Exchange Online. |
| msExchExtensionCustomAttribute4 | X | X | X | This attribute is currently not consumed by Exchange Online. |
| msExchExtensionCustomAttribute5 | X | X | X | This attribute is currently not consumed by Exchange Online. |
| msExchHideFromAddressLists | X | X | X | |
| msExchImmutableID | X | |||
| msExchLitigationHoldDate | X | X | X | |
| msExchLitigationHoldOwner | X | X | X | |
| msExchMailboxAuditEnable | X | |||
| msExchMailboxAuditLogAgeLimit | X | |||
| msExchMailboxGuid | X | |||
| msExchModeratedByLink | X | X | X | |
| msExchModerationFlags | X | X | X | |
| msExchRecipientDisplayType | X | X | X | |
| msExchRecipientTypeDetails | X | X | X | |
| msExchRemoteRecipientType | X | |||
| msExchRequireAuthToSendTo | X | X | X | |
| msExchResourceCapacity | X | |||
| msExchResourceDisplay | X | |||
| msExchResourceMetaData | X | |||
| msExchResourceSearchProperties | X | |||
| msExchRetentionComment | X | X | X | |
| msExchRetentionURL | X | X | X | |
| msExchSafeRecipientsHash | X | X | ||
| msExchSafeSendersHash | X | X | ||
| msExchSenderHintTranslations | X | X | X | |
| msExchTeamMailboxExpiration | X | |||
| msExchTeamMailboxOwners | X | |||
| msExchTeamMailboxSharePointUrl | X | |||
| msExchUserHoldPolicies | X | |||
| msOrg-IsOrganizational | X | |||
| objectSID | X | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | |
| oOFReplyToOriginator | X | |||
| otherFacsimileTelephone | X | X | ||
| otherHomePhone | X | X | ||
| otherTelephone | X | X | ||
| pager | X | X | ||
| physicalDeliveryOfficeName | X | X | ||
| postalCode | X | X | ||
| proxyAddresses | X | X | X | |
| publicDelegates | X | X | X | |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password sync and federation. | ||
| reportToOriginator | X | |||
| reportToOwner | X | |||
| sn | X | X | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| st | X | X | ||
| streetAddress | X | X | ||
| targetAddress | X | X | ||
| telephoneAssistant | X | X | ||
| telephoneNumber | X | X | ||
| thumbnailphoto | X | X | synced only once from Azure AD to Exchange Online after which Exchange Online becomes source of authority for this attribute and any later changes can't be synced from on-premises. See (KB) for more. | |
| title | X | X | ||
| unauthOrig | X | X | X | |
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. | ||
| userCertificate | X | X | ||
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. | ||
| userSMIMECertificates | X | X | ||
| wWWHomePage | X | X |
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| authOrig | X | X | X | |
| c | X | X | ||
| cn | X | X | ||
| co | X | X | ||
| company | X | X | ||
| countryCode | X | X | ||
| department | X | X | ||
| description | X | X | X | |
| displayName | X | X | X | |
| dLMemRejectPerms | X | X | X | |
| dLMemSubmitPerms | X | X | X | |
| extensionAttribute1 | X | X | X | |
| extensionAttribute10 | X | X | X | |
| extensionAttribute11 | X | X | X | |
| extensionAttribute12 | X | X | X | |
| extensionAttribute13 | X | X | X | |
| extensionAttribute14 | X | X | X | |
| extensionAttribute15 | X | X | X | |
| extensionAttribute2 | X | X | X | |
| extensionAttribute3 | X | X | X | |
| extensionAttribute4 | X | X | X | |
| extensionAttribute5 | X | X | X | |
| extensionAttribute6 | X | X | X | |
| extensionAttribute7 | X | X | X | |
| extensionAttribute8 | X | X | X | |
| extensionAttribute9 | X | X | X | |
| facsimiletelephonenumber | X | X | ||
| givenName | X | X | ||
| hideDLMembership | X | |||
| homephone | X | X | ||
| info | X | X | X | |
| initials | X | X | ||
| ipPhone | X | X | ||
| l | X | X | ||
| X | X | X | ||
| mailnickname | X | X | X | |
| managedBy | X | |||
| manager | X | X | ||
| member | X | |||
| middleName | X | X | ||
| mobile | X | X | ||
| msExchTeamMailboxExpiration | X | |||
| msExchTeamMailboxOwners | X | |||
| msExchTeamMailboxSharePointLinkedBy | X | |||
| msExchTeamMailboxSharePointUrl | X | |||
| objectSID | X | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | |
| oOFReplyToOriginator | X | |||
| otherFacsimileTelephone | X | X | ||
| otherHomePhone | X | X | ||
| otherIpPhone | X | X | ||
| otherMobile | X | X | ||
