Content:
Overview
Virtual attributes allow the extension of the attribute list for users, groups, and linked mailboxes in the Active Directory and Microsoft 365 to store specific user or group data. Virtual Attribute values are stored in the Cayosoft Administrator database and don't require extending Active Directory schema.
Administrators can use virtual attributes the same as native attributes:
- They can be managed by attribute policy to turn them into drop-down lists, checkboxes, set as required fields or read-only, etc.
- Dynamic groups can use virtual attributes to auto-populate specific groups based on the virtual attribute values.
- Virtual attribute values can be populated in bulk using automation rules.
- Reports can be created based on virtual attribute data.
Creating Virtual Attributes
-
In the Cayosoft Administrator console navigate to Home > Configuration > Virtual Attributes.
-
Click Add.
-
Specify Attribute Name.
Note: Cayosoft support recommends using the "csva" or another name prefix for Virtual Attributes to separate them from other attributes in various attribute lists. -
Select Attribute Type.
-
For type string check Multi-Valued if needed.
Note: Attribute type defines how the Virtual Attribute value would be presented on the web form: checkbox control for Boolean type, edit box for Integer and String, or multi-value control if an attribute is a type string and multi-valued. -
Select Target System: Active Directory or Microsoft 365.
-
Click OK.
-
Click Save Changes.
-
Schedule Virtual Attributes | Clear Values for Deleted AD Objects rule. See the Clearing Virtual Attributes for Deleted Objects section in this document for details.
Adding Virtual Attributes to Web Actions
Depending on the object type for which you want to use virtual attributes, you should configure the corresponding web actions. The table below lists all object types that support virtual attributes and the web actions they can be linked to.
Object type | Web actions |
---|---|
Active Directory User |
New User Properties |
Active Directory Group |
New Group New Distribution Group Properties |
Microsoft 365 User |
New User Properties |
Microsoft 365 Group |
New Microsoft 365 Group New Security Group New Distribution Group Properties |
Team |
New Team Properties |
For example, to view and modify values for the user's Virtual Attributes in the Cayosoft Web Portal, you should configure the New User and User Properties web actions:
-
To add Virtual Attributes to New User wizard, in Cayosoft Administrator Console navigate to New User Web Action.
-
To add Virtual Attributes to the User Properties form, navigate to Properties Web Action.
-
Open the Virtual attributes section.
-
For Virtual Attribute 1 - 25 select created Virtual Attributes from the list.
-
Click Save Changes.
Using Virtual Attributes
Object Web Actions
When virtual attributes are added to the New Object wizard and Object Properties web actions, you can set them on the New Object wizard during object creation and modify them on the Virtual tab on the Object Properties form.
Attribute Policies
You can use Attribute Policies to control values in Virtual Attributes:
- Set default values for Virtual Attributes
- Define the list of possible values
- Make Virtual Attributes read-only
- Generate values for Virtual Attributes
- Use Virtual Attributes to generate other attribute values
For more information about examples of Attribute Policies, please see the Attribute Policies article.
Dynamic Groups
You can use Virtual Attributes to control which user accounts get access to various services through membership in Dynamic Groups.
Use these commands in these membership rules for Active Directory groups:
- AD Users
- AD Users - Employees under the manager
- AD Objects
-
On Add/Edit Command form open the More Parameters section.
-
In Filter AD query results add a condition based on the virtual attribute.
-
Click OK.
You can also use virtual attributes in membership rules for Microsoft 365 groups.
Populating Virtual Attribute values in bulk with automation rules and reports
You can use Virtual Attributes in these automation rules:
Use the AD Users | Set Attribute Value rule to update an attribute for a set of Active Directory users or to set virtual attribute values during new users' creation. For details, please see the KB20181029-1 article.
Use Text file | Update AD Users rule to perform bulk user account updates from HR/ERP/SIS system into Active Directory.
Reporting on Virtual Attribute values
You can use Virtual Attributes in these reports:
- AD Users
- Microsoft 365 Users
- Microsoft Teams
- Microsoft 365 Groups (Distribution)
- Microsoft 365 Groups (No filtering)
- Microsoft 365 Mailboxes
To see Virtual Attributes values in this report, add Virtual Attributes to Properties to display setting.
Post-action rules
You can use Virtual Attributes to define the execution condition for the post-action rules, linked to New Object or Object Properties web actions. For more information, please read How to configure one rule to run after another rule or a web action article.
For example, run Rule 1 after New User Web Action if a Virtual Attribute equals True.
To add execution condition to the post-action rule:
-
In Cayosoft Administrator Console navigate to New User Web Action
-
Switch to Design mode
-
Click Action tab
-
Open Rules to run after this rule section
-
Add Rule 1
-
Select Rule 1 and click Edit
-
On Add/Edit Command form open the Behavior section
-
In Execute if (condition) specify this code:
$VirtualAttr1 -eq "True"
In this example, $VirtualAttr1 variable matches the Virtual Attribute 1 setting in New User Web Action that has assigned Virtual Attribute.
-
Click Ok
-
Click Save Changes
Clearing Virtual Attributes for Deleted Objects
Virtual Attribute values are stored in Cayosoft Administrator Database. When an object is deleted, its Virtual Attribute values should also be deleted from the database at a certain time. At the same time, if an object is restored from the Recycle Bin, its Virtual Attribute values should become available immediately as if those were restored with the object.
When the Virtual Attributes | Clear Values for Deleted Objects rule is scheduled, it monitors object deletions, marks virtual attribute values for cleanup, un-deletes values if an object was un-deleted, and performs the final database clean.
This rule must be scheduled to purge deleted data from the database and maintain its consistency.
Change History
Version | Notes |
---|---|
6.1.1 | Stored Virtual Attributes for Active Directory users are introduced in the product. |
6.2.0 | Stored Virtual Attributes for Microsoft 365 users and groups and Active Directory groups are introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.