...
Active Directory Attribute | EmpowerID Person Attribute | |
|---|---|---|
N/A | AboutMe | |
N/A | BirthName | |
carLicense | CarLicense | |
l | City | |
company | Company | |
co | CountryN/A | CustomAttribute1 through 9 |
thumbnailPhoto | CustomAttribute27 | |
department | Department | |
departmentNumber | DepartmentNumber | |
description | Description | |
division | Division | |
mailNickname | EmailAlias | |
employeeID | EmployeeID | |
N/A | EmployeeIDOther | |
employeeType | EmployeeType | |
extensionAttribute1 - 15 and 20 | ExtensionAttribute1 - 27 | |
facsimileTelephoneNumber | Fax | |
givenName | FirstName | |
displayName | FriendlyName | |
N/A | Gender | |
generationQualifier | GenerationalSuffix | |
homePhone | HomeTelephone | |
N/A | IMAddress | |
initials | Initials | |
sn | LastName | |
samAccountName | Login | |
middleName | MiddleName | |
mobile | MobilePhone | |
info | Notes | |
physicalDeliveryOfficeName | Office | |
postOfficeBox | POBox | |
pager | Pager | |
personalTitle | PersonalTitle | |
postalCode | PostalCode | |
province | Province | |
st | State | |
streetAddress | StreetAddress | |
telephoneNumber | telephone | |
title | Title |
...
EmpowerID “Proxy” or Connection Account Requirements
EmpowerID uses highly privileged user accounts when connecting to user directories such as Active Directory, LDAP, or database systems. These user "account stores" use saved proxy accounts for connecting to these systems and performing user account management operations. EmpowerID requires one privileged account per domain or directory. This account requires all of the privileges matching the functions that EmpowerID may perform (user creation, deletion, password reset, group creation, etc).
| Info |
|---|
If you will be managing an Active Directory Domain, the proxy account must be able to access the deleted items container in AD. Access to the Deleted Items container requires Domain Admin access unless the container security is edited to allow non-domain admins to read it. Instructions for editing the security of the deleted items container can be found in Microsoft’s article “How to let non-administrators view the Active Directory deleted objects container” which can be viewed in full at http://support.microsoft.com/kb/892806 . |
| Note |
|---|
If you are connecting to an Active Directory Forest with multiple domains, you must first create an account store for the forest root domain before creating account stores for other domains in the forest. The proxy account used when adding your AD account store, must have read access to the AD Configuration Partition in order for topology discovery to succeed. Errors will occur if this process and its required access are not followed. |
| Tip |
|---|
You do not need to enable inventory on the account store created for the forest root domain. |
...
Next Steps
Connect to Active Directory
...