| otherPager | X | X | ||
| otherTelephone | X | X | ||
| pager | X | X | ||
| physicalDeliveryOfficeName | X | X | ||
| postalCode | X | X | ||
| postOfficeBox | X | X | This attribute is currently not consumed by SharePoint Online. | |
| preferredLanguage | X | |||
| proxyAddresses | X | X | X | |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password hash sync, pass-through authentication and federation. | ||
| reportToOriginator | X | |||
| reportToOwner | X | |||
| sn | X | X | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| st | X | X | ||
| streetAddress | X | X | ||
| targetAddress | X | X | ||
| telephoneAssistant | X | X | ||
| telephoneNumber | X | X | ||
| thumbnailphoto | X | X | synced only once from Azure AD to Exchange Online after which Exchange Online becomes source of authority for this attribute and any later changes can't be synced from on-premises. See (KB) for more. | |
| title | X | X | ||
| unauthOrig | X | X | X | |
| url | X | X | ||
| usageLocation | X | mechanical property. The user’s country/region | ||
| . Used for license assignment. | ||||
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. | ||
| wWWHomePage | X | X |
Teams and Skype for Business Online
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| c | X | X | ||
| cn | X | X | ||
| co | X | X | ||
| company | X | X | ||
| department | X | X | ||
| description | X | X | X | |
| displayName | X | X | X | |
| facsimiletelephonenumber | X | X | X | |
| givenName | X | X | ||
| homephone | X | X | ||
| ipPhone | X | X | ||
| l | X | X | ||
| X | X | X | ||
| mailNickname | X | X | X | |
| managedBy | X | |||
| manager | X | X | ||
| member | X | |||
| mobile | X | X | ||
| msExchHideFromAddressLists | X | X | X | |
| msRTCSIP-ApplicationOptions | X | |||
| msRTCSIP-DeploymentLocator | X | X | ||
| msRTCSIP-Line | X | X | ||
| msRTCSIP-OptionFlags | X | X | ||
| msRTCSIP-OwnerUrn | X | |||
| msRTCSIP-PrimaryUserAddress | X | X | ||
| msRTCSIP-UserEnabled | X | X | ||
| objectSID | X | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | |
| otherTelephone | X | X | ||
| physicalDeliveryOfficeName | X | X | ||
| postalCode | X | X | ||
| preferredLanguage | X | |||
| proxyAddresses | X | X | X | |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password hash sync, pass-through authentication and federation. | ||
| sn | X | X | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| st | X | X | ||
| streetAddress | X | X | ||
| telephoneNumber | X | X | ||
| thumbnailphoto | X | X | synced only once from Azure AD to Exchange Online after which Exchange Online becomes source of authority for this attribute and any later changes can't be synced from on-premises. See (KB) for more. | |
| title | X | X | ||
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. | ||
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. | ||
| wWWHomePage | X | X |
Azure RMS
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| cn | X | X | Common name or alias. Most often the prefix of [mail] value. | |
| displayName | X | X | X | A string that represents the name often shown as the friendly name (first name last name). |
| X | X | X | full email address. | |
| member | X | |||
| objectSID | X | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | |
| proxyAddresses | X | X | X | mechanical property. Used by Azure AD. Contains all secondary email addresses for the user. |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. | ||
| userPrincipalName | X | This UPN is the login ID for the user. Most often the same as [mail] value. |
Intune
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| c | X | X | ||
| cn | X | X | ||
| description | X | X | X | |
| displayName | X | X | X | |
| X | X | X | ||
| mailnickname | X | X | X | |
| member | X | |||
| objectSID | X | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | |
| proxyAddresses | X | X | X | |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password hash sync, pass-through authentication and federation. | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. | ||
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. |
Dynamics CRM
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| c | X | X | ||
