Export (0) Print
Expand All

Reference: Directory objects and attributes used by Office 365


Applies to: Office 365 Enterprise

Topic Last Modified: 2014-08-22

Summary: Lists the requirements for the user-related attributes that you must ensure are correctly formatted within your schema before you migrate users to Office 365.

Successful directory synchronization between your on-premises Active Directory environment directory and Office 365. This requires that your on-premises directory objects and attributes be properly prepared.

If your organization intends to implement an Exchange hybrid deployment, you will need to upgrade your Active Directory schema to include Exchange Server 2010 SP2 updates. This is required to manage email-related attributes on-premises when using directory synchronization.

Administrators can hide users, distribution groups, and contacts from the global address list (GAL) by setting the msExchHideFromAddressLists attribute for the object in an on-premises Active Directory.

Apply the following requirements for user-object–related attributes when you prepare Active Directory for directory synchronization:


  • Maximum number of characters: 20 for user, 256 for groups.

  • Invalid Active Directory characters: \”|,/[]:<>+=;?*

  • If a user has an invalid sAMAccountName attribute but has a valid userPrincipalName attribute, the user account is created in Office 365.

  • If both sAMAccountName and userPrincipalName are invalid, the on-premises Active Directory userPrincipalName attribute must be updated.

  • If there is no userPrincipalName then sAMAccountName is checked for duplicates.


  • Maximum number of characters: 64

  • Invalid characters: whitespace \!#$%&*+/=?^`{}|~<>()’;:,[]”@

  • May not begin or end with a period and no duplicates are allowed.


  • Only Simple Mail Transport Protocol (SMTP) proxies are checked.

  • Multi-value attribute

  • Maximum single value number of characters: 256

  • RFC2822 and routable namespaces

  • No duplicates

All SMTP addresses should comply with email messaging standards. If duplicate or unwanted addresses exist, see the Help topic Removing duplicate and unwanted proxy addresses in Exchange.


For mail-enabled objects and alternate addresses, the targetAddress attribute is required. This is especially true in third-party messaging migration and coexistence scenarios. If no value is specified for the targetAddress attribute, the value for the mail attribute is applied to targetAddress.

  • Maximum number of characters: 256


The userPrincipalName (UPN) attribute must be in the Internet-style logon format where the user name is followed by the at sign (@) and a domain name; for example, user@contoso.com.

  • Maximum number of characters for the user name that is in front of the at sign (@): 64

  • Maximum number of characters for the domain name following the at sign (@): 256

  • No duplicates

  • RFC2822 and routable namespace format

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft