When you use the account synchronization option, a method must be devised for setting the user principal name (UPN) in the managed forest
An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. for the user accounts that synchronize from your local forest to the managed forest. You may choose to just use the UPN from your local forest as the UPN in the managed forest, in which case, no changes to the configuration file are necessary. However, in some environments it may not be possible or desirable to use the UPN from the local forest as the UPN in the managed forest. In these instances, you can modify the gateway configuration file to map an alternate attribute from the local forest as the UPN in the managed forest.
The following example shows mapping the mail attribute as the UPN.
To map the email address from the local forest as the UPN in the managed forest:
- Open a text editor (e.g. Notepad) using the “Run as administrator” option on the gateway server.
-
In the text editor, browse to open the CAProxy.SyncService.exe.config file in the directory in which you installed the gateway. By default this is:
C:\Program Files\Keyfactor\Keyfactor Managed CA Gateway -
In the CAProxy.SyncService.exe.config file, find the entry with a property name of SourceAttribute that has a value of userPrincipalName. Replace userPrincipalName with mail as shown in the example below.
Before:
<register type="IAttributeMapping" mapTo="StringAttributeMapping" name="UPN"> <property name="Name" value="UPN"/> <property name="SourceAttribute" value="userPrincipalName"/> </register>After:
<register type="IAttributeMapping" mapTo="StringAttributeMapping" name="UPN"> <property name="Name" value="UPN"/> <property name="SourceAttribute" value="mail"/> </register> - Save the file.
- Restart the sync service.
Was this page helpful? Provide Feedback