Advanced searching
As data sets get larger, it is increasingly important to have a powerful search. You can use advanced search to build complex queries using the full set of available criteria (see Using the query builder and Using both the query builder and manual editing.) You can also create a new label using the advanced search criteria.
To access advanced search:
- Log into the Admin Portal.
- Go to Device & Users > Devices.
- Click the Advanced Search button located at the top right, above the table to display the query builder.
- Enter search criteria using the query builder, or type the search expression directly. See Device field definitions.
- Click Search. Verify your results.
- (Optional) Click Save to Label button. This will save your new search query as a new label and in Devices & Users > Labels, you can utilize this new label as a filtered label.
- If Notes for Audit Logs is enabled, a text dialog box opens. Enter the reason for the change and then click Confirm. For more information, see Best practices: label management.
For information about searching in apps, see Running an advanced search of Installed Apps in the Ivanti EPMM Apps@Work Guide.
Searchable fields
To see the complete list of searchable fields in the query builder:
- Click Field to see the categories
- Click Expand All.
The fields are organized alphabetically into the following categories for convenience:
- Device fields: apply to device type based on their operating system.
- OS-specific fields: apply to devices of the selected platform.
- User fields: apply to the device’s user, including LDAP fields for groups and custom attributes.
Device field definitions
This section covers the device field definitions found in the Devices & Users > Devices page. They also display in the Advanced Search field on the same page.
Device Type |
Field |
Description |
Android Fields |
5G Network Slicing |
True / false if devices' app traffic is routed through the network 5G slice. |
|
Admin Activated |
True / false if device activated by admin. |
|
Android Automated Enrollment (This field is valid for Ivanti EPMM 10.6.0.0 or supported newer versions.) |
Once automated Android registration is completed, the following values display:
|
|
Android Battery Charging Status |
Docs/Tooltip: Battery health status as reported by Android OS. |
|
Android Battery Health Status |
Docs/Tooltip: Battery health status as reported by Android OS. |
|
Bulk Enrollment Profile Name |
Can search for active or deleted profiles (and associated devices) using "Starts with" and "Equals." |
|
Android Client Version Code
|
Version code of the client. |
|
Android for Work Capable |
True if the device is Android Enterprise capable, otherwise false. |
|
Attestation |
Result of Samsung Attestation. |
|
Battery Charge Cycles (OEM) |
This field will only populate if the device is a Zebra device; otherwise blank. Docs: Number of charge cycles completed in total for supported device manufacturers such as Zebra devices. Field Name: Battery Charge Cycles |
|
Battery Health Percentage (OEM) |
This field will only populate if the device is a Zebra device; otherwise blank. Docs: Battery health in percentage for supported device manufacturers such as Zebra devices. |
|
Battery Manufacture Date (OEM) |
This field will only populate if the device is a Zebra device; otherwise blank. Docs: Battery manufactured date for supported device manufacturers such as Zebra devices. |
|
Brand |
Brand of the device. |
|
C2DM Token |
C2DM token of the device if present, otherwise blank. |
|
Code Name |
Code name of the Ivanti Mobile@Work client |
|
Data Protection Enabled |
Finds devices where the passwords are non-compliant. |
|
Developer Mode |
True if the Android device has Developer mode enabled, otherwise false. This is reported on all Android device configurations and also on Knox. |
|
Device |
Brand name of device, for example, Mako. |
|
Device Encryption Status |
Device encryption status. |
|
Device Roaming Flag |
True if the device is roaming, otherwise false. |
|
Elapsed Time Since Reboot (minutes) |
Indicates, in minutes, the amount of time since the device was last rebooted. |
|
File encryption |
True if the Android device has enabled file encryption, otherwise false. This is reported on all Android device configurations and also on Knox. |
|
GCM/FCM Token Present |
GCM token of the device if present, otherwise blank. |
|
Google Device Account Present |
True if the device has a Google Device Account (eg: Android Enterprise), false otherwise. |
|
ICCID |
Integrated Circuit Card Identifier number. |
|
Inventory MAC address |
The Android 7+ true physical MAC address for inventory purposes. |
|
Kiosk Enabled |
True if the device is kiosk enabled, otherwise false. |
|
Manufacturer OS Version |
Manufacturer OS version. |
|
MDM Enabled |
True if MDM is enabled, otherwise false. |
|
Media Card Capacity |
Amount of memory capacity of the media / SD card. |
|
Media Card Free |
Amount of free memory on the media / SD card. |
|
Multi MDM |
Indicates true/false. |
|
Non GMS Device |
True if Non GMS device is enabled, otherwise false. |
|
OS API Level |
The Android OS API level. See https://developer.android.com/studio/releases/platforms for more details. This number is used so administrators can use a numerical comparison of OS versions. |
|
OS Build Number |
OS build number. |
|
OS Update Path |
OS Update Path. |
|
OS Update Status |
OS Update Status. |
|
OS Version |
Lists the OS version of the device. |
|
Password/PIN Days Before Expiring
|
Represents the number of days before the password / PIN will expire. This numerical value is controlled by the Security policy's Maximum Password Age field value. This field is a dynamic field, its value decreases every day by 1 until the password / PIN is renewed. At renewal, the value returns to the original number stated in the Maximum Password Age field and starts a new daily count-down. See Working with default policies. |
|
Platform Flags |
Internal string representing the capabilities of the Ivanti Mobile@Work application. |
|
Registration Status |
Registration status of the device. Registration Status can be used as part of a dynamic label evaluation and criteria for tier compliance. In the Select Type drop-down, select one of these options:
|
|
SafetyNet Enabled |
True if SafetyNet is enabled, false otherwise. |
|
SafetyNet Exception |
SafetyNet exception during error. |
|
SafetyNet Status |
SafetyNet status if enabled and no error. |
|
SafetyNet Timestamp |
Timestamp of when last SafetyNet check was run. |
|
Samsung Carrier Code |
Samsung Carrier code. |
|
Samsung DualDAR Enabled |
Indicates if the Samsung DualDAR on client is enabled. If not client enabled or device is in Device Owner mode, lists as "Unsupported." |
|
Samsung DualDAR Version |
Represents the Samsung Knox v3 license key for DualDAR. Lists the Samsung DualDAR version if client is enabled. If not client enabled or device is in Device Owner mode, lists as "Unsupported." |
|
Samsung E-FOTA Capable |
True if the device supports Samsung E-FOTA, false otherwise. Samsung Firmware E-FOTA has been decommissioned. As of August 2022, Samsung discontinued the Samsung E-FOTA service. For more information, see Activating the Samsung firmware E-FOTA license . |
|
Samsung KNOX Version |
Knox version, if present. |
|
Samsung Model Number |
Samsung Model Number. |
|
Samsung SAFE Version |
Samsung Safe Version. |
|
Screenlock PIN Change Prompt – Showing |
Indicates if device user was prompted to change the device's screen lock password / PIN and the device user skipped the prompt. Values are:
The value listed stays until the device user successfully changes the password /PIN on the device. See Working with default policies. |
|
Secure Apps Enabled |
True if Secured Apps / AppConnect is enabled, otherwise false. |
|
Secure Apps Encryption Enabled |
True if Secured Apps Encryption is enabled, otherwise false. |
|
Secure Apps Encryption Mode |
Type of Secured Apps / AppConnect Encryption. |
|
Security Detail |
Reason for security failure if it occurs. |
|
Security Patch Level |
Security Patch Level string or timestamp. |
|
Security Patch Level Date |
Date of the Security Patch Level of the OS. |
|
Security Reason |
Reason device is considered jailbroken. |
|
USB Debugging |
True if USB debugging is enabled, otherwise false. |
|
Wear OS Client installed |
True only if one or more paired-watches Ivanti Mobile@Workinstalled on the Wear OS device. |
|
Wear OS Device is Paired |
True if one or more Wear OS device is paired to device via Bluetooth. |
|
Wi-Fi Security Level |
Lists the security level of the Wi-Fi the device is currently connected to:
The security level is also listed under "Required Wi-Fi Security Level" in the Device Details page > Device tab. For more information, see Lockdown policies in Getting Started with Ivanti EPMM. |
|
Zebra Build Fingerprint |
Fingerprint of the firmware build currently present on the Zebra device. |
|
Zebra Device Build Id |
Current Build ID of the Zebra device. |
|
Zebra Device System Update |
|
|
Zebra OTA Capable |
True if the device supports Zebra OTA (Over The Air), otherwise false. |
|
Zebra Patch Version |
The version of firmware for the Zebra device to be upgraded to. This is the target firmware version of the firmware applied to the Zebra device through firmware policy. |
Common Fields |
Anti-phishing native status |
Content Blocker anti-phishing status for iOS device, and URL Handler anti-phishing for Android devices when MTD Anti-phishing is configured. |
|
Anti-phishing VPN status |
Status of VPN which analyzes malicious URLs when MTD Anti-phishing is configured. |
|
APNS Capable |
Only true if there is an APNS token for the Ivanti Mobile@Work client, otherwise false. |
|
AppConnect Terms of Service |
True/false for if the AppConnect Terms of Service was accepted. |
|
AppConnect Terms of Service Date |
Represents the date/time the AppConnect Terms of Service was accepted. |
|
Authenticator Only |
True/false if the device is registered in Authenticator Only mode. |
|
Azure Client Status Code |
Indicates whether device is connected to Azure. The possible values are:
|
|
Azure Device Compliance Last Reported Status |
Lists the device's compliance status in Azure. Possible values are:
|
|
Azure Device Compliance Last Reported Time |
The time Ivanti EPMM reported the device compliance status to Microsoft Intune. A blank field indicates one of the following:
|
|
Azure Device Compliance Status |
Indicates Azure account has been deactivated or the device is not in compliance. Possible values are: Compliant / Not Compliant. |
|
Azure Device Identifier |
The device ID reported by Microsoft to the iOS or Android device. For example: 007c8232-9489-4074-9b35-345b16f0a72d. This is Microsoft’s ID for that device. Ivanti EPMM receives this device ID as device users are required to register to Microsoft Authenticator application in order to use this feature. If unable to retrieve the Device ID, this field is left blank. |
|
Background Status |
True if iOS background status is enabled, otherwise false. |
|
Battery Level |
Percentage of battery left. |
|
Block Reason |
A list of reasons why the device is blocked. |
|
Blocked |
True if the device is blocked, otherwise false. |
|
Cellular Technology |
GSM, CDMA, or blank if the device does not support cellular. |
|
Client Build Date |
The build date of the client, if registered withIvanti Mobile@Work client. |
|
Client Id |
The unique client ID if the device was registered with Ivanti Mobile@Work client. |
|
Client Last Check-in |
Date/Time of last check-in. |
|
Client Migration Status |
Status of Ivanti Mobile@Work client migration from Ivanti EPMM to Cloud (true/false). |
|
Client Name |
The name of the client, if registered with Ivanti Mobile@Work client. |
|
Client Version |
The version of the client, if registered with Ivanti Mobile@Work client; otherwise, false. |
|
Cloud Migration Status |
Status of device migration from Ivanti EPMM to Ivanti Neurons for MDM (true/false). |
|
Comment |
