How user accounts are looked up in the cloud

When Map Cloud Users by UPN is set to No, Cayosoft Administrator uses specific attribute pairs to locate user accounts in the cloud. The following mapping logic is applied:

1. Primary Matching by External Directory Object ID:

   • Active Directory: msDS-ExternalDirectoryObjectID

   • Cloud: ObjectId

     The system first attempts to match the msDS-ExternalDirectoryObjectID in Active Directory with the ObjectId of the corresponding user account in the cloud.

2. Fallback Matching by Consistency GUID:

   • Active Directory: msDS-ConsistencyGUID

   • Cloud: ImmutableID

     If the msDS-ExternalDirectoryObjectID attribute is not present or not set, the msDS-ConsistencyGUID attribute in Active Directory is compared with the ImmutableID in the cloud.

3. Final Fallback Matching by UPN:

   • If the msDS-ConsistencyGUID is also empty, the user account is looked up in the cloud using its UserPrincipalName (UPN).

4. Error Reporting:

   • If no matching user account is found using any of the above methods, an error will be reported:

     Cloud user was not found for this Active Directory user by its external directory ID or anchor.

Performance impact of using attribute matching

When Map Cloud Users by UPN is set to No, Cayosoft Administrator makes additional calls to the cloud to locate the corresponding Office 365 user. As a result:

• Hybrid web actions and rules may execute slower than when using the default mapping settings.

• It is recommended to evaluate the necessity of this configuration based on your environment’s requirements.

List of rules and web actions that support users with mismatched UserPrincipalName.

Automation Rules and reports

Rules and runbooks

• Analytics collection | Microsoft Office 365

• Analytics collection | Quota Information

• AD Groups | Enforce License

• AD Groups | Validate License

• AD Groups | Enforce App Role Assignments

• AD Users | Set Automatic Replies (Out of Office Message, OOF)

• AD Users | Create Office 365 Accounts (Cloud)

• AD Users | Update Office 365 Accounts

• AD Users | Enforce License

• AD Users | Validate License

• AD Users | Assign Teams Policy

• AD Users | Set Office 365 Mailbox Settings

• AD Users | Process Scheduled Suspends

• AD Users | Suspend Expired AD Users

• AD Users | Suspend Users

• AD Users | Process Scheduled Undo Suspends

• AD Users Inactive | Suspend Accounts

• AD Users Expired Office 365 Linked User Status

• AD Users with Office 365 Licenses

• New User | Create Office 365 User

• New User | Office 365 User Enforce License

• New User | Office 365 Mailbox post creation tasks

• New User | Office 365 OneDrive post creation tasks

• Import SQL Data | Suspend AD Users

• Import Oracle Data | Suspend AD Users

• Office 365 Users | Change selected license option by AD Group

• Office 365 Users Billing Count by AD Group (Roll-up)

• Office 365 Users Billing Count by AD Group Membership

• Office 365 Users Inactive by AD Group Membership

• Text file | Suspend AD Users

• Suspend | Office 365 User

• Undo Suspend | Office 365 User

Web Actions

• Convert to Shared Mailbox

• Calendar Permissions

• Delete

• Mailbox

• MFA Settings

• New Equipment Mailbox

• New Room Mailbox

• New Shared Mailbox

• Office 365 License

• Priority Booking

• Properties

• Suspend User

• Teams Policies

• Undo Suspend