For the Active Directory role to successfully connect to a global catalog and synchronize users and cardholders in Security Center, the global catalog must be updated to include specific attributes.
IMPORTANT: Not all required attributes are enabled by default. For those that are
not, you must replicate them manually in the global catalog using the Microsoft Management
Console.
User attributes
The global catalog must be updated with the following user attributes:
- accountExpires (not enabled by default)
- cn
- description
- displayName
- distinguishedName
- givenName
- memberof (for the SDK only)
- name
- objectClass
- objectGUID
- objectSid
- sAMAccountName
- sn
- tokenGroup
- userAccountControl
- userPrincipalName
- any attributes to be used in the Links page
Group attributes
The global catalog must be updated with the following group attributes:
- cn
- description
- distinguishedName
- groupType
- member
- name
- objectClass
- objectGUID
- objectSid
- sAMAccountName
Container, domain, and organizational unit attributes
The global catalog must be updated with the following container, domain, and organizational attributes:
- displayName
- distinguishedName
- member
- name
- objectClass
- objectGUID
- objectSid