Skip to main content
Matrix42 Self-Service Help Center

Azure AD Data Provider Attribute Mapping

Overview

On this page, you may find all necessary information for the advanced settings of the Azure Active Directory import, in particular import mapping rules and available attributes.

Users

Rules

  • Account attributes including state are imported from Azure Active Directory
  • The corresponding Person is created for every Account that is imported from Azure Active Directory (except the case when AD and AAD are connected with AD connect)
  • If the Account is already associated with an existing Person, the Person is not updated
  • Person attributes are set only in case when new Person is created during import from Azure Active Directory
  • Person attributes are never updated during Import if Person already exists
  • Person attributes are not synchronized back to Azure Active Directory

Account

Mapping
SPSAccountClassAD.Sid = sid

or

(SPSAccountClassBase.NBAccountName = sAMAccountName AND Domain)

where Domain:

SPSAccountClassAD.Domain = @DomainId
Attributes
Name Azure AD Data Definition Attribute Note
State 512 NORMAL_ACCOUNT SPSCommonClassBase State  
Locked CASE WHEN accountEnabled = 'true' THEN 0 ELSE 1 END SPSAccountClassAD Locked  
Domain - SPSAccountClassAD Domain taken from Relation, @DomainID
Account Name

CASE WHEN userPrincipal
​Name IS NULL THEN onPremisesSamAccountName ELSE SubString(userPrincipal
​Name,0, PATINDEX(”%@%”, userPrincipalName)) END

SPSAccountClassBase AccountName  
NETBIOS Name onPremisesSamAccountName SPSAccountClassBase NBAccountName  
Person - SPSAccountClassBase Owner taken from Relation
Federal State state SPSAccountClassBase FederalState  
Address streetAddress SPSAddressClassBase Street  
Country country SPSAddressClassBase Country  
Fax faxNumber SPSAddressClassBase Facsimile  
P.O. postalCode SPSAddressClassBase ZIP  
City city SPSAddressClassBase City  
Email mail SPSAddressClassBase eMail  
Sid id SPSAccountClassAD Sid  
Distinguished Name onPremisesDistinguishedName SPSAccountClassAD ADCN  
First Name givenName SPSAccountClassADUser FirstName  
Last Name surname SPSAccountClassADUser LastName  
Position jobTitle SPSAccountClassADUser Position  
Cell Phone mobilePhone SPSAccountClassADUser MobilePhone  
Office officeLocation SPSAccountClassADUser Office  
Department department SPSAccountClassADUser Department  
Company companyName SPSAccountClassADUser Company  

Person

Mapping
SPSUserClassLdap.Sid = sid
Attributes
Name Azure AD Data Definition Attribute Note
Display Name displayName SPSUserClassBase DisplayName  
Federal State state SPSAddressClassBase State  
Address streetAddress SPSAddressClassBase Street  
Country country SPSAddressClassBase Country  
Fax faxNumber SPSUserClassBase Fax  
P.O. postalCode SPSAddressClassBase POBoxZIP  
City city SPSAddressClassBase City  
Email mail SPSAddressClassBase eMail  
Accounts id SPSUserClassBase Accounts Relation
Distinguished Name onPremisesDistinguishedName SPSUserClassLdap DistinguishedName  
First Name givenName SPSUserClassBase FirstName  
Last Name surname SPSUserClassBase LastName  
Position jobTitle SPSUserClassBase Position  
Cell Phone mobilePhone SPSUserClassBase MobilePhone  
Business Phone businessPhone SPSUserClassBase BusinessPhone  
Office officeLocation SPSUserClassBase Office  
Department department SPSUserClassBase Department  
Company companyName SPSUserClassBase Company  

Groups

Rules

  • All specified attributes including state are imported from Azure Active Directory

Mapping

(SPSSecurityGroupClassAD.Sid = sid AND Domain)

or

(SPSSecurityGroupClassAD.NT4Name = sAMAccountName AND Domain)

or

(SPSSecurityGroupClassAD.Name = name AND Domain)

Where Domain:

SPSSecurityGroupClassAD.Domain =@DomainId

Attributes

Name Azure AD Data Definition Attribute Note
State 2080 SPSCommonClassBase State  
Domain - SPSSecurityGroupClassAD Domain Relation, @DomainID
Name displayName SPSSecurityGroupClassAD Name  
NETBIOS Name displayName SPSSecurityGroupClassAD NT4Name  
Group Type groupTypes.Contains("Unified") ? 16 : 48 SPSSecurityGroupClassAD GroupType  
Security Group CASE WHEN groupType & 32 = 32 THEN 1 ELSE 0 END SPSSecurityGroupClassAD IsSecurityGroup  
Sid id SPSSecurityGroupClassAD Sid  
Description description SPSSecurityGroupClassAD Description  

Common Azure AD Attbitutes

Name

Azure AD

AD

Data Definition

Attribute

Note

Last Sync Date - - SPSCommonClassLdap LastSyncDate Current date
Object GUID id objectGuid SPSCommonClassLdap ObjectGuid  
Deleted - - SPSCommonClassLdap Deleted 0 (False)
Synchronizable - - SPSCommonClassLdap Synchronizable @Synchronizable