| cn | X | X | ||
| co | X | X | ||
| company | X | X | ||
| countryCode | X | X | ||
| description | X | X | X | |
| displayName | X | X | X | |
| facsimiletelephonenumber | X | X | ||
| givenName | X | X | ||
| l | X | X | ||
| managedBy | X | |||
| manager | X | X | ||
| member | X | |||
| mobile | X | X | ||
| objectSID | X | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | |
| physicalDeliveryOfficeName | X | X | ||
| postalCode | X | X | ||
| preferredLanguage | X | |||
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password hash sync, pass-through authentication and federation. | ||
| sn | X | X | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| st | X | X | ||
| streetAddress | X | X | ||
| telephoneNumber | X | X | ||
| title | X | X | ||
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. | ||
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. |
3rd party applications
This group is a set of attributes used as the minimal attributes needed for a generic workload or application. It can be used for a workload not listed in another section or for a non-Microsoft app. It is explicitly used for the following:
- Yammer (only User is consumed)
- Hybrid Business-to-Business (B2B) cross-org collaboration scenarios offered by resources like SharePoint
This group is a set of attributes that can be used if the Azure AD directory is not used to support Microsoft 365, Dynamics, or Intune. It has a small set of core attributes. Note that single sign-on or provisioning to some third-party applications requires configuring synchronization of attributes in addition to the attributes described here. Application requirements are described in the SaaS app tutorial for each application.
| Attribute Name | User | Contact | Group | Comment |
|---|---|---|---|---|
| accountEnabled | X | Defines if an account is enabled. | ||
| cn | X | X | ||
| displayName | X | X | X | |
| employeeID | X | |||
| givenName | X | X | ||
| X | X | |||
| managedBy | X | |||
| mailNickName | X | X | X | |
| member | X | |||
| objectSID | X | mechanical property. AD user identifier used to maintain sync between Azure AD and AD. | ||
| proxyAddresses | X | X | X | |
| pwdLastSet | X | mechanical property. Used to know when to invalidate already issued tokens. Used by both password hash sync, pass-through authentication and federation. | ||
| sn | X | X | ||
| sourceAnchor | X | X | X | mechanical property. Immutable identifier to maintain relationship between ADDS and Azure AD. |
| usageLocation | X | mechanical property. The user’s country/region. Used for license assignment. | ||
| userPrincipalName | X | UPN is the login ID for the user. Most often the same as [mail] value. |
Windows 10
A Windows 10 domain-joined computer(device) synchronizes some attributes to Azure AD. For more information on the scenarios, see Connect domain-joined devices to Azure AD for Windows 10 experiences. These attributes always synchronize and Windows 10 does not appear as an app you can unselect. A Windows 10 domain-joined computer is identified by having the attribute userCertificate populated.
| Attribute Name | Device | Comment |
|---|---|---|
| accountEnabled | X | |
| deviceTrustType | X | Hardcoded value for domain-joined computers. |
| displayName | X | |
| ms-DS-CreatorSID | X | Also called registeredOwnerReference. |
| objectGUID | X | Also called deviceID. |
| objectSID | X | Also called onPremisesSecurityIdentifier. |
| operatingSystem | X | Also called deviceOSType. |
| operatingSystemVersion | X | Also called deviceOSVersion. |
| userCertificate | X |
These attributes for user are in addition to the other apps you have selected.
| Attribute Name | User | Comment |
|---|---|---|
| domainFQDN | X | Also called dnsDomainName. For example, contoso.com. |
| domainNetBios | X | Also called netBiosName. For example, CONTOSO. |
| msDS-KeyCredentialLink | X | Once the user is enrolled in Windows Hello for Business. |
Exchange hybrid writeback
These attributes are written back from Azure AD to on-premises Active Directory when you select to enable Exchange hybrid. Depending on your Exchange version, fewer attributes might be synchronized.
