1. On the Attribute Sources & User Lookup tab, click Add Attribute Source.
  2. On the Data Store tab, enter an attribute source ID and description of your choosing.
  3. From the Active Data Store list, select the datastore connection that you created in Configuring an LDAP connection.
  4. On the LDAP Directory Search tab, in the Base DN field, enter the base DN that contains the users whose attributes you want to retrieve. For example, CN=Users,DC=contoso,DC=com.
  5. From the Root Object Class list, select <Show All Attributes>.
  6. From the Attribute list, select objectGUID. Click Add Attribute.
  7. From the Attribute list, select userPrincipalName. Click Add Attribute. Click Next.
  8. On the LDAP Binary Attribute Encoding Types tab, click Next.
  9. On the LDAP Filter tab, enter a filter to limit the search, and then click Next.
    Example filter for a username token processor:
    Example filter for a Kerberos token processor:

    In this context, the username is always sent as a UPN.

  10. Click Done.