Virtual Attributes allow extending the attribute list for users, groups, and linked mailboxes in Active Directory and Microsoft Office 365 to store specific user or group data. Virtual Attribute values are stored in Cayosoft Administrator Database and don't require extending Active Directory schema.
Cayosoft Administrator can use virtual attributes the same as native attributes:
- They can be managed by attribute policy to turn them into drop-down lists, check-boxes, set as required fields or read-only and etc.
- They can be used by dynamic groups to auto-populate specific groups based on the virtual attribute values.
- Virtual attribute values can be populated in bulk using automation rules.
- Reports can be created based on virtual attribute data.
Creating Virtual Attributes
In Cayosoft Administrator Console navigate to Home > Configuration > Virtual Attributes.
Specify Attribute Name.Note: Cayosoft recommends using the "csva" or another name prefix for Virtual Attributes to separate them from other attributes in various attribute lists.
Select Attribute Type.Note: Attribute type defines how the Virtual Attribute value would be presented on the web form: checkbox control for Boolean type, edit box - for Integer and String.
Select Target System: Active Directory or Office 365.
Click Save Changes.
Schedule Virtual Attributes | Clear Values for Deleted AD Objects rule. See the Clearing Virtual Attributes for Deleted Objects section in this document for details.
Adding Virtual Attributes to Web Actions
Depending on the object type for which you want to use virtual attributes, you should configure the corresponding web actions. The table below lists all object types that support virtual attributes and the web actions they can be linked to.
|Object type||Web actions|
|Active Directory User||
|Active Directory Group||
New Distribution Group
|Office 365 User||
|Office 365 Group||
New Office 365 Group
New Security Group
New Distribution Group
For example, to view and modify values for the user's Virtual Attributes in Cayosoft Web Portal, you should configure the New User and User Properties web actions:
To add Virtual Attributes to New User wizard, in Cayosoft Administrator Console navigate to New User Web Action.
To add Virtual Attributes to the User Properties form, navigate to Properties Web Action.
Open the Virtual attributes section.
For Virtual Attribute 1 - 25 select created Virtual Attributes from the list.
Click Save Changes.
Using Virtual Attributes
Object Web Actions
When Virtual Attributes are added to the New Object wizard and Object Properties web actions, you can set them on the New Object wizard during object creation and modify them on the Virtual tab on the Object Properties form.
You can use Attribute Policies to control values in Virtual Attributes:
- Set default values for Virtual Attributes
- Define the list of possible values
- Make Virtual Attributes read-only
- Generate values for Virtual Attributes
- Use Virtual Attributes to generate other attributes values
For more information about examples of Attribute Policies, please see the Attribute Policies article.
You can use Virtual Attributes to control which user accounts get access to various services through membership in Dynamic Groups.
Use these commands in these membership rules for Active Directory groups:
- AD Users
- AD Users - Employees under the manager
- AD Objects
On Add/Edit Command form open the More Parameters section
In Filter AD query results add a condition based on Virtual Attribute
You can also use virtual attributes in membership rules for Office 365 groups.
Populating Virtual Attribute values in bulk with automation rules and reports
You can use Virtual Attributes in these automation rules:
Use AD Users | Set Attribute Value rule if you need to update an attribute for a set of Active Directory users or to set Virtual Attribute values during new users' creation. For details, please see the KB20181029-1 article.
Use Text file | Update AD Users rule when you need to perform bulk user account updates from HR/ERP/SIS system into Active Directory.
Reporting on Virtual Attribute values
You can use Virtual Attributes in these reports:
- AD Users
- Office 365 Users
- Microsoft Teams
- Office 365 Groups (Distribution)
- Office 365 Groups (No filtering)
- Office 365 Mailboxes
In order to see Virtual Attributes values in this report, you should add Virtual Attributes to Properties to display setting.
You can use Virtual Attributes to define the execution condition for the post-action rules, linked to New Object or Object Properties web actions. For more information, please read How to configure one rule to run after another rule or a web action article.
For example, run Rule 1 after New User Web Action if a Virtual Attribute equals True.
To add execution condition to the post-action rule:
In Cayosoft Administrator Console navigate to New User Web Action
Switch to Design mode
Click Action tab
Open Rules to run after this rule section
Add Rule 1
Select Rule 1 and click Edit
On Add/Edit Command form open the Behavior section
In Execute if (condition) specify this code:
$VirtualAttr1 -eq "True"
In this example, $VirtualAttr1 variable matches the Virtual Attribute 1 setting in New User Web Action that has assigned Virtual Attribute.
Click Save Changes
Clearing Virtual Attributes for Deleted Objects
Virtual Attribute values are stored in Cayosoft Administrator Database. When an object is deleted, its Virtual Attribute values should also be deleted from the database at a certain point in time. At the same time, if an object is restored from the Recycle Bin, its Virtual Attribute values should become available immediately as if those were restored with the object.
The Virtual Attributes | Clear Values for Deleted Objects rule, when scheduled, monitors object deletions, marks Virtual Attribute values for cleanup, un-deletes values if an object was un-deleted, and performs the final database clean.
This rule must be scheduled to purge deleted data from the database and maintain its consistency.
|6.1.1||Stored Virtual Attributes for Active Directory users are introduced in the product.|
|6.2.0||Stored Virtual Attributes for Office 365 users and groups and Active Directory groups are introduced in the product.|
Please sign in to leave a comment.