The Fields page in the admin panel controls which Active Directory attributes managers can see and edit. This gives you granular control over the information exposed to group managers.
Navigate to the admin panel and click Fields in the navigation bar.
Each field has three properties:
| Property | Description |
|---|---|
| Available | Whether the field exists in the application’s data model. When disabled, the field is completely ignored. |
| Visible | Whether the field appears as a column in the groups or members grid. Only available fields can be made visible. |
| Editable | Whether managers can modify this field’s value. Only visible fields can be made editable. Additionally, the global editing permission must be enabled. |
The hierarchy is: Available → Visible → Editable. A field must be available to be visible, and visible to be editable.
These fields control what information is shown on the All Groups page.
| Field | AD Attribute | Default Visible | Can Be Editable |
|---|---|---|---|
| Name | cn |
Yes | No (always read-only) |
| Display Name | displayName |
No | Yes |
| Description | description |
Yes | Yes |
| Distinguished Name | distinguishedName |
No | No (always read-only) |
mail |
Yes | Yes | |
| Group Type | groupType |
No | No (always read-only) |
| Group Scope | groupType |
No | No (always read-only) |
| Members | (calculated) | Yes | No (always read-only) |
| Created | whenCreated |
No | No (always read-only) |
| Modified | whenChanged |
No | No (always read-only) |
| Managed By | managedBy |
No | No (always read-only) |
| Notes | info |
No | Yes |
Fields marked “always read-only” cannot be made editable because changing them could break AD references, affect replication, or have unintended security consequences.
These fields control what information is shown on the group members page.
| Field | AD Attribute | Default Visible | Can Be Editable |
|---|---|---|---|
| Name | cn |
Yes | No (always read-only) |
| Username | sAMAccountName |
Yes | Yes |
| Display Name | displayName |
No | Yes |
| First Name | givenName |
No | Yes |
| Last Name | sn |
No | Yes |
| Description | description |
No | Yes |
| Distinguished Name | distinguishedName |
No | No (always read-only) |
mail |
Yes | Yes | |
| Job Title | title |
Yes | Yes |
| Department | department |
No | Yes |
| Company | company |
No | Yes |
| Office | physicalDeliveryOfficeName |
No | Yes |
| Telephone | telephoneNumber |
No | Yes |
| Manager | manager |
No | No (always read-only) |
| Division | division |
No | No (read-only by default) |
| Employee ID | employeeID |
No | Yes |
| Employee Number | employeeNumber |
No | Yes |
| Account Status | userAccountControl |
Yes | Yes |
| Domain Name | (calculated) | No | No (always read-only) |
| Type | objectClass |
Yes | No (always read-only) |
Account Status deserves special attention — when made editable, managers can enable or disable user accounts. Enable this only if you trust your managers with that capability.
For organizations where managers should see as little personal data as possible:
A balanced setup for most organizations:
When managers need to maintain member data:
Field visibility works together with other admin settings: