- Part 1 is here: Step 1 - Configure AD Connect to Synchronize Custom Attributes.
- Part 2 is here: Step 2 - Retrieve Attributes in Office 365 Using PowerShell.
So, how do we get our custom on premise AD attributes into Office 365 extension attributes so that we can use the Windows Azure AD Module for PowerShell to actually read them?
Step 3 - Customize AD Connect Synchronization Rules
However, there are currently NO Office 365 workloads that will consume those attributes. This means that not even existing PowerShell cmdlets for Azure AD or Exchange Online will retrieve or be able to work with those attributes.
Consider these possible scenarios:
- So, what if you need to work with those custom on premise AD attributes in Office 365, but you cannot integrate the Graph API yet?
- Or what if you have a need to integrate those custom attributes into some existing PowerShell scripts that you already run against Office 365?
- And, what if you don't really have an option to modify the on premise AD custom attributes to use the extension attributes because other line of business apps are already writing into those custom attributes?
Well, an option is to modify the synchronization rules on your AD Connect server so that AD Connect still reads the custom attributes from your on premise AD but writes them into the built in extension attributes in Azure AD (customAttribute1, customAttribute2 ...customAttribute15). This way your on premise line of business apps can continue to work as they currently do, with the custom AD attributes, but you can use the Exchange Online PowerShell cmdlets to retrieve and work with those custom attributes through the built in extension attributes.
- Inbound Rules - will read on premise AD attributes and write them to the sync Metaverse which managed by AD Connect.
- Outbound Rules - will read attributes from the sync Metaverse and write them to Azure AD in Office 365.
- In the rule edit window, change the Precedence value of the rule from -1 to 1 more than the original rule. In my case, the original rule was set to a Precedence of 145 so I set the Precedence for the cloned rule to 146 so that the cloned rule executes right after the original.
- Click Transformations in the left hand menu. All of the custom attributes that you selected in AD Connect to synchronize should be listed here. Notice that the Target Attribute column is the attribute name in Azure AD which the value will be synchronized to. Notice also that the target attribute name is as we described earlier: extension_<application GUID>_<custom attribute name>. The Source column is the attribute name within the sync process Metaverse - again, that intermediary location where sync data is stored prior to writing to Azure AD.