Global catalog attributes - Security Center 5.10

Security Center Administrator Guide 5.10

Applies to
Security Center 5.10
Last updated
2023-06-12
Content type
Guides > Administrator guides
Language
English
Product
Security Center
Version
5.10

For the Active Directory role to successfully connect to a global catalog and synchronize users and cardholders in Security Center, the global catalog must be updated to include specific attributes.

IMPORTANT: Not all required attributes are enabled by default. For those that are not, you must replicate them manually in the global catalog using the Microsoft Management Console.

User attributes

The global catalog must be updated with the following user attributes:
  • accountExpires (not enabled by default)
  • cn
  • description
  • displayName
  • distinguishedName
  • givenName
  • mail
  • memberof (for the SDK only)
  • name
  • objectClass
  • objectGUID
  • objectSid
  • sAMAccountName
  • sn
  • tokenGroup
  • userAccountControl
  • userPrincipalName
  • any attributes to be used in the Links page

Group attributes

The global catalog must be updated with the following group attributes:
  • cn
  • description
  • distinguishedName
  • groupType
  • mail
  • member
  • name
  • objectClass
  • objectGUID
  • objectSid
  • sAMAccountName

Container, domain, and organizational unit attributes

The global catalog must be updated with the following container, domain, and organizational attributes:

  • displayName
  • distinguishedName
  • member
  • name
  • objectClass
  • objectGUID
  • objectSid