Office 365
United States (English) Sign in
Home Library Deployment Training Support Community Gallery
2 out of 4 rated this helpful - Rate this topic

Appendix E Directory Object Preparation

 

Applies to: Office 365 Deployment Guide for Enterprises

Topic Last Modified: 2013-02-01

Successful directory synchronization between your on-premises Active Directory environment directory and Office 365. This requires that your on-premises directory objects and attributes be properly prepared.

If your organization intends to implement an Exchange hybrid deployment, you will need to upgrade your Active Directory schema to include Exchange Server 2010 SP2 updates. This is required to manage email-related attributes on-premises when using directory synchronization.

noteNote:
Administrators can hide users, distribution groups, and contacts from the global address list (GAL) by setting the msExchHideFromAddressLists attribute for the object in an on-premises Active Directory.

Apply the following requirements for user-object–related attributes when you prepare Active Directory for directory synchronization:

sAMAccountName

  • Maximum number of characters: 20
  • Invalid Active Directory characters: !#\$%\^&\{\}\\{`~"",\\/\[\]:@<>\+=;\?\*
  • If a user has an invalid sAMAccountName attribute but has a valid userPrincipalName attribute, the user account is created in Office 365.
  • If both sAMAccountName and userPrincipalName are invalid, the on-premises Active Directory userPrincipalName attribute must be updated.

givenName

  • Maximum number of characters: 64
  • Unexpected characters: ?@\+
  • noteNote:
    The Deployment Readiness Tool checks for questionable characters.

sn (surname)

  • Maximum number of characters: 64
  • Unexpected characters: ?@\+
  • noteNote:
    The Deployment Readiness Tool checks for questionable characters.

displayName

  • Maximum number of characters: 256
  • Unexpected characters: \?@\+
  • noteNote:
    The Deployment Readiness Tool checks for questionable characters.

mail

  • Maximum number of characters: 256
  • Invalid characters: [! #$ %&*+ / = ? ^ ` { }]
  • Duplicate values: The mail attribute cannot contain any duplicate values.
  • noteNote:
    If there are duplicate values in the mail field, the first user who has such a value is synchronized to the Office 365 environment. All the other users who have duplicate values don’t appear in the Microsoft Online Services Portal. As a result, you must modify the mail attribute value for those users with the matching value that did not synchronize to the portal.

mailNickname

  • Maximum number of characters: 64
  • Invalid characters: ""\\\[\]:><; a space

proxyAddresses

  • Multi-value attribute
  • Maximum number of characters: 256
  • Invalid characters: \)\(;><\]\[\\,

All Simple Mail Transport Protocol (SMTP) addresses should comply with email messaging standards. If duplicate or unwanted addresses exist, see the Help topic Removing duplicate and unwanted proxy addresses in Exchange.

targetAddress

For mail-enabled objects and alternate addresses, the targetAddress attribute is required. This is especially true in third-party messaging migration and coexistence scenarios. If this attribute is not present, the fallback is to the mail attribute.

  • Maximum number of characters: 256
  • Invalid characters: [! #$ %&*+ / = ? ^ ` { }]

userPrincipalName

The userPrincipalName (UPN) attribute must be in the Internet-style logon format where the user name is followed by the at sign (@) and a domain name; for example, user@contoso.com.

  • Maximum number of characters for the user name that is in front of the at sign (@): 64
  • Maximum number of characters for the domain name following the at sign (@): 256
  • Invalid characters: ! # $ % & \ * + - / = ? ^ _` { | } ~ < > ( )`

(_) character: remains the same.

  • The Windows Azure Active Directory Sync tool sends a list of duplicate UPNs in an error report email to the admin account that you have configured for Office 365.

Additional requirements for a valid userPrincipalName attribute:

  • the @ character is required in each userPrincipalName value.
  • The @ character cannot be the first character in each userPrincipalName value.
  • The user name cannot end with a period (.), an ampersand (&), a space, or an at sign (@).
  • The user name cannot have any spaces.
  • Routable domains must be used; for example, local or internal cannot be used.
  • Unicode is converted to underscore characters.
  • userPrincipalName cannot contain any duplicate values in the forest.

Groups

  • Mail-enabled character check: All mail-enabled groups must use the *@* pattern.

Contacts

  • Mail-enabled character check: All mail-enabled contacts must use the *@* pattern.
 
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.