Using any Active Directory attribute in a profile

In addition to the provisioning properties you can set for a zone using Access Manager, you can manually configure the Zone Provisioning Agent to use any attribute in Active Directory to define a value for any field in automatically-provisioned UNIX user or group profiles. For example, if your organization uses a custom attribute, such as org_global_id, for all users, you can manually configure the Zone Provisioning Agent to use that attribute for the numeric user identifier (UID) in automatically-generated user profiles.

To manually specify an Active Directory attribute to use in a UNIX profile:

  1. Open Microsoft ADSI Edit.
  2. Select a target zone, right-click, then click Properties.
  3. Select the description attribute, then click Edit.
  4. Type a profile provisioning attribute and specify the Active Directory attribute to use for the profile.

    The valid provisioning attributes are:


    The format for the entry is:


    Replace attribute_name with the Active Directory attribute you want to use. For example:

  5. Click Add, then click OK.
  6. Run the Zone Provisioning Agent update command in preview mode to verify your settings. For example:

    zoneupdate /p zoneName
  7. Check the results of the zoneupdate preview, then run the command without the preview option to execute the business rules for provisioning. For example:

    zoneupdate zoneName

If the Active Directory attribute type is different from the target profile value, the Zone Provisioning Agent attempts to convert the data type. If the data conversion fails, the Zone Provisioning Agent reports an error and stops the provisioning process.