| Attribute Name (On-premises AD) | Attribute Name (Connect UI) | User | Contact | Group | Comment |
|---|---|---|---|---|---|
| msDS-ExternalDirectoryObjectID | ms-DS-External-Directory-Object-Id | X | Derived from cloudAnchor in Azure AD. This attribute is new in Exchange 2016 and Windows Server 2016 AD. | ||
| msExchArchiveStatus | ms-Exch-ArchiveStatus | X | Online Archive: Enables customers to archive mail. | ||
| msExchBlockedSendersHash | ms-Exch-BlockedSendersHash | X | Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. | ||
| msExchSafeRecipientsHash | ms-Exch-SafeRecipientsHash | X | Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. | ||
| msExchSafeSendersHash | ms-Exch-SafeSendersHash | X | Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients. | ||
| msExchUCVoiceMailSettings | ms-Exch-UCVoiceMailSettings | X | Enable Unified Messaging (UM) - Online voice mail: Used by Microsoft Lync Server integration to indicate to Lync Server on-premises that the user has voice mail in online services. | ||
| msExchUserHoldPolicies | ms-Exch-UserHoldPolicies | X | Litigation Hold: Enables cloud services to determine which users are under Litigation Hold. | ||
| proxyAddresses | proxyAddresses | X | X | X | Only the x500 address from Exchange Online is inserted. |
| publicDelegates | ms-Exch-Public-Delegates | X | Allows an Exchange Online mailbox to be granted SendOnBehalfTo rights to users with on-premises Exchange mailbox. Requires Azure AD Connect build 1.1.552.0 or after. |
Exchange Mail Public Folder
These attributes are synchronized from on-premises Active Directory to Azure AD when you select to enable Exchange Mail Public Folder.
| Attribute Name | PublicFolder | Comment |
|---|---|---|
| displayName | X | |
| X | ||
| msExchRecipientTypeDetails | X | |
| objectGUID | X | |
| proxyAddresses | X | |
| targetAddress | X |
Device writeback
Device objects are created in Active Directory. These objects can be devices joined to Azure AD or domain-joined Windows 10 computers.
| Attribute Name | Device | Comment |
|---|---|---|
| altSecurityIdentities | X | |
| displayName | X | |
| dn | X | |
| msDS-CloudAnchor | X | |
| msDS-DeviceID | X | |
| msDS-DeviceObjectVersion | X | |
| msDS-DeviceOSType | X | |
| msDS-DeviceOSVersion | X | |
| msDS-DevicePhysicalIDs | X | |
| msDS-KeyCredentialLink | X | Only with Windows Server 2016 AD schema |
| msDS-IsCompliant | X | |
| msDS-IsEnabled | X | |
| msDS-IsManaged | X | |
| msDS-RegisteredOwner | X |
Notes
- When using an Alternate ID, the on-premises attribute userPrincipalName is synchronized with the Azure AD attribute onPremisesUserPrincipalName. The Alternate ID attribute, for example mail, is synchronized with the Azure AD attribute userPrincipalName.
- Although there is no enforcement of uniqueness on the Azure AD onPremisesUserPrincipalName attribute, it is not supported to sync the same UserPrincipalName value to the Azure AD onPremisesUserPrincipalName attribute for multiple different Azure AD users.
- In the lists above, the object type User also applies to the object type iNetOrgPerson.
Next steps
Learn more about the Azure AD Connect sync configuration.
Learn more about Integrating your on-premises identities with Azure Active Directory.
FAQs
How do I sync attributes to Azure AD? ›
Open the Azure AD Connect wizard, choose Tasks, and then choose Customize synchronization options. Sign in as an Azure AD Global Administrator. On the Optional Features page, select Directory extension attribute sync. Select the attribute(s) you want to extend to Azure AD.
