Article ID: 2256198 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

MORE INFORMATION

Table 1: Attributes that are synced from the on-premises Active Directory Domain Services (AD DS) to Windows Azure Active Directory (Windows Azure AD)

The following table lists the attributes that are synced from the on-premises AD DS to Windows Azure AD. Be aware that objects must contain values in the following attributes to be considered for sync:
  • cn
  • member (applies only to groups)
  • samAccountName (applies only to users)
  • alias (applies only to groups and contacts)
  • displayName (for groups with an mail or proxyAddresses attribute populated)

Collapse this tableExpand this table
Synced object attributeUserGroupContact (Src)Description
assistant Read-ReadThe name of the assistant for an account.
authOrigReadReadReadRelationship that indicates that the mailbox for the target object is authorized to send mail to the source object.
C --ReadTwo-letter ISO 3166 [ISO3166] country code.
cnReadReadRead
coRead-ReadThe country/region in which the person (user or contact) or company is located.
companyRead-ReadThe person's (user or contact) company name.
countryCodeRead-ReadThe country code for person's (user or contact) language of choice.
departmentRead-ReadThe name of the person's (user or contact) department.
descriptionReadReadReadHuman-readable descriptive phrases about the object.
displayNameReadReadReadThe display name for an object, usually the combination of the person's first name, middle initial, and last name.
dLMemRejectPermsReadReadReadRelationship that indicates that members of the target object are -t authorized to send mail to the source object.
dLMemSubmitPermsReadReadReadRelationship that indicates that members of the target object are authorized to send mail to the source object.
ExtensionAttribute1ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute10ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute11ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute12ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute13ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute14ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute15ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute2ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute3ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute4ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute5ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute6ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute7ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute8ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute9ReadReadReadCustom attribute that is defined in the customer on-premises directory.
facsimiletelephonenumberRead-ReadTelephone numbers (and, optionally, the parameters) for facsimile terminals.
givenNameRead-ReadName strings that are the part of a person's (user or contact) name that is -t their surname.
GroupType-Read-
hideDLMembership-Read-Hide the membership list on a distribution list from senders.
homephoneRead-ReadThe person's (user or contact) main home telephone number.
infoReadReadRead
InitialsRead-ReadStrings of initials of some or all of an individual's names, except the surname(s).
ipPhoneRead-ReadThe TCP/IP address for the telephone.
lRead-ReadNames of a locality or place, such as a city, county, or other geographic region.
legacyExchangeDNReadReadRead
mailReadReadReadThe list of email addresses for a person (user or contact).
mailnicknameReadReadRead
managedBy-Read-Resource/owner relationship, where the source object (a group) is the resource, and the target object is the owner.
managerRead-ReadManager/direct report relationship between two individuals, where the source object is the direct report, and the target object is the manager.
member-Read-Membership of the target object (of class User, Contact, or Group) in the group that is identified as the source object.
middleNameRead -ReadAdditional names for a person (user or contact), for example, middle name, patronymic, matronymic, or other names.
mobileRead-ReadThe primary mobile phone number for a person (user or contact).
msDS-HABSeniorityIndexReadReadRead
msDS-PhoneticDisplayNameReadReadRead
MsExchArchiveGUIDRead--
MsExchArchiveNameRead--
msExchArchiveStatusRead/Write--Created in the Exchange cloud for "write back" to on-premises when the customer has a cloud archive.
msExchAssistantName Read-ReadThe name of the assistant for an account.
msExchAuditAdminRead--
msExchAuditDelegateRead--
msExchAuditDelegateAdminRead--
msExchAuditOwnerRead--
MsExchBlockedSendersHashRead/Write-ReadPopulated through an upgrade from Business Productivity Online Standard Suite. –t synced from on-premises.
msExchBypassAuditRead--
MsExchBypassModerationFromDLMembersLinkReadReadRead
MsExchBypassModerationLinkReadReadRead
msExchCoManagedByLink-Read-
msExchDelegateListLink Read--
msExchELCExpirySuspensionEndRead--
msExchELCExpirySuspensionStartRead--
msExchELCMailboxFlagsRead--
MsExchEnableModerationRead Read-
msExchExtensionCustomAttribute1ReadReadRead
