Replicate custom attributes to Azure AD
August 14, 2017
Q. Can I replicate custom attributes to Azure AD from Active Directory using Azure AD Connect?
A. Active Directory has an extensible schema, you can add additional attributes to objects. By default when replicating from AD to Azure AD a core set of attributes are replicated about objects and not every object. The attributes that need to be replicated for various services are documented at https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized.
There are 15 extension attributes (extensionAttribute1 to 15) which are replicated and can be used to store any date you wish. For example you could use the first to store information about a users hat size, the second about a certain function etc. These can then be used in Azure AD as part of dynamic group assignment and other purposes.
If you want to replicate additional, custom attributes this is possible. When configuring Azure AD Connect there is a step that allows you to specify additional attributes that you wish to be replicated to Azure AD. When you add additional custom attributes the Azure AD schema is not actually extended but instead an Extension App is added as an application registration in the Azure AD tenant which will contain the additional attributes. These attributes would then be exposed to the user object as extension__. More information on extension attributes can be found at https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-directory-extensions and https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-with-advanced-rules#extension-attributes-and-custom-attributes.
About the Author
You May Also Like