How would you troubleshoot object synchronization issues with Azure AD Connect set up? ›Run the troubleshooting task in the wizard
Start the Azure AD Connect wizard. Navigate to the Additional Tasks page, select Troubleshoot, and click Next. On the Troubleshooting page, click Launch to start the troubleshooting menu in PowerShell. In the main menu, select Troubleshoot Object Synchronization.
Attribute synchronization and mapping to Azure AD DS
The most reliable way to sign in to a managed domain is using the UPN. The SAMAccountName attribute is sourced from the mailNickname attribute in the Azure AD tenant. If multiple user accounts have the same mailNickname attribute, the SAMAccountName is autogenerated.
The attribute value must be unique within the directory. If there are duplicate values, the first user with the value is synchronized.
What are the Azure AD attributes? ›Your Azure Active Directory B2C (Azure AD B2C) directory user profile comes with a set of built-in attributes, such as given name, surname, city, postal code, and phone number. You can extend the user profile with your own application data without requiring an external data store.
What is Azure AD Connect Sync? ›Azure AD Connect Cloud Sync is a new offering from Microsoft designed to meet and accomplish your hybrid identity goals for synchronization of users, groups, and contacts to Azure AD. It accomplishes this by using the Azure AD Cloud provisioning agent instead of the Azure AD Connect application.
Which attributes are used to register a user control in Microsoft Azure? ›Source attribute - The user attribute from the source system (example: Azure Active Directory). Target attribute – The user attribute in the target system (example: ServiceNow). Default value if null (optional) - The value that will be passed to the target system if the source attribute is null.
Which Azure features allows synchronization between on-premises and Azure AD? ›Azure AD Connect sync server.
An on-premises computer that runs the Azure AD Connect sync service. This service synchronizes information held in the on-premises Active Directory to Azure AD. For example, if you provision or deprovision groups and users on-premises, these changes propagate to Azure AD.
You can perform another useful search by selecting the Azure AD Connector. In the Scope box, select Pending Import, and then select the Add check box. This search gives you all synced objects in Azure AD that cannot be associated with an on-premises object.
What are the attributes of a directory? ›Directory attributes can be used to define a specific property or characteristic of a user's email address (e.g. names, titles, email addresses, and telephone numbers). When they are created, they are applied to both internal and external email domain users.
Which of the following are required attributes for a user account using Active Directory? ›
A user object in AD has attributes that contain information such as canonical name. first name, middle name, last name, login credentials telephone number, manager who he or she reports to, address, who their subordinates are, and more.
How do I set attributes in Active Directory? ›To create a new Attribute:
Choose File > Add or Remove Snap-ins then select the Active Directory Schema option. Double-click or click Add then click OK to load the Snap-in. Once the Snap-in has been loaded, expand this out, right-click on the Attributes entry then select Create Attribute... to continue.
Azure Active Directory Connect is made up of three primary components: the synchronization services, the optional Active Directory Federation Services component, and the monitoring component named Azure AD Connect Health.
What is the difference between AD Sync and AD Connect? ›Azure AD Connect Cloud Sync is the preferred way to synchronize on-premises AD to Azure AD, assuming you can get by with its limitations. Azure AD Connect provides the most feature-rich synchronization capabilities, including Exchange hybrid support.
What is Active Directory synchronization? ›Active Directory synchronization is a tool for synchronizing users and groups between Microsoft Active Directory and an IBM® Security Directory Server instance. Synchronization is one-way, from Active Directory to IBMTivoli® Directory Server only.
Why is my Microsoft Sync not working? ›If you're having problems with syncing, you can try running the Microsoft Accounts troubleshooter on the desktop computer and check the status. It's an automated tool that can find and automatically fix some syncing problems.
How do I reset my Azure AD Sync? ›Go to Windows Service Control Manager (START → Services). Select Microsoft Azure AD Sync and click Restart.
What is used to prevent an error in synchronizing? ›One way to reduce synchronization errors is to always use the supplied USB cables; do not use USB extension cables or long, low quality USB cables. If a device's supplied USB cable must be replaced, purchase a high quality replacement 3 meters or shorter.
How do I fix DN attributes failure? ›To resolve this error, you need to correct/change the duplicate attributes in your on-premises AD. After making the changes in your local AD, run Start-ADSyncSyncCycle -PolicyType Initial to run a full sync cycle.
What causes sync conflicts? ›Sync Conflicts are a protective measure that only relate to our Sync Folders feature. The most common reason for this is when two different people/computers both change the same file. This could be due to 2 different people updating the same file within a few minutes of each other.
What causes sync error? ›
One of the first things that trigger the "Sync is currently experiencing problem" notification on Android is a poor internet connection. Your phone needs an active internet connection to sync information across your accounts. So, synchronization won't work if your internet is down.
Why is my sync failing? ›Try switching off your cell phone, resetting it or removing the battery, then trying again. Try deleting your device from SYNC and deleting SYNC from your device, then trying again. Always check the security and auto accept prompt settings relative to the SYNC Bluetooth connection on your cell phone.
How do I get AD attributes in PowerShell? ›To use PowerShell to get an AD user object attributes, we will be using the Property parameter. The Property parameter accepts one or more comma-separated attributes to show with the output. Below we will see an example of using Get-ADUser to find all properties for a specific user account.
Which attributes can you use in access conditions? ›Use attributes that have specific business meaning - Conditions allow you to use attributes that have specific business meaning to you in access control. Some examples of attributes are project name, software development stage, and classification levels.
What is synchronized identity in Azure AD? ›Synchronized: identities that exist on-premises and in the cloud. Using Azure AD Connect, users are either created or joined with existing Azure AD accounts. The user's password hash is synchronized from the on-premises environment to the cloud in what is called a password hash.
How do I sync Active Directory with Azure AD? ›To open Synchronization Service Manager, go to Start menu and type Synchronization Service. It should appear under the Azure AD Connect. In the Synchronization Service Manager console, under Operations tab, you can monitor the synchronization progress.
What are 4 common file attributes? ›File attributes are maintained in the file system's directories, and typical attributes are Read-Only, Hidden, System and Archive.
What are the four types of data attributes? ›They have the data attributes of base (BINARY or DECIMAL), scale (FLOAT or FIXED), precision (significant digits and decimal-point placement), and mode (REAL or COMPLEX). Numeric character data is numeric data that is held in character form.
What attributes are available in Azure AD? ›Your Azure Active Directory B2C (Azure AD B2C) directory user profile comes with a set of built-in attributes, such as given name, surname, city, postal code, and phone number. You can extend the user profile with your own application data without requiring an external data store.
How do I add attributes to my AD account? ›To create a new Attribute:
Choose File > Add or Remove Snap-ins then select the Active Directory Schema option. Double-click or click Add then click OK to load the Snap-in. Once the Snap-in has been loaded, expand this out, right-click on the Attributes entry then select Create Attribute... to continue.
How do I see all attributes in Active Directory? ›
Go to Start and open Administrative tools. Click on Active Directory users and Computers. Right click on the object whose attributes you wish to view, and click Properties. In the dialogue box that opens, you will be able to view all the AD attributes of the object categorized based on the attribute type.
How do I view custom attributes in Active Directory? ›In the left navigation, go to Users. Right-click on a user, then click Properties. Click the Attribute Editor tab, then confirm that the custom attribute you created is listed in the "Attribute" column (e.g., LastPassK1).
How do I run full sync on aad connect? ›If you need to manually run a sync cycle, then from PowerShell run Start-ADSyncSyncCycle -PolicyType Delta . To initiate a full sync cycle, run Start-ADSyncSyncCycle -PolicyType Initial from a PowerShell prompt.
How long does aad take to sync? ›Once every 30 minutes, the Azure AD synchronization is triggered, unless it is still processing the last run. Runs generally take less than 10 minutes, but if we need to replace the tool, it can take 2-3 days to get into synchronicity.
Which command is used to add attributes? ›Detailed Solution. SQL command used to modify attribute values of one or more selected types is UPDATE. The ALTER TABLE statement is used to add, delete, or modify columns in an existing table. The ALTER TABLE statement is also used to add and drop various constraints on an existing table.