Article ID: 2256198 - Last Review: February 22, 2012 - Revision: 3.0

List of attributes that are synchronized to Office 365 and attributes that are written back to the on-premises Active Directory Domain Services

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

SUMMARY

This article lists the attributes that are used by directory synchronization in Microsoft Office 365. This contents of this article are as follows: 
Back to the top

MORE INFORMATION

Table 1: Attributes that are synchronized from the on-premises Active Directory Domain Services (AD DS) to Office 365

The following table lists the attributes that are synchronized from the on-premises AD DS to Office 365. Be aware that objects must contain values in the following attributes to be considered for synchronization:
  • cn
  • member (applies only to groups)
  • samAccountName (applies only to users)
  • alias (applies only to groups and contacts)
  • displayName (for groups with an mail or proxyAddresses attribute populated)

Collapse this tableExpand this table
Synchronized object attributeUserGroupContact (Src)Description
assistant Read-ReadThe name of the assistant for an account.
authOrigReadReadReadRelationship that indicates that the mailbox for the target object is authorized to send mail to the source object.
C --ReadTwo-letter ISO 3166 [ISO3166] country code.
cnReadReadRead
coRead-ReadThe country/region in which the person (user or contact) or company is located.
CoManagedBy-Read-
companyRead-ReadThe person's (user or contact) company name.
countryCodeRead-ReadThe country code for person's (user or contact) language of choice.
departmentRead-ReadThe name of the person's (user or contact) department.
descriptionReadReadReadHuman-readable descriptive phrases about the object.
displayNameReadReadReadThe display name for an object, usually the combination of the person's first name, middle initial, and last name.
dLMemRejectPermsReadReadReadRelationship that indicates that members of the target object are -t authorized to send mail to the source object.
dLMemSubmitPermsReadReadReadRelationship that indicates that members of the target object are authorized to send mail to the source object.
ExtensionAttribute1ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute10ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute11ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute12ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute13ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute14ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute15ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute2ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute3ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute4ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute5ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute6ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute7ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute8ReadReadReadCustom attribute that is defined in the customer on-premises directory.
ExtensionAttribute9ReadReadReadCustom attribute that is defined in the customer on-premises directory.
facsimiletelephonenumberReadReadReadTelephone numbers (and, optionally, the parameters) for facsimile terminals.
givenNameRead-ReadName strings that are the part of a person's (user or contact) name that is -t their surname.
GroupType-Read-
hideDLMembership-Read-Hide the membership list on a distribution list from senders.
homeMDBRead--
homephoneRead-ReadThe person's (user or contact) main home telephone number.
infoReadReadRead
InitialsRead-ReadStrings of initials of some or all of an individual's names, except the surname(s).
ipPhone--ReadThe TCP/IP address for the telephone.
lRead-ReadNames of a locality or place, such as a city, county, or other geographic region.
legacyExchangeDNReadReadRead
mailReadReadReadThe list of email addresses for a person (user or contact).
managedBy-Read-Resource/owner relationship, where the source object (a group) is the resource, and the target object is the owner.
managerRead-ReadManager/direct report relationship between two individuals, where the source object is the direct report, and the target object is the manager.
member-Read-Membership of the target object (of class User, Contact, or Group) in the group that is identified as the source object.
middleName--ReadAdditional names for a person (user or contact), for example, middle name, patronymic, matronymic, or other names.
mobileRead-ReadThe primary mobile phone number for a person (user or contact).
msDS-HABSeniorityIndexReadReadRead
msDS-PhoneticDisplayNameReadReadRead
MsExchArchiveGUIDRead--
MsExchArchiveNameRead--
msExchArchiveStatusRead/Write--Created in the Exchange cloud for "write back" to on-premises when the customer has a cloud archive.
msExchAssistantName Read-ReadThe name of the assistant for an account.
msExchAuditAdminRead--
msExchAuditDelegateRead--
msExchAuditDelegateAdminRead--
msExchAuditOwnerRead--
MsExchBlockedSendersHashRead/Write-ReadPopulated through an upgrade from Business Productivity Online Standard Suite. –t synchronized from on-premises.
msExchBypassAuditRead--
MsExchBypassModerationFromDLMembersLinkReadRead-
MsExchBypassModerationLinkReadRead-
msExchDelegateListLink Read--
msExchELCExpirySuspensionEndRead--
msExchELCExpirySuspensionStartRead--
msExchELCMailboxFlagsRead--
MsExchEnableModeration-Read-
MsExchGroupDepartRestriction-Read-
MsExchGroupJoinRestriction-Read-
msExchHideFromAddressListsReadReadReadIndicator to control the visibility of a mail recipient for name resolution.
MsExchImmutableIDRead--
msExchLitigationHoldDateReadReadRead
msExchLitigationHoldOwner-ReadRead
MsExchMailboxGuidRead--The globally unique identifier (GUID) of the user’s mailbox.
msExchMailboxAuditEnableRead--
msExchMailboxAuditLogAgeLimitRead--
MsExchModeratedByLinkReadReadRead
MsExchModerationFlagsReadReadRead
MsExchRecipientDisplayTypeReadReadRead
MsExchRemoteRecipientTypeReadReadRead
msExchRequireAuthToSendTo-ReadReadWhen enabled for a distribution list (DL), unauthenticated users are rejected.
MsExchResourceCapacityRead--
MsExchResourceDisplayRead--
MsExchResourceMetaDataRead--
MsExchResourceSearchPropertiesRead--
msExchRetentionCommentReadReadRead
msExchRetentionURLReadReadRead
MsExchSafeRecipientsHashRead/Write-ReadPopulated through an upgrade from Business Productivity Online Standard Suite. -t synchronized from on premises.
MsExchSafeSendersHashRead/Write-ReadPopulated through an upgrade from Business Productivity Online Standard Suite. -t synchronized from on premises.
MsExchSenderHintTranslationsReadReadRead
msExchUCVoiceMailSettingsRead/Write--
msExchUsageLocationRead--
msOrg-IsOrganizational-Read-
msRTCSIP-DeploymentLocatorRead-ReadFully-qualified DNS name of the Microsoft Online Communications Server deployment, as specified in the authoritative (customer, on-premise) directory.
msRTCSIP-LineRead-ReadThe device ID (either the Session Initiation Protocol (SIP) uniform resource identifier (URI) or the TEL URI) of the telephone that the user controls.
msRTCSIP-PrimaryUserAddressRead-ReadSIP URI for instant messaging, as specified in the authoritative (customer, on-premise) directory.
msRTCSIP-UserEnabledRead-ReadIndicates whether the user is currently enabled for SIP instant messaging, as specified in the authoritative (customer, on-premise) directory.
msRTCSIP-OptionFlagsRead-Read
objectGUID ReadReadReadKey for the object: this key is immutable, even if the object moves from one context to a-ther, for example, as a result of a company merge or split.
oOFReplyToOriginator-Read-Governs whether out-of-office -tifications should be sent to a sender of a message to this distribution list (DL).
otherFacsimileTelephoneRead-ReadA list of alternative facsimile numbers.
otherHomePhoneRead-ReadA list of alternative home telephone numbers.
otherIpPhoneRead-ReadA list of alternative TCP/IP addresses for the telephone.
otherMobileRead-ReadA list of alternative mobile phone numbers.
otherPagerRead-ReadA list of alternative pager numbers.
otherTelephoneRead-ReadA list of alternative office telephone numbers.
pagerRead-ReadThe primary pager number.
physicalDeliveryOfficeNameRead-ReadNames that a postal service uses to identify a post office.
postalCodeRead-ReadCodes that a postal service uses to identify postal service zones.
postOfficeBoxRead-ReadPostal box identifiers that a postal service uses when a customer arranges to receive mail at a box on the premises of the postal service.
PreferredLanguageRead-ReadThe preferred written or spoken language for a user.
proxyAddressesRead/WriteRead/WriteRead/WriteThe address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system.
PublicDelegatesRead/WriteReadRead
reportToOriginator-Read-Governs whether to send delivery reports to the message originator when a message that is sent to a group is -t delivered. The delivery report lets the group owner k-w that the message was -t delivered.
samAccountNameRead--
snRead-ReadName strings for the family names of a person (user or contact).
stRead-ReadThe full names of states or provinces.
streetAddressRead-ReadThe person's (user or contact) address.
targetAddressRead-ReadThe destination address for the person (user or contact).
TelephoneAssistantRead-Read
telephoneNumberRead-ReadTelephone numbers that comply with the ITU Recommendation E.123.
thumbnailphoto Read-ReadPersons Photo - 10kb maximum size limit
titleRead-ReadThe title of a person (user or contact) in the person's organizational context.
unauthOrigReadReadReadRelationship that indicates that the mailbox for the target object is -t authorized to send mail to the source object.
urlRead-ReadThe list of alternative web pages.
userAccountControlRead--
UserPrincipalNameReadRead-The user principal name (UPN) that is an Internet-style logon name for a user, as specified in RFC 822.
wWWHomePageRead-ReadThe primary web page.