msExchExtensionCustomAttribute2ReadReadRead
msExchExtensionCustomAttribute3ReadReadRead
msExchExtensionCustomAttribute4ReadReadRead
msExchExtensionCustomAttribute5ReadReadRead
MsExchGroupDepartRestriction-Read-
MsExchGroupJoinRestriction-Read-
msExchHideFromAddressListsReadReadReadIndicator to control the visibility of a mail recipient for name resolution.
MsExchImmutableIDRead--
msExchLitigationHoldDateReadReadRead
msExchLitigationHoldOwnerRead ReadRead
MsExchMailboxGuidRead--The GUID of the user’s mailbox.
msExchMailboxAuditEnableRead--
msExchMailboxAuditLogAgeLimitRead--
MsExchModeratedByLinkReadReadRead
MsExchModerationFlagsReadReadRead
MsExchRecipientDisplayTypeReadReadRead
msExchRecipientTypeDetailsReadReadRead
MsExchRemoteRecipientTypeRead--
msExchRequireAuthToSendToRead ReadReadWhen enabled for a distribution list (DL), unauthenticated users are rejected.
MsExchResourceCapacityRead--
MsExchResourceDisplayRead--
MsExchResourceMetaDataRead--
MsExchResourceSearchPropertiesRead--
msExchRetentionCommentReadReadRead
msExchRetentionURLReadReadRead
MsExchSafeRecipientsHashRead/Write-ReadPopulated through an upgrade from Business Productivity Online Standard Suite. -t synced from on-premises.
MsExchSafeSendersHashRead/Write-ReadPopulated through an upgrade from Business Productivity Online Standard Suite. -t synced from on premises.
MsExchSenderHintTranslationsReadReadRead
msExchTeamMailboxExpirationRead--
msExchTeamMailboxOwnersRead--
msExchTeamMailboxSharePointLinkedByRead--
msExchTeamMailboxSharePointUrlRead--
msExchUCVoiceMailSettingsRead/Write--
msExchUsageLocationRead--
msExchUserHoldPoliciesRead/Write--Litigation Hold allows cloud services to determine which users are under Litigation Hold
msOrg-IsOrganizational-Read-
msRTCSIP-ApplicationOptionsRead--
msRTCSIP-DeploymentLocatorRead-ReadFully qualified DNS name of the Microsoft Lync Server 2010 deployment, as specified in the authoritative (customer, on-premises) directory.
msRTCSIP-LineRead-ReadThe device ID (either the Session Initiation Protocol (SIP) uniform resource identifier (URI) or the TEL URI) of the telephone that the user controls.
msRTCSIP-OwnerUrnRead--
msRTCSIP-PrimaryUserAddressRead-ReadSIP URI for instant messaging, as specified in the authoritative (customer, on-premise) directory.
msRTCSIP-UserEnabledRead-ReadIndicates whether the user is currently enabled for SIP instant messaging, as specified in the authoritative (customer, on-premises) directory.
msRTCSIP-OptionFlagsRead-Read
objectGUID ReadReadReadKey for the object: this key is immutable, even if the object moves from one context to another, for example, as a result of a company merge or split.
oOFReplyToOriginator-Read-Governs whether out-of-office -tifications should be sent to a sender of a message to this distribution list (DL).
otherFacsimileTelephoneRead-ReadA list of alternative facsimile numbers.
otherHomePhoneRead-ReadA list of alternative home telephone numbers.
otherIpPhoneRead-ReadA list of alternative TCP/IP addresses for the telephone.
otherMobileRead-ReadA list of alternative mobile phone numbers.
otherPagerRead-ReadA list of alternative pager numbers.
otherTelephoneRead-ReadA list of alternative office telephone numbers.
pagerRead-ReadThe primary pager number.
photoRead--
physicalDeliveryOfficeNameRead-ReadNames that a postal service uses to identify a post office.
postalCodeRead-ReadCodes that a postal service uses to identify postal service zones.
postOfficeBoxRead-ReadPostal box identifiers that a postal service uses when a customer arranges to receive mail at a box on the premises of the postal service.
PreferredLanguageRead-- The preferred written or spoken language for a user.
proxyAddressesRead/WriteRead/WriteRead/WriteThe address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system.
PublicDelegatesRead/WriteReadReadCross-premises public delegation: allows users to specify delegates for their mailbox.
reportToOriginator-Read-Governs whether to send delivery reports to the message originator when a message that is sent to a group is -t delivered. The delivery report lets the group owner k-w that the message was -t delivered.
ReportToOwner-Read-
samAccountNameRead--
snRead-ReadName strings for the family names of a person (user or contact).
stRead-ReadThe full names of states or provinces.
streetAddressRead-ReadThe person's (user or contact) address.
targetAddressRead-ReadThe destination address for the person (user or contact).
TelephoneAssistantRead-Read
telephoneNumberRead-ReadTelephone numbers that comply with the ITU Recommendation E.123.
thumbnailphoto Read-ReadPersons Photo - 10kb maximum size limit
titleRead-ReadThe title of a person (user or contact) in the person's organizational context.
unauthOrigReadReadReadRelationship that indicates that the mailbox for the target object is -t authorized to send mail to the source object.
urlRead-ReadThe list of alternative web pages.
userAccountControlRead--
UserPrincipalNameReadRead-The user principal name (UPN) that is an Internet-style logon name for a user, as specified in RFC 822.
wWWHomePageRead-ReadThe primary web page.

