For the Active Directory role to successfully connect to a global catalog and
synchronize users and cardholders in Security
Center,
the global catalog must be updated to include specific attributes.
User attributes
The global catalog must be updated with the following user attributes:
- distinguishedName
- objectGUID
- objectClass
- cn
- objectSid
- sAMAccountName
- displayName
- name
- mail
- description
- userPrincipalName
- userAccountControl
- accountExpires
- givenName
- sn
- tokenGroup
- memberof (For the SDK only)
- any attributes to be used in the Links tab
Group attributes
The global catalog must be updated with the following group attributes:
- distinguishedName
- objectGUID
- objectClass
- cn
- objectSid
- sAMAccountName
- name
- mail
- description
- groupType
- member
Container, domain, and organizational unit attributes
The global catalog must be updated with the following container, domain, and organizational
attributes:
- distinguishedName
- objectGUID
- objectClass
- objectSid
- displayName
- name
- member