A field that the administrator uses to add their own comments for the device. |
|
Compliant |
True if the device is in compliance, otherwise false. |
|
Creation Date |
The creation date of this device record. |
|
Current Country Code |
Current country code of the device. |
|
Current Country Name |
Current country name of the device. |
|
Current Operator Name |
Short name of the cellular carrier, if there is a cellular service. |
|
Current Phone Number |
Current phone number of device, if the device has cellular service. |
|
Device Admin Enabled |
True if device administrator (Android) is enabled, otherwise false. |
|
Device Encrypted |
True if the device is encrypted, otherwise false. |
|
Device is Compromised |
True if the device is compromised, for example, jailbroken. |
|
Device Locale |
Locale of the device. |
|
Device Owner |
Company or Personal. |
|
Device Space |
Name of the space the device belongs to. |
|
Device UUID |
Unique ID of the device generated from Ivanti EPMM. |
|
Display Size |
Size of device's display. |
|
EAS Last Sync Time |
Exchange ActiveSync last sync time. |
|
Enrollment specific ID |
unique ID that identifies the work profile enrollment in a particular organization, and will remain stable across factory resets |
|
Ethernet MAC |
Ethernet MAC ID. |
|
Home Country Code |
Home (Initial) country code of the device. |
|
Home Country Name |
Home country name of the device. |
|
Home Operator Name |
Home Operator Name. |
|
Home Phone Number |
Home Phone Number. |
|
IMEI |
IMEI (International Mobile Equipment Identity) number. IMEI information about the device information on active and inactive SIM slots is displayed in Ivanti EPMM. In addition, CSV-exported data includes the information for inactive slots. |
|
IMSI |
ISI (International Mobile Subscriber Identity) number. |
|
IP Address |
Current IP address of the device. If you configured the GDPR, and you want to hide new fields that are added in new Ivanti EPMM releases (such as IP Address and eSIM ID), edit the GDPR profile. |
|
Language |
Language of the device. |
|
Last Check-in |
Last check-in time of the device. |
|
Manufacturer |
Manufacturer of the device. |
|
MDM Last Check-in |
Last MDM check-in time of the device. |
|
MDM Managed |
True if the device is MDM managed, otherwise false. |
|
Memory Capacity |
Memory capacity of the device. |
|
Memory Free |
Amount of free memory in the device. |
|
Ivanti Threat Defense Status |
Mobile Threat Defense Status. |
|
Ivanti Tunnel App Installed |
True / false if the Tunnel app was installed. |
|
Model |
Model of the device. |
|
Model Name |
Model name of the device. |
|
Modified Date |
Date/Time for last updates to device details. |
|
MTD Activation Status |
MTD Activation Status. |
|
MTD Anti-Phishing Status |
MTD Anti-Phishing Status. |
|
Non-compliance Reason |
Reason why the device is not in compliance. |
|
OS Version |
OS version number string. |
|
Passcode |
Contains registration PIN for a preregistered device, empty if none exists. |
|
Passcode Expiration Time |
The expiration time for the registration pin for a prereigstered device, empty if none exists. |
|
Platform |
Operating system of the device. |
|
Platform Name |
Operating system and OS version of the device. |
|
Processor Architecture |
Architecture of the processor for the device. |
|
Quarantined |
True if the device is quarantined, false otherwise. |
|
Quarantined Reason |
Reason for quarantined, empty if the device is not quarantined. |
|
Registration Date |
Registration date of the device. |
|
Registration IMSI |
Registration of ISMI (international mobile subscriber identity) number. |
|
Registration UUID |
Unique ID when registering from the client. |
|
Retired |
True if the device is retired, otherwise false. |
|
Roaming |
True if the device is roaming, otherwise false. |
|
SD Card Encrypted |
True/faise if SD card is encrypted. |
|
Security State |
Security state of the device. |
|
Serial Number |
Serial number of the device. |
|
Status |
Status of the device. |
|
Storage Capacity |
Total storage capacity, in bytes, of the device. |
|
Storage Free |
Number of bytes of free storage on the device. |
|
Terms of Service Accepted |
True if the End user Terms of Service was accepted, otherwise false. |
|
Terms of Service Accepted Date |
Date for when the End User Terms of Service was accepted, otherwise blank. |
|
Wi-Fi MAC |
The randomized Wi-FI MAC address of the device. |
macOS Field |
Has Battery |
Displays the battery information of the device. |
iOS and macOS Fields |
Activation Lock Bypass Code |
Code to bypass activation lock. |
|
Activation Lock is Enabled |
True if Activation Lock is enabled on the device, otherwise false. Applicable to iOS. |
|
APNS Token |
Ivanti Mobile@Work client APNS wakeup token. Applicable to iOS. |
|
Apple Device Mac Address |
iPhone (media access control address) MAC address. Applicable to iOS and OS X. |
|
Apple Device Version |
iPhone version code. Applicable to iOS and OS X. |
|
Apple OS Update Product Key |
Available OS update product key. Applicable to iOS and macOS. |
|
Apple OS Update Product Version |
Available OS update product version. Applicable to iOS and macOS. |
|
Apple OS Update Status |
OS update status. Applicable to iOS and macOS. |
|
Apple User Enrolled Device |
True/false the device is enrolled in User Enrollment. |
|
Bluetooth MAC |
Bluetooth MAC address. Applicable to and OS X. |
|
Build Version |
MDM build version. Applicable to iOS and OS X. |
|
Carrier Settings Version |
Carrier settings version. Applicable to iOS. |
|
Current Mobile Country Code |
Current mobile country code. Applicable to iOS. |
|
Current Mobile Network Code |
Current mobile network code. Applicable to iOS. |
|
Data Protection |
Applicable to iOS. |
|
Data Roaming Enabled |
True if device is data roaming enabled, otherwise false. Applicable to iOS. |
|
DEP Device |
True if the device is Apple Device Enrolled, otherwise false. Applicable to iOS, macOS, and tvOS. |
|
DEP Enrolled |
True if the device is Apple Device Enrolled, otherwise false. Applicable to iOS. |
|
Device Locator Service is Enabled |
True if device locator service is enabled, otherwise false. Applicable to iOS. |
|
Device Name |
Name of the device. Applicable to iOS and OS X. |
|
Do Not Disturb is in Effect |
True if Do Not Disturb is enabled, otherwise false. Applicable to iOS. |
|
Force Encrypted Backup |
True if backups are forced to be encrypted, otherwise false. Applicable to iOS. |
|
Full Disk Encryption Enabled |
True if full disk encryption is enabled, otherwise false. Applicable to macOS 10.9+. |
|
Full Disk Encryption Has Institutional Recovery Key |
True if full disk encryption has institutional recovery key, otherwise false. Applicable to macOS 10.9+. |
|
Full Disk Encryption Has Personal Recovery Key |
True if full disk encryption has personal recovery key, otherwise false. Applicable to macOS 10.9+. |
|
Hardware Encryption Caps |
Hardware encryption capabilities. Applicable to iOS. |
|
iCloud Backup is Enabled |
True if iCloud backup is enabled, otherwise false. Applicable to iOS. |
|
iOS Background Status |
True if iOS background status is enabled, otherwise false. Applicable to iOS. |
|
iOS ICCID |
Device's integrated circuit card identifier number. Applicable to iOS. |
|
IT Policy Result |
Applicable to iOS. |
|
iTunes Store Account Hash |
iTunes Store Account Hash. |
|
iTunes Store Account is Active |
Ttrue if iTunes Store Account is active, otherwise false. Applicable to iOS. |
|
Languages |
Language of the device. Applicable to tvOS. |
|
Last Acknowledged Lock PIN |
PIN to unlock a locked macOS device. Applicable to macOS. |
|
Last Acknowledged Wipe PIN |
PIN to proceed after wiping a macOS device. Applicable to macOS. |
|
Last iCloud Backup Date |
Last iCloud backup date. Applicable to iOS. |
|
Last MTD Sync Time |
Last MTD check-in time. Applicable to iOS. |
|
Locales |
Locale of the device. Applicable to tvOS. |
|
macOS User ID |
macOS user ID. Applicable to OS X. |
|
macOS User Long Name |
macOS user's long name. Applicable to OS X. |