Table 2: Attributes that are written back to the on-premises AD DS from Windows Azure Active Directory in an Exchange hybrid deployment scenario

The following table lists the synced attributes that are written back to the on-premises AD DS from Office 365 in an Exchange hybrid deployment scenario. These attributes are written back only if Exchange federation for the hybrid deployment is enabled for the organization.
Collapse this tableExpand this table
Write-Back attribute Exchange "full fidelity" feature
msExchArchiveStatus Online Archive: Enables customers to archive mail.
msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
msExchUserHoldPoliciesLitigation Hold: Enables cloud services to determine which users are under Litigation Hold.
ProxyAddresses
(LegacyExchangeDN <online LegacyDn> as X500)
Enable Mailbox: Offboards an online mailbox back to on-premises Exchange.
PublicDelegatesCross-premises Public Delegation: Enables users to specify delegates for their mailbox.
SafeSendersHash
BlockedSendersHash
SafeRecipientHash
Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients.

How directory synchronization determines what isn't synced from the on-premises environment to Windows Azure AD

This section contains info about how directory synchronization determines what isn't synced from the on-premises environment to Windows Azure AD.

Any object is filtered if:
  • Object is a conflict object (DN contains \0ACNF: )


Contact objects are filtered if:
  • DisplayName contains "MSOL" AND msExchHideFromAddressLists = TRUE
  • mailNickName starts with "CAS_" AND mailNickName contains "{"


SecurityEnabledGroup objects are filtered if:
  • isCriticalSystemObject = TRUE
  • mail is present AND DisplayName isn't present
  • Group has more than 15,000 immediate members

MailEnabledGroup objects are filtered if:
  • DisplayName is empty (if the version of the Directory Sync tool is earlier than 6385.0012). Otherwise, the group isn't filtered.
  • (ProxyAddress doesn't have a primary SMTP address) AND (mail attribute isn't present/invalid - i.e. indexof ('@') <= 0)
  • Group has more than 15,000 immediate members

User objects are filtered if:
  • mailNickName starts with "SystemMailbox{"
  • mailNickName starts with "CAS_" AND mailNickName contains "{"
  • sAMAccountName starts with "CAS_" AND sAMAccountName has "}"
  • sAMAccountName equals "SUPPORT_388945a0"
  • sAMAccountName equals "MSOL_AD_Sync"
  • sAMAccountName isn't present
  • isCriticalSystemObject is present
  • msExchRecipientTypeDetails == (0x1000 OR 0x2000 OR 0x4000 OR 0x400000 OR 0x800000 OR 0x1000000 OR 0x20000000)

Still need help? Go to the Office 365 Community or the Windows Azure Active Directory Forums website.

Properties

Article ID: 2256198 - Last Review: October 31, 2013 - Revision: 27.0
Applies to
  • Microsoft Office 365
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Microsoft Exchange Online
  • CRM Online via Office 365 E Plans
  • Windows Azure Recovery Services
Keywords: 
o365 o365a o365e o365062013 after upgrade o365062011 pre-upgrade hybrid o365m KB2256198

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com