Back to the top

Table 2: Attributes that are written back to the on-premises AD DS from Office 365 in an Exchange rich-coexistence scenario

The following table lists the synchronized attributes that are written back to the on-premises AD DS from Office 365 in an Exchange rich-coexistence scenario. These attributes are written back only if Exchange Federation for Rich-Coexistence is enabled for the organization.
Collapse this tableExpand this table
Write-Back attribute Exchange "full fidelity" feature
SafeSendersHash
BlockedSendersHash
SafeRecipientHash 		Filtering Coexistence: Writes back on-premises filtering and online safe and blocked sender data from clients.
msExchArchiveStatus Online Archive: Enables customers to archive mail in Microsoft Online.
ProxyAddresses
(LegacyExchangeDN <online LegacyDn> as X500) 		Enable Mailbox: Off-boards an online mailbox back to on-premises Exchange.
msExchUCVoiceMailSettings Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.
PublicDelegates Delegates

Back to the top

How directory synchronization determines what is not synchronized from the on-premises environment to Office 365

This section contains information about how directory synchronization determines what is not synchronized from the on-premises environment to Office 365.

Contact objects:
  • contains "MSOL" in DisplayName
  • msExchHideFromAddressLists = TRUE
SecurityEnabledGroup objects: 
  • isCriticalSystemObject = TRUE
  • mail is present AND displayName is not present
MailEnabledGroups and MailEnabledContacts objects:
  • (proxy addresses does not have a primary SMTP address) and (mail not present/invalid - i.e. indexof('@') <=0)
iNetOrgPerson objects:
  • sAMAccountName is not present
    isCriticalSystemObject = TRUE
User objects:
  • mailNickName starts with "SystemMailbox{"
    mailNickName starts with "CAS_"  AND mailNickName contains "{"
    sAMAccountName starts with "CAS_" ANDsAMAccountName has "}"
    sAMAccountName equals "SUPPORT_388945a0"
    sAMAccountName equals "MSOL_AD_Sync"
    sAMAccountName is not present
    isCriticalSystemObject = TRUE
Group size:
  • Groups that have more than 15,000 members are also filtered out during the synchronization process to address performance concerns.
Back to the top
APPLIES TO
  • Microsoft Office 365 for enterprises
Back to the top
Keywords: 
vkbportal231 vkbportal237 vkbportal230 o365 bposs KB2256198
Back to the top