During the VMware Identity Manager service directory setup, you select Active Directory user attributes and filters to select which users sync in the VMware Identity Manager directory. You can change the user attributes that sync from the VMware Identity Manager console, Identity & Access Management tab, Setup > User Attributes.

Changes that are made and saved in the User Attributes page are added to the Mapped Attributes page in the VMware Identity Manager directory. The attributes changes are updated to the directory with the next sync to Active Directory.

The User Attributes page lists the default directory attributes that can be mapped to Active Directory attributes. You select the attributes that are required, and you can add other attributes that you want to sync to the directory. When you add attributes, the attribute name you enter is case-sensitive. For example, address, Address, and ADDRESS are different attributes.
Table 1. Default Active Directory Attributes to Sync to Directory
VMware Identity Manager Directory Attribute Name Default Mapping to Active Directory Attribute
userPrincipalName userPrincipalName
distinguishedName distinguishedName
employeeId employeeID
domain canonicalName. Adds the fully qualified domain name of object.
disabled (external user disabled) userAccountControl. Flagged with UF_Account_Disable

When an account is disabled, users cannot log in to access their applications and resources. The resources that users were entitled to are not removed from the account so that when the flag is removed from the account users can log in and access their entitled resources

phone telephoneNumber
lastName sn
firstName givenName
email mail
userName sAMAccountName.

The following attributes cannot be used as custom attribute names because VMware Identity Manager service uses these attributes internally for user identity management.

  • externalUserDisabled
  • employeeNumber