With AD sync enabled Ranger uses the bridge to collect data from AD using the USN it is able to quickly find updates since its last check of AD. Note if you already have the server installed on-premise it can be used instead of the bridge.

The data collected depends on the settings for Active Directory Sync. New in UDM Ranger V2.0.0 you are able to set the "Sync Minimum Attributes" switch this reduces the AD attributes to the minimum required for Ranger to function. Some organisations prefer to collect the full information available in Ranger V1 and this is the default setting.

The AD attributes collected when Minimum Attributes enabled is:

Distinguished Name

display Name

MS RTC SIP - Line

MS RTC SIP - Primary User Address

MS RTC SIP - Private Line

name

user Account Control

With the full attributes collected the following attributes are collected:

First Name

Last Name

description

Office Location

telephone Number

mobile

E-mail

Job Title

company

manager

Logon Name

logon Count

last Logon Timestamp

City

State/Province

ZIP/Postal Code

Country

country Code

Country Abbreviation

Distinguished Name

Name

department

display Name

extension Attribute 1

IP Phone

legacy Exchange Dn

MS RTC SIP - Federation Enabled

MS RTC SIP - Internet Access Enabled

MS RTC SIP - Line

MS RTC SIP - Option Flags

MS RTC SIP - Primary Home Server

MS RTC SIP - Primary User Address

MS RTC SIP - Private Line

MS RTC SIP - User Enabled

MS RTC SIP - User Policies

MS RTC SIP - User Routing Group Id

name

object Sid

target Address

user Account Control

user Principal Name

when Changed

when Created

Browser not supported