Global catalog attributes - Security Center 5.11

Active Directory Integration Guide 5.11

Product
Security Center
Content type
Guides > Integration guides
Version
5.11
Language
English
Last updated
2022-10-24

For the Active Directory role to successfully connect to a global catalog and synchronize users and cardholders in Security Center, the global catalog must be updated to include specific attributes.

IMPORTANT: Not all required attributes are enabled by default. For those that are not, you must replicate them manually in the global catalog using the Microsoft Management Console.

User attributes

The global catalog must be updated with the following user attributes:
  • accountExpires (not enabled by default)
  • cn
  • description
  • displayName
  • distinguishedName
  • givenName
  • mail
  • memberof (for the SDK only)
  • name
  • objectClass
  • objectGUID
  • objectSid
  • sAMAccountName
  • sn
  • tokenGroup
  • userAccountControl
  • userPrincipalName
  • any attributes to be used in the Links page

Group attributes

The global catalog must be updated with the following group attributes:
  • cn
  • description
  • distinguishedName
  • groupType
  • mail
  • member
  • name
  • objectClass
  • objectGUID
  • objectSid
  • sAMAccountName

Container, domain, and organizational unit attributes

The global catalog must be updated with the following container, domain, and organizational attributes:

  • displayName
  • distinguishedName
  • member
  • name
  • objectClass
  • objectGUID
  • objectSid