HR to AD Profile Map
You can define HR attributes to AD Profile mapping on this step. Simply type static value or drag drop HR attributes and map to each AD attribute.
Data Mapping and Transformation¶
Data mapping and transformation is at the heart of the workflow design. Data transformation allows you to map, transform, and manipulate data elements from the incoming HR data to the outgoing active directory system that makes an API call or performs an operation.
As you see in the picture below, there are two sections highlighted by red and green color:
-
The area highlighted in red is the "Trigger data" available for you to drag and drop to your Conditionals. These are the HR attributes you defined in "HR Data Definition" step.
-
The area highlighted in red has the AD attribute fields to which data needs to be mapped. It also has the data "Mapping and Transformation" capabilities to manipulate trigger data as well as your own input data to generate the final value for the corresponding AD attributes.
-
Hire2Retire being targeted at business users or citizen integrators provides hundreds of "Excel Style Functions" for data mapping and transformations on the toolbar starting with "fx".
Note - Hire2Retire auto-generates mail, UPN, and SAMAccount using UPN prefix and UPN suffix. Mail nickname is an optional attribute of an employee profile in AD
Mandatory AD Attributes¶
Below is the list of the required attributes at the time of creating the entry in AD:
| # | Attribute Name | Description |
|---|---|---|
| 1 | Employee ID | This is the unique identifier for each employee in your active directory. The workflow will check if Employee ID exists and decide to create or update the profile in AD. Note: Please make sure the existing employees in AD have employeeID in case the workflow creates a duplicate record. |
| 2 | First Name | The naming attribute for attribute schema objects is the First Name (givenName). |
| 3 | Last Name | The naming attribute for attribute schema objects is the Last Name (sn). |
| 4 | Common Name | The naming attribute for attribute schema objects is the Common Name (cn). The common name must be unique in the schema container. |
| 5 | Choose UPN prefix formats | The UPN prefix attribute is a prefix of User Principal Name (UPN) or email. A UPN (for example: john.doe@domain.com, here "john.doe" is the UPN prefix) is the login name for the user . Also sAMAccountName is the same as the UPN prefix. The sAMAccountName attribute is a login name used to support clients and servers. |
| 6 | UPN suffix or domain name | The UPN suffix attribute is a suffix of User Principal Name (UPN) or email. ( For example: john.doe@domain.com here "domain.com" is the UPN suffix |
In a multi-domain controller setup, the employees will get their UPN suffix or domain name based on the conditions defined in HR data definition. and when none of condition matches then the employees will get the default base DN as their UPN suffix or domain name.
Other AD Attributes¶
| # | Attribute Name | Description |
|---|---|---|
| 1 | co | The name of the country as a text string, e.g., United States etc. |
| 2 | countryCode | The countryCode property value is the numeric country code. |
| 3 | department | It Contains the name for the department in which the user works. |
| 4 | departmentNumber | It Identifies a department within an organization. |
| 5 | displayName | The display name for an object. This is usually the combination of the users' first name, middle initial, and last name. |
| 6 | employeeType | This refers to the job category for an employee. |
| 7 | givenName | It contains the given name (first name) of the user. |
| 8 | mailNickName | mailNickName is an email alias. If you are using Exchange, then you would need to change the mail address policy which would update the mail attribute. |
| 9 | physicalDeliveryOfficeName | Contains the office location in the user's place of business. |
| 10 | proxyAddresses | The proxyAddresses attribute in Active Directory is a multi-value property that can contain various known address entries. For example, it can contain SMTP addresses, X500 addresses, SIP addresses, and so on. |
| 11 | sn | It contains the surname (Last name) of the user |
| 12 | telephoneNumber | The primary telephone number. |
| 13 | title | Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. |
| 14 | manager | Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name. |
| 15 | mobile | The primary mobile phone number. |
| 16 | targetAddress | When the targetAddress is set, all emails sent to the recipient will unconditionally be forwarded to the mail address set in the attribute without delivering a copy to the user mailbox or sending it to group members. |
| 17 | employeeNumber | The number assigned to an employee other than the ID |
| 18 | streetAddress | An address description with street name and house number/description |
| 19 | postOfficeBox | The post office box number for the user |
| 20 | State/province | The state or province description for the users address |
| 21 | postalCode | It contain the zip code or postal code or the users address |
| 22 | profilePath | The profile path is the location of the user's user profile. The "Home" path may be the same, but it could be set to another location (via the user account properties) |
| 23 | scriptPath | It specifies the path for the user's login script |
| 24 | company | The name of the company in which user works |
| 25 | Country/Region(c) | The name of the country/region in which the user resides |
| 26 | City | The name of the city in which the user resides |
| 27 | dateBirth | It represent the date of birth of the user |
| 28 | dateHire | It contains the date when the user is onboarded |
| 29 | dateRehire | The date of rehire of the user |
| 30 | dateTermination | The date when the user is terminated |
| 31 | gender | The gender of the user |
| 32 | initials | The first letter of a name or word, typically a person's given name or a word forming part of a phrase |
| 33 | description | User can describe the whole thing using this field |
| 34 | wWWHomePage | It will contain the url of the home page of the application |
| 35 | Other(url) | In this field user can enter the url if any |
| 36 | Country Name(c) | Name of the country in which user resides |
| 37 | city(I) | The name of the city in which the user resides |
| 38 | homePhone | The secondary phone number of the user |
| 39 | Fax(facsimileTelephoneNumber) | An exact copy of a document made by electronic scanning and transmitted as data by telecommunications links |
| 40 | Notes(info) | It contains any information or notes that user wants to enter |
| 41 | hiredate | It contains the date when the user is onboarded |
| 42 | userBirthdate | It contains the date of birth of the user |
| 43 | targetAddress | The targetAddress is forward emails from mail migrated on-premises users to their Office 365 mailbox |
Other than the attributes mentioned above, we have 15 "extensionAttributes". Each object in the AD has Extension attributes that are ready to be used for whatever purposes admins might come up with, such as storing additional information on user accounts during automated processing.
Clear Attribute(s)¶
You can clear the values of attribute(s) from the Active Directory by selecting them in the Clear Attributes multi-select. If you provide empty values for selected attributes in the mapped data, those attributes will be cleared. The values of unselected attribute(s) will be preserved as it is.