|
macOS User Short Name |
macOS user's short name.Applicable to OS X. |
|
Managed Apple ID |
The Apple ID allocated by the company to the device user. For Shared iPad devices, this field is populated once the iPad user logs in. |
|
MDM Lost Mode Enabled |
True if MDM Lost Mode is enabled, otherwise false. Applicable to iOS. |
|
MDM Service Enrolled |
True if the device is was enrolled via MDM Service (non-over air Apple Device Enrollment), otherwise false. Applicable to iOS. |
|
MEID |
Mobile Equipment Identity Number. |
|
Modem Firmware Version |
Modem firmware version. Applicable to iOS. |
|
Network Tethered |
True if the device was reported as currently network tethered, otherwise false. Applicable to macOS. |
|
Organization Info |
Organization for the device. Applicable to iOS. |
|
OS Build Version pending for update |
The build version of the OS that is pending for update on the device. |
|
OS Version pending for update |
The OS version that is pending for update on the device. |
|
Passcode Compliant |
True if passcode is in compliance, otherwise false. Applicable to iOS. |
|
Passcode Compliant with Profiles |
True if passcode is compliant with rules specified from profiles. Applicable to iOS. |
|
Passcode Present |
True if Passcode is present on device, otherwise false. Applicable to iOS. |
|
Personal Hotspot Enabled |
True if Personal Hotspot is enabled, otherwise false. Applicable to iOS. |
|
Product Code |
iPhone Product code. Applicable to iOS and OS X. |
|
Product Name |
Product name. Applicable to iOS and OS X. |
|
Rapid Security Response |
Rapid Security Response fields:
To activate these fields, select the Security Responses & System Files option for Software Update in Settings > General. The fields are displayed in the Device Details tab. Administrators can use the iOS or macOS policies software updates to update devices to the latest Rapid Security Response updates. Use the Update to the latest version option. The Update to a specific version option is not supported in iOS for Rapid security response update formats from either the iOS Software update policy or the Device actions menu. |
|
Security Reason Code |
Security reason code. Applicable to iOS. |
|
Shared iPad: Active Resident Users |
Lists the number of users who have logged into the device and have user sessions stored on the device. The number displayed will never be larger than the Shared iPad: Allocated Resident Users number, even if a Guest/Temporary user logged into that device. |
|
Shared iPad: Allocated Resident Users |
Lists the number of user sessions that can be stored on the device. If more users log in, older users will be removed to make room for the new user. This is configured in the Device enrollment profile and will either be the number set as the Maximum Resident Users or will be calculated if the Quota size is set. |
|
Shared iPad: Guest/Temporary Session Only |
If the device was configured to only allow Guest/Temporary sessions and is true, only guest access is allowed. This is configured in the Device Enrollment Profile. If left blank, the timeout will use the iPad's system defaults. If set to zero, there will be no timeout. Maximum limit is 1800 seconds. |
|
Shared iPad: Guest/Temporary Session Timeout |
Lists the timeout for guest/temporary sessions. This will log out the user after inactivity for the allotted time. Guest/temporary users will be completely logged out, not just have the screen locked. This is configured in the Device Enrollment Profile. If set to zero, there will be no timeout. |
|
Shared iPad: Is Multi User |
True/false if the device is a shared iPad. |
|
Shared iPad: Maximum Resident Users |
Lists the Maximum Resident Users allowed to be set on the device. If the Device Enrollment Profile sets the Maximum Resident Users to a number larger than this, the Allocated Resident Users will be set to this number. This number is controlled by the system based on the size of the device. |
|
Shared iPad: Quota Size (MB) |
Lists the amount of space allocated per user. This is configured in the Device Enrollment Profile and will either be the number set as the Quota size or will be calculated if Maximum Resident Users is set. |
|
Shared iPad: User Session Timeout |
Lists the timeout for logged-in user sessions. This will log out the user after inactivity for the allotted time. Users will be completely logged out, not just have the screen locked. This is configured in the Device Enrollment Profile. Maximum limit is 1800 seconds. |
|
SIM EID 1, 2, 3 |
The SIM ID of the carrier assigned to the SIM of a specific device. The EID will be included in the response of the simdetails API call. (For more information, see the Ivanti EPMM V2 API Guide.) In the Device Details page, clicking on the number in the field opens the SIM Information dialog box allowing the administrator to see SIM information, including the EID. Applicable to iOS 14.0 through the latest version of Ivanti EPMM. |
|
SIM Label 1, 2, 3 |
The label for the associated SIM card. Up to 3 SIM cards, physical and virtual, are stored. |
|
SIM MCC 1, 2, 3 |
SIM card mobile country code associated to the phone number. |
|
SIM MNC 1, 2, 3 |
SIM card mobile network code associated to the phone number |
|
SIM Phone Number 1, 2, 3 |
The phone number associated with the SIM card / eSIM. |
|
SIMs |
|
|
Subscriber Carrier Network |
SIM card subscriber carrier network. Applicable to iOS. |
|
Subscriber MCC |
SIM card mobile country code. Applicable to iOS. |
|
Subscriber MNC |
SIM card mobile network code Applicable to iOS. |
|
Supervised |
True if the device is MDM supervised, otherwise false. Applicable to iOS. |
|
Time Zone |
Lists the time zone applied to the device. |
|
Trusted Device |
True if device is trusted. |
|
UDID |
iPhone unique device identifier. Applicable to iOS and OS X. |
|
Voice Roaming Enabled |
True if voice roaming is enabled, otherwise false. Applicable to iOS. |
|
VPN IP Address |
VPN IP address. Applicable to iOS and tvOS. |
|
Wakeup Status |
Device Wakeup status. |
User Fields |
Display Name |
The display name of the device user. |
|
Email Address |
Device user's email address. |
|
First Name |
Device user's first name. |
|
Last Admin Portal Login Time |
Date of admin's last log in into Ivanti EPMM. |
|
Last Name |
Device user's last name. |
|
LDAP > Attribute Distinguished Name |
The Attribute Distinguished Name for an LDAP user. |
|
LDAP > Groups > LDAP Group Distinguished Name |
LDAP Users who are members of an LDAP group with a specific group distinguished name. |
|
LDAP > Groups > Name |
LDAP Users who are members of an LDAP group with a specific group name. |
|
LDAP > LDAP User Distinguished Name |
The LDAP distinguished Name of the user. |
|
LDAP > LDAP User Locale |
An LDAP User who are members of a specific locale. |
|
LDAP > Organizational Units > LDAP Organizational Units Distinguished Name |
LDAP users who are members of an organizational unit with a specific distinguished name. |
|
LDAP > Principal |
Value of the attribute specified as the User ID in the LDAP server configuration. |
|
LDAP > upn |
Value of the attribute specified as the User Principal Name in the LDAP server configuration. |
|
LDAP > User Account Control > Account Disabled |
Indicates whether the LDAP user account is disabled (true/false). |
|
LDAP > User Account Control > Locked Out |
Indicates whether the LDAP user account is locked out (true/false). |
|
LDAP > User Account Control > Password Expired |
Indicates whether the LDAP user 's password has expired (true/false). |
|
LDAP > User Attributes > custom1, custom2, custom3, custom4 |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
LDAP > User Attributes > memberOf |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
SAM Account Name |
The security account name. This was the login name for earlier versions of Windows. |
|
User ID |
The LDAP user ID. |
|
User UUID |
The LDAP Universally Unique Identifier. |
For Windows field definitions, see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp.