Sync Custom Attributes to Azure AD

Cyril Kardashevsky Active Directory

In the previous article, we showed you how to create the custom attributes in on-premises Active Directory. When using a hybrid configuration of on-premises AD and Azure AD, you may need to synchronize your custom user attribute into your Azure tenant. In this article, we will look at how to synchronize custom user attributes in Azure Active Directory using the Azure AD Connect.

Azure AD Connect is used to synchronize existing local (on-premises) directory services based on Active Directory Domain Services (AD DS) to Azure AD. Azure AD Connect is installed on one of the on-prem servers (Windows Server 2012+ is required).

Log in to the server with Azure AD Connect installed and launch the Azure AD Connect Console. Select Customize synchronization options from the Additional Tasks list and click Next.

sync custom attributes to azure ad

Skip all the steps of the synchronization wizard and go to the Optional Features tab. Enable the Directory extension attribute sync option. Click Next.

azure ad connect sync custom attributes

In the next window, you will see a complete list of attributes in on-premises Active Directory. In the list, find the custom attribute that you want to synchronize (in our example it is vehRegCode) and move it to the right list.

azure ad sync custom attributes

Hint. You can synchronize a maximum of 100 on-prem Active Directory attributes to Azure AD (including default attributes, such as Display name, first name, surname, UPN, etc). Empty or Null fields are not synchronized.

Click Next > Finish to complete the Azure AD Connect setup wizard and apply your new settings.

azure ad connect custom attributes

Wait for synchronization to start automatically (default is every 30 minutes), or you can synchronize manually:

Import-Module adsync

Start-ADSyncSyncCycle -PolicyType Delta

sync custom active directory attributes

Hint. The following command is used to start a full synchronization to Azure AD:

Start-ADSyncSyncCycle -PolicyType Initial

To synchronize custom Attributes from on-premises AD to Azure, a special Enterprise Application is used to handle Azure AD schema extensions. You can find this Enterprise application in the Azure portal. The synchronized attribute in the name will contain the Application ID (GUID) of that application.

You can check the presence and value of the attribute on an Azure AD user using PowerShell. Connect to your Azure client using the PowerShell module and run the command:

Get-AzureADUser -SearchString b.jackson@theitbros.com | select -ExpandProperty extensionproperty

The synchronized custom attribute has the following name format: extension_{AppClientId}_vehRegCode.

To get the value of the extension attribute directly:

(Get-AzureADUserExtension -ObjectId b.jackson@theitbros.com).extension_{AppClientId}_ vehRegCode

Hint. Note that (unlike Azure AD) Azure AD Extension attributes are case sensitive.

Cyril Kardashevsky
I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
Latest posts by Cyril Kardashevsky (see all)

Related Posts

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.