Active Directory structure
In this example scenario, Active Directory maintains all user accounts in a single organizational unit: CompanyUsers. This is to simplify the example. In larger, more complex networks, multiple organizational units will be used.
In this example scenario, the following LDAP attributes play an important role for each user account:
| LDAP attribute
|
Example
|
Usage
|
employeeID
|
643521
|
Unique identification of the employee, as used in the phonebook application and Active Directory. This field corresponds with the database field AccountID of each row of the table. This LDAP attribute is set using the UMRA script action Set attribute (AD).
|
phoneNumber
|
382-517-730
|
The phone number of the employee. This field is stored in the database and in Active Directory. Changes made in the database must be propagated to Active Directory by the UMRA synchronization process. This LDAP attribute is set using the UMRA script action Set attribute (AD). Initially, the attribute is updated as part of the general UMRA script action Create user (AD).
|
Table 2: The LDAP attributes of interest
When UMRA creates a new user account, it sets a number of other LDAP attributes as well. These attributes include: sAMAccountName, userPrincipleName, sn, givenName and displayName. All of these attributes are set at user creation time. The attributes do not play an important role in this example scenario.
|
