During the VMware Identity Manager service directory setup you select Active Directory user attributes and filters to specify which users sync in the VMware Identity Manager directory. You can change the user attributes that sync from the administration console, Identity & Access Management tab, Setup > User Attributes.

Changes that are made and saved in the User Attributes page are added to the Mapped Attributes page in the VMware Identity Manager directory. The attributes changes are updated to the directory with the next sync to Active Directory.

The User Attributes page lists the default directory attributes that can be mapped to Active Directory attributes. You select the attributes that are required, and you can add other Active Directory attributes that you want to sync to the directory. When you add attributes, note that the attribute name you enter is case sensitive. For example, address, Address, and ADDRESS are different attributes.

Table 1. Default Active Directory Attributes to Sync to Directory

VMware Identity Manager Directory Attribute Name

Default Mapping to Active Directory Attribute

userPrincipalName

userPrincipalName

distinguishedName

distinguishedName

employeeId

employeeID

domain

canonicalName. Adds the fully qualified domain name of object.

disabled (external user disabled)

userAccountControl. Flagged with UF_Account_Disable

When an account is disabled, users cannot log in to access their applications and resources. The resources that users were entitled to are not removed from the account so that when the flag is removed from the account users can log in and access their entitled resources

phone

telephoneNumber

lastName

sn

firstName

givenName

email

mail

userName

sAMAccountName.