Directory Synchronization - Managing Directory Attributes

Updated

This article contains information on managing directory attributes in Mimecast, including supported AD synced attributes, adding, changing, deleting, disabling, and enabling directory attributes, and synchronization with Azure Active Directory.

Directory attributes can be used to define a specific property or characteristic of a user's email address (e.g. names, titles, email addresses, and telephone numbers). When they are created, they are applied to both internal and external email domain users. They can be used in many ways, for example, populating a business card component in a stationery layout by allowing administrators to select which attributes are assigned to the email signature.

It's not necessary to add a directory attribute for the property of a user's email address. This is automatically collected by Mimecast for every user and stored as a variable.

Supported AD Synced Attributes

The table below lists supported AD Synced Attributes for an On-Premise Active Directory. To find the attributes provided by Azure, see Synchronizing User Attributes with Azure Active Directory.

mail telephonenumber countrycode
givenname extensionattribute15 msexchuserculture
msexchrbacpolicylink mailnickname extensionattribute4
userprincipalname name memberof
departmentnumber legacyexchangedn msexchhomeservername
description title homemdb
wwwhomepage postalcode street
physicaldeliveryofficename streetaddress company
sn department c
manager cn l
samaccountname showinaddressbook displayname
distinguishedname  proxyaddress  

Managing Directory Attributes

Directory Attributes can be managed in two ways:

  1. Manually as local attributes in Mimecast. This must be managed in Mimecast directly, but you can use the Importing Users via a Spreadsheet page to create and populate the attribute data. Manual attributes offer the administrator more control and are useful when adding a customized property field to a user's email address (e.g. market vertical, promotion code, or gender).
  2. Synchronized from a network directory using Directory Synchronization (e.g. Microsoft Active Directory). Data synchronized using LDAP cannot be edited in Mimecast. However, it's the most efficient way of supplying attribute data to Mimecast, as the directory is a centrally managed data source.

When an attribute is created, the field is immediately visible in all domain user profiles, but won't be populated. This requires a Directory Synchronization to be performed.

Adding / Changing a Directory Attribute

You can add or change a directory attribute, by using the following steps:

  1. Log on to the Mimecast Administration Console.
  2. Navigate to Users & Groups | Attributes.
  3. Select either the:
    • Attribute to be changed and click on the Edit button in the pop-up panel.
    • Add Attribute button.
  1. Complete the Attribute Details dialog as follows:
Field / Option Description
Name (Prompt) Enter the reference name that Mimecast will use to retrieve the attribute data. For a manual attribute, enter a name that best describes the attribute you are creating. For LDAP directory linked attributes, enter the defined attribute name in the directory (e.g. Microsoft Active Directory). See the Directory Linked Attribute field below for more information.
Group Specify a title for grouped attributes. For example, two attributes belonging to a group called Contact Information can be grouped together in the email user profile (see the Order field below).

The Group column indicates whether the attribute is manually created or synchronized with a directory, shown as either "Manual Attributes" or "General Attributes" respectively.
Type This defines both the type and appearance of the attribute field. The following options are available:

Small Text Capture (50 Pixels): A text string with a maximum length of 50 pixels.
Small Text Capture (100 Pixels): A text string with a maximum length of 100 pixels.
Text Capture (150 Pixels): A text string with a maximum length of 150 pixels.
Text Capture (200 Pixels): A text string with a maximum length of 200 pixels.
Large Text Capture (250 Pixels): A text string with a maximum length of 250 pixels.
Large Text Capture (300 Pixels): A text string with a maximum length of 300 pixels.
Yes/No Checkbox: A drop-down field containing options for "Yes" and "No".
Simple Selection: A list of values allowing one to be selected. The list values are defined in the Options field (see below) with each value separated by a comma (e.g. Red, White, Blue).
Complex Selection: A list of values, but allowing multiple values to be selected. This option also allows you to store one value, but display another (e.g. store values 1, 2, 3, but display Red, White, Blue). This enables the displayed value to be changed, without altering the stored value.

The list values are defined in the Options field (see below) with each value defined by the value, a full stop, and the display value (e.g. 1. Red, 2. White, 3. Blue).

Directory Linked Attribute: This creates a directory linked attribute which synchronizes the data from the directory to Mimecast. It is not possible to edit the data value of this attribute in Mimecast, as it is extracted from the Directory.

A directory connection must be configured to periodically synchronize attribute data prior to using this option. When configuring LDAP attributes, it's mandatory that the Prompt field (see above) is identical to the prompt of the directory attribute. For example, Microsoft Active Directory uses the 'cn' prompt to display the Common Name of the user, and 'facsimiletelephonenumber' for the Fax Number of the user. For more information read the Directory Synchronization page.
Order This determines the order in which the attribute values are displayed in the Group field. If no order is entered, the attributes are listed in alphabetical order.
Options This determines the values displayed in the Simple Selection and Complex Selection fields.
Show in Tables Enable this option to make the attribute available in Mimecast's Awareness Training platform.

For full details, see the Awareness Training - Performance Analysis Custom Attributes article.
  1. Click Save.

Deleting a Directory Attribute

You can delete a directory attribute by using the following steps:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Users & Groups | Attributes.
  3. Select the Attribute to be deleted.
  4. Click Delete.
  5. Click Delete in the confirmation dialog.

Disabling a Directory Attribute

The Status column indicates whether the attribute is currently enabled or disabled.

You can disable a directory attribute, by using the following steps:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Users & Groups | Attributes.
  3. Click on the Managing Attributes_1 icon to the right of the required attribute.
  4. Select Disable Attribute.

Enabling a Directory Attribute

You can enable a directory attribute, by using the following steps:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Users & Groups | Attributes.
  3. Click on the disabled Attribute.
  4. Click Edit.
  5. Select a new value from the Type drop-down menu.
  6. Click Save.

Attributes.jpg

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.