Handling account attributes

When a new account is created using Bravura Security Fabric , most of the attributes in the User Class schema object are copied from the template account. However, in some cases it is necessary for other actions be performed.

Attributes may not be copied for one or more of the following reasons:

Since Bravura Security Fabric queries the Active Directory schema for the User Class attributes, if you add any attributes to the User Class, Bravura Security Fabric also copies those attributes.

You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Active Directory DN from the Manage the system > Resources > Account attributes > Target system type menu.

This section describes the attributes that Bravura Security Fabric uses to compose values, set flags, or control behavior in Active Directory. For information about the native Active Directory attributes managed by Bravura Security Fabric , consult your Active Directory documentation.

cantChangePassword

Bravura Security Fabric can copy from the template or set the value of the U ser Cannot Change Password checkbox in Active Directory, using the attribute cantChangePassword . Setting this attribute takes several seconds and is not recommended for general use. groups By default, new accounts are created with the same group membership as the template account. The attribute groups determines group membership.

When setting this attribute, the account’s primary group must be the first element in the list.

Extension attributes

Extension attributes 1 to 15 are supported (extensionAttribute1 - extensionAttribute15), and can be used to store extra information. The AD server must be Exchange enabled for the attributes to be available.

_operationDC

The domain controller the account is created on will be outputted to this pseudo attribute during account creation and update operations. This attribute can be used to: