Export (0) Print
Expand All

Reference: Directory objects and attributes used by Office 365

 

Applies to: Office 365 Enterprise

Topic Last Modified: 2014-01-09

Summary: Lists the requirements for the user-related attributes that you must ensure are correctly formatted within your schema before you migrate users to Office 365.

Successful directory synchronization between your on-premises Active Directory environment directory and Office 365. This requires that your on-premises directory objects and attributes be properly prepared.

If your organization intends to implement an Exchange hybrid deployment, you will need to upgrade your Active Directory schema to include Exchange Server 2010 SP2 updates. This is required to manage email-related attributes on-premises when using directory synchronization.

NoteNote:
Administrators can hide users, distribution groups, and contacts from the global address list (GAL) by setting the msExchHideFromAddressLists attribute for the object in an on-premises Active Directory.

Apply the following requirements for user-object–related attributes when you prepare Active Directory for directory synchronization:

sAMAccountName

  • Maximum number of characters: 20

  • Invalid Active Directory characters: !#\$%\^&\{\}\\{`~"",\\/\[\]:@<>\+=;\?\*

  • If a user has an invalid sAMAccountName attribute but has a valid userPrincipalName attribute, the user account is created in Office 365.

  • If both sAMAccountName and userPrincipalName are invalid, the on-premises Active Directory userPrincipalName attribute must be updated.

givenName

  • Maximum number of characters: 64

  • Unexpected characters: ?@\+

    NoteNote:
    The Deployment Readiness Tool checks for questionable characters.

sn (surname)

  • Maximum number of characters: 64

  • Unexpected characters: ?@\+

    NoteNote:
    The Deployment Readiness Tool checks for questionable characters.

displayName

  • Maximum number of characters: 256

  • Unexpected characters: \?@\+

    NoteNote:
    The Deployment Readiness Tool checks for questionable characters.

mail

  • Maximum number of characters: 256

  • Invalid characters: [! #$ %&*+ / = ? ^ ` { }]

  • Duplicate values: The mail attribute cannot contain any duplicate values.

    NoteNote:
    If there are duplicate values in the mail field, the first user who has such a value is synchronized to the Office 365 environment. All the other users who have duplicate values don’t appear in the Microsoft Online Services Portal. As a result, you must modify the mail attribute value for those users with the matching value that did not synchronize to the portal.

mailNickname

  • Maximum number of characters: 64

  • Invalid characters: ""\\\[\]:><; a space

proxyAddresses

  • Multi-value attribute

  • Maximum number of characters: 256

  • Invalid characters: \)\(;><\]\[\\,

All Simple Mail Transport Protocol (SMTP) addresses should comply with email messaging standards. If duplicate or unwanted addresses exist, see the Help topic Removing duplicate and unwanted proxy addresses in Exchange.

targetAddress

For mail-enabled objects and alternate addresses, the targetAddress attribute is required. This is especially true in third-party messaging migration and coexistence scenarios. If no value is specified for the targetAddress attribute, the value for the mail attribute is applied to targetAddress.

  • Maximum number of characters: 256

  • Invalid characters: [! #$ %&*+ / = ? ^ ` { }]

userPrincipalName

The userPrincipalName (UPN) attribute must be in the Internet-style logon format where the user name is followed by the at sign (@) and a domain name; for example, user@contoso.com.

  • Maximum number of characters for the user name that is in front of the at sign (@): 64

  • Maximum number of characters for the domain name following the at sign (@): 256

  • Invalid characters: ! # $ % & \ * + - / = ? ^ ` { | } ~ < > ( )`

The Azure Active Directory Sync tool sends a list of duplicate UPNs in an error report email to the admin account that you have configured for Office 365.

Additional requirements for a valid userPrincipalName attribute:

  • The @ character is required in each userPrincipalName value.

  • The @ character cannot be the first character in each userPrincipalName value.

  • The user name cannot end with a period (.), an ampersand (&), a space, or an at sign (@).

  • The user name cannot have any spaces.

  • Routable domains must be used; for example, local or internal cannot be used.

  • Unicode is converted to underscore characters.

  • userPrincipalName cannot contain any duplicate values in the forest.

Groups

  • Mail-enabled character check: All mail-enabled groups must use the *@* pattern.

Contacts

  • Mail-enabled character check: All mail-enabled contacts must use the *@* pattern.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft