Manage attributes
Manage attributes
|
<< Click to view the table of contents >> Navigation: Commands > Settings >
|
|
The Manage Attributes window allows you to customize the Current Document Template.
The grid rows are the attributes to be managed in the document, you can add or remove them using the Add attribute or Remove attribute commands located at the bottom of the window. Some attributes, highlighted in red, are required for the program to work and cannot be removed.
The Add attribute command allows you to add attributes to the current document, you can select them from the list of user or group attributes in Active Directory, all of the following attribute types are supported, including any custom attributes created by the organization.
•Case-insensitive string type
•Numeric value represented as a string
•Directory string specification
•Byte array represented as string
•32-bit integer type
•64-bit integer type (large)
•Boolean value type
•OID value type
•Time expressed in generalized time format
•Distinguished name of a directory service object
•Enumeration value type
•IA5 character set string
•Printable character set string
•SID value type
The application also handles attributes that do not exist in Active Directory, these have an Extra_ or Opt_ prefix before the name, for more information on this see: Extra Attributes.
The following fields can be edited or displayed for each attribute:
•Header: the column header in the main application grid, this is a descriptive value only.
•Default Value: this is the value that the application will automatically assign to new users created within the document, for existing users you can still easily apply these values using the Set Values Window.
As a default value you can use a static value, for example for the department attribute the value Offices, or, for multi-value attributes use several values separated by the symbol | (pipe) such as for the memberOf attribute the value Domain Users|Offices.
Default values can also be obtained automatically based on other attributes, when you want to use another attribute as a value you need to include it between braces {} e.g. the value of the name attribute could be obtained automatically from the attributes sn and givenName with this syntax within the name field {sn} {givenName} or the value of the homeDirectory attribute could be obtained from the static value of the UNC path of the shared folder on the file server ending with the name attribute ex. \\FileServerName\SharedFolder\Subfolder\{name}.
If you want to get portions of attributes automatically, some macros are available, description and examples follow.
Macro |
Prototype |
Description |
E.g. with the value of the attribute name = michelangelo.bonarroti |
|---|---|---|---|
DelLeft |
{attribute}[DelLeft(N)] |
deletes N characters from the left |
{name}DelLeft(2) = michelangelo.bonarro |
DelRight |
{attribute}[DelRight(N)] |
deletes N characters from the right |
{name}DelRight(2) = chelangelo.bonarroti |
GetLeft |
{attribute}[GetLeft(N)] |
gets N characters from the left |
{name}GetLeft(2) = mi |
GetRight |
{attribute}[GetRight(N)] |
gets N characters from the right |
{name}GetRight(2) = ti |
Sub |
{attribute}[Sub(N,M)] |
gets a sub-string of M characters from N |
{name}[Sub(7,6)] = angelo |
•Rule: these are additional automations that can be applied to attribute values; for example, you can define to calculate a password based on specific criteria, or change text to uppercase, remove empty spaces, etc. For more information on rules see the Rules topic.
•Attribute or option: displays the name of the attribute in Active Directory
•Type: displays the Active Directory type related to the attribute
•Single-value: displays whether the Active Directory attribute is a single-value type or can contain a list of values (multi-value).
•Read-only: shows whether the Active Directory attribute is read-only or writable.
•Unique: shows whether the attribute is considered unique, i.e., no duplicate values are allowed. For attributes marked as unique by Active Directory, the property cannot be changed. You can, however, mark an attribute as unique even if it is not unique in AD, in which case it will be marked as unique by Active Directory One at the project level, which will prevent the creation or modification of a user or group if duplicate values are found in AD.
•Override: allows the override list to be displayed and edited. This property is used when storing in Active Directory and when importing, when all the values in the override list of the record you are storing or importing are equal to an existing record, it is overwritten.
NOTE: Some attributes have an important function and are highlighted with color.
•Root Attributes: when an attribute has no default values and is used to build other attributes it is defined as a root attribute; this type of attribute is highlighted in green. In the example figure, the root attributes are sn and givenName because they do not have a default value and are used to auto-complete the displayName, name, userPrincipalName, saMAccountName fields. for more information on root attributes see Templates.
•Target attribute and target entity: in this example, the memberOf attribute record highlighted in blue is the target attribute that contains the target entity of the project (in this case the Offices group). See Projects for more information.
See also: Templates - Extra Attributes - Rules.