Customize AD attributes properties

You can define "properties details" to AD attributes to standardize and simplify the process of creating new AD objects.

Note that values entered with customized templates are not subject to the restrictions defined here.

The following properties are available:

 

AliasDisplayName

Sets an alternate display name for the use in ARM.

Example:

<l>

<AliasDisplayName type="System.String">City</AliasDisplayName>

</l>

 

AllowOnlyDefinedValues

Only predefined values can be selected. Use it together with DefinedValues.

Example:

<postalCode>

<AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>

<DefinedValues type="System.String">12345;67890</DefinedValues>

</postalCode>

 

DefinedValues

The predefined values for the attribute, separated by semicolons. The values are available in ARM as a drop down list. Use it together with AllowOnlyDefinedValues.

Example:

<postalCode>

<AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>

<DefinedValues type="System.String">12345;67890</DefinedValues>

</postalCode>

 

CreationRule

Defines a creation rule for the attribute.

Example:

<mail>

<CreationRule type="System.String">{givenname}.{sn}@[fqdn]</CreationRule>

</mail>

 

ValidationRule

Regular expression for checking the entered value. Use it together with ValidationInformation.

Example:

<telephoneNumber>

<ValidationRule type="System.String">^[+]\d{1,4}[ ][^0]\d{1,5}[ ]\d{1,32}[-]\d{1,8}</ValidationRule>

<ValidationInformation type="System.String">The phone number does not match the requirements.</ValidationInformation>

</telephoneNumber>

For help with regular expressions we recommend https://regex101.com.

 

ValidationInformation

Displays a help text for the validation rule. Use it together with ValidationRule.

Example:

<telephoneNumber>

<ValidationRule type="System.String">^[+]\d{1,4}[ ][^0]\d{1,5}[ ]\d{1,32}[-]\d{1,8}</ValidationRule>

<ValidationInformation type="System.String">The phone number does not match the requirements.</ValidationInformation>

</telephoneNumber>

 

IsRequired or Essential

The input is mandatory.

Example:

<streetAddress>

<IsRequired type="System.String">true</IsRequired>

</streetAddress>

 

IsHidden

The Attribute is hidden in all ARM views and reports.

Example:

<streetAddress>

<IsHidden type="System.String">true</IsHidden>

</streetAddress>

 

IsChangeable

If set to true the value can not be modified within ARM. Not valid for creating objects. See also: IsInitialConfigurable

Example:

<streetAddress>

<IsChangeable type="System.String">true</IsInitialConfigurable>

</streetAddress>

 

IsInitialConfigurable

If set to true the value can be modified during creating objects. See also: IsInitialConfigurable

Example:

<streetAddress>

<IsInitialConfigurable type="System.String">true</IsInitialConfigurable>

</streetAddress>

 

SortIndex

Allows you to define the display order of the properties in the Account view, Creation overlay, and Edit overlay using an integer value. The smaller the value, the higher the attribute is placed.

Example:

<streetAddress>

<SortIndex type="System.String">1500</SortIndex>

</streetAddress>

Please refer to the list of default LDAP properties and sort index values below.

 

IsObjectSearchable

If set to true, the attribute is included in the ARM search for AD objects.

Example:

<streetAddress>

<IsObjectSearchable type="System.String">true</IsObjectSearchable>

</streetAddress>

 

LDAP attributes that are read by default, and their sort index values

The following LDAP attributes ARM reads by default during an AD scan:

LDAP Attribute SortIndex Default
"accountexpires" 1000
"admincount" 2000
"cn" 3000
"comment" 4000
"company" 5000
"dc" 6000
"department" 7000
"description" 8000
"distinguishedname" 9000
"displayname" 10000
"employeeid" 11000
"employeetype" 11500
"flags" 12000
"givenname" 13000
"grouptype" 14000
"homedirectory" 15000
"homedrive" 16000
"homephone" 17000
"info" 18000
"initials" 19000
"jpegphoto" 50000
"thumbnailphoto" 51000
"lastlogon" 20000
"lastlogontimestamp" 21000
"managedby" 21250
"manager" 21500
"mail" 22000
"member" 23000
"memberof" 24000
"mobile" 25000
"name" 26000
"objectclass" 27000
"objectguid" 28000
"objectsid" 29000
"operatingsystem" 30000
"operatingsystemservicepack" 31000
"operatingsystemversion" 32000
"ou" 33000
"personaltitle" 34000
"primarygroupid" 35000
"profilepath" 36000
"proxyaddresses" 36500
"samaccountname" 37000
"samaccounttype" 38000
"scriptpath" 39000
"sidhistory" 40000
"sn" 41000
"subrefs" 42000
"systemflags" 43000
"telephonenumber" 44000
"title" 45000
"useraccountcontrol" 46000
"userprincipalname" 47000

 

Set attributes available to web client scenarios

For the action "Change personal information" - available in the cockpit and some web client scenarios - ARM loads a standard set of attributes. The standard set is the same for all roles. You can adjust which attributes are available for each ARM role.

To do this, you need to extend the pnserver.config.xml located at the following location:

%programdata%\protected-networks.com\8MAN\cfg

The changes will be applied without restarting the ARM service.

 

Example

The line numbers are for explanation purposes only.

01 <WebClient.Cockpit.ChangeAttributes.Manager>

02 postalCode;l;physicalDeliveryOfficeName;telephoneNumber;facsimileTelephoneNumber

03 </WebClient.Cockpit.ChangeAttributes.Manager>

 

Line 01 and 03

Specify which role the configuration should apply to. The following roles are possible:

ARM role

WebClient.Cockpit.ChangeAttributes.Administrator

WebClient.Cockpit.ChangeAttributes.JuniorAdministrator

WebClient.Cockpit.ChangeAttributes.DataOwner0

WebClient.Cockpit.ChangeAttributes.DataOwner1

WebClient.Cockpit.ChangeAttributes.DataOwner2

WebClient.Cockpit.ChangeAttributes.DataOwner3

WebClient.Cockpit.ChangeAttributes.DataOwner4

WebClient.Cockpit.ChangeAttributes.Read

WebClient.Cockpit.ChangeAttributes.Requester

WebClient.Cockpit.ChangeAttributes.Manager

 

Self Service in the cockpit: "Change my personal information"

WebClient.Cockpit.ChangeAttributes.SelfService

 

Line 02

List of attributes to be available. You can only use attributes that are included in the AD scan.