Follow me on Twitter @AntonioMaio2

Thursday, October 20, 2016

Synchronizing Custom AD Attributes to Office 365 - Part 2

This blog is the 2nd in a 3 part series on synchronizing and working with custom AD attributes in Office 365. In this post we continue with showing you how to retrieve attributes in Office 365 using PowerShell.


PowerShell can be used to both verify that your custom attributes have actually been synchronized to Office 365, and it can be used to actually accomplish things with those attributes, like having them sync'ed to your user profile in SharePoint Online (but that's for another article).



Step 2 - Retrieve Attributes in Office 365 Using PowerShell

Once we have custom attributes synchronizing to Office 365 using AD Connect, we would naturally want to use to verify that the attributes have successfully sync'ed.  As well, we would naturally use PowerShell to do this. However, there are some important concepts that we first need to understand to do this.

1. To access user accounts in Azure AD within Office 365, we typically use the Windows Azure Active Directory Module for Windows PowerShell.

connect-msolservice (provide your global administrator credentials when prompted)
get-msoluser -userprincipalname <a user's UPN> | select *

  • This will return a pre-defined set of 59 attributes for the user, however it will NOT return all of the attributes associated with the user account.  For example, it will NOT return any of the extension attributes.  You can see a list of the attributes that are retrieved here: get-msoluser.

2. To retrieve additional attributes or the extension attributes associated with the user's Azure AD account, you must use the Exchange Online PowerShell module.
  • To use Exchange Online cmdlets for a user account, that user account MUST have an Exchange Online mailbox, which means they MUST be licensed for Exchange Online.  If a user is not licensed for Exchange Online, the sync process still synchronizes the attributes correctly for that user.  However, the limitation here is that you will not be able to call the Exchange Online cmdlets for that user - you can still call get-msoluser as described above to get that subset of attributes.
  • To connect to the Exchange Online PowerShell module, you can use the following:

$sUserName = Read-Host "Enter an administrator username" 
$sPassword = Read-Host "Enter an administrator password" -AsSecureString
$credential = New-Object System.Management.Automation.PsCredential($sUserName,$sPassword)

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" –AllowRedirection

Import-PSSession $exchangeSession
  • In order to retrieve additional attributes about a user, and more specifically retrieve the extension attributes, you can call either get-mailbox or get-recipient as follows.  
get-mailbox <a user's email address> | select *

get-recipient <a user's email address> | select *

You can use either one of these cmdlets, and you can get more information about these here: get-mailbox and get-recipient.
  • With either of these cmdlets you'll notice that you get a lot more attributes returned.  In particular you get customAttribute1, customAttribute2 ...customAttribute15.  These map directly to the following attributes in your on premise AD environment: extensionAttribute1, extensionAttribute2 ...extensionAttribute15.  Their purpose is to provide some built in attributes with which clients can use custom attributes in on premise AD without editing the actual AD schema.
  • As you can see, the name of an attribute in Azure AD is often slightly different from the corresponding name of the attribute in on premise AD.

3. When testing retrieval of extension attributes for a user, ensure that you're calling the cmdlets for a user account that has actually values in those extension attributes in your on premise AD.  I know it sounds simple, but many times I've seen people say 'my attributes are not sync'ing' only to find out that the user they're testing didn't actually have values in those attributes in AD.

4. You'll notice that with any of the preceding PowerShell cmdlets shown, the custom AD attributes you've configured AD Connect to synchronize are not shown.  We can see the built-in extension attributes, but not any custom attributes.  
  • Unfortunately, there currently is no Office 365 workload that will consume or work with these attributes.  Not even the PowerShell cmdlets currently available will access or retrieve these custom attributes.
  • It is however possible to work with the Microsoft Graph API to retrieve these custom attribute values.  Microsoft has published a Quick Start Guide for the Graph API if you wish to use that.
  • The custom attribute from your on premise AD is actually published to Azure AD with a name that looks like the following:
extension_<application GUID>_<custom attribute name>


You can see the custom attribute name that is being synchronized to Office 365 for your custom attributes if you use the MIISCLIENT application (available at C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe on the AD Connect server) to watch the synchronization process and review the actual updates made.  Remember, do not try to execute the sync or modify any sync settings through the MIISCLIENT application.  Only use the AD Connect configuration wizard for any sync configuration.

Part 3 in this series can be found here: Step 3 - Customize AD Connect Synchronization Rules.

23 comments:

  1. Synchronizing Custom AD Attributes to Office 365, such a great move by the Microsoft team and great inventions they are putting. I can't wait to install this latest version.

    ReplyDelete
  2. Your post give me lots of advise it is very useful for me. I want to introduce for you about the game- sims 4 cheats. in this game, you can create character and operate as sames as in the real world. Click link to participate games.

    ReplyDelete
  3. The prices shown in Bangalore escorts are only for time and sympathy, and not for any illegal acts. Any personal conduct of an intimate nature is a matter of agreement between two consenting adults and between closed doors or a similar personal method or place.
    Lovepreet Kaur
    Bangalore Escorts
    Bangalore Escort Service

    ReplyDelete
  4. Bangalore escort services are largely here to give you an astonishing encounter. The most electrifying hours with intriguing Bangalore escorts are on your way.
    Bangalore Escorts
    Elite Escorts
    Call Girls
    Escorts Service
    Model Escorts
    High Profile Escort
    air-hostess-escorts

    ReplyDelete
  5. Thank you for knowing this topic of yours.
    Uttam nagar Escorts provide high-profile escorts services in Delhi.
    Uttam nagar Escorts

    ReplyDelete
  6. Delhi Escorts Offers Incall And Outcall Sexual Services To U
    If you want to have some unforgettable time. Delhi Escorts - your best reliable Escort service in Delhi. Only Delhi Escort girls have a sense of fashion and are conscious of the etiquette and popular conversation subjects. The escort in delhi comes with a lot of assortment of girls in delhi who can offer erotic massages in the hottest style.
    Delhi Escorts
    Call Girl in Delhi

    ReplyDelete
  7. Welcome to premier agency in Hyderabad, offering an outstanding range of Female Escorts in Hyderabad and erotic services. If you are interested in using our service, we are just a phone call away.
    Hyderabad Escorts

    High Profile Escorts in Abids

    Independent Escorts In Ameerpet

    Banjara Hills Escorts

    Begampet Escorts

    Gachgoli Escorts

    Hitech Escorts

    ReplyDelete
  8. Hey friends, my agency is StreetGirls and I am a 22-year-old independent call girl available now. Everything you're looking for will find me, I love having sex without haste, I want to be your naughty girlfriend. I assure you that in privacy you will love my vagina, my sensuality, my charisma and I am available to serve you. Between four walls I'm hot and very naughty, I don't deny fire, I'll leave you breathless. In our appointment very passionately I will stimulate the erogenous areas of your body. I know that for you I will be an excellent company and an unmatched lover in intimacy.
    Call Girl Haridwar
    Call Girl Dhamtari
    Call Girl Mahim
    Call Girl Baga

    ReplyDelete
  9. I would like to say thank you to visit my personal web page. I just made this website to work as an Independent Delhi Call Girls. Escorts services in bhiwadi
    Escorts in lajpat nagar
    Escorts in Bhiwadi
    escorts in goa

    ReplyDelete
  10. You are passed by on the basically referred to Call Girls Agency, and we are the social affair of entertainers. Our Goa Call Girls will without a doubt pull in you in the great fun which won't ever close. You discover trust in sexual satisfaction of our clients who are searching for the brilliant which they never have from another woman. The females have a few aptitudes to make your tendency on in a matter of seconds. Our Call Girls in Goa has been required to full filling the hankering regardless. We are serving Young and horny escort young people to a few areas and close about the Goa.

    Goa Escorts
    Call Girls in Goa
    Russian Escorts in Goa
    Russian Escorts Service in Goa
    Panjim Escorts
    Anjuna Escorts
    candolim Escorts
    Calangute Escorts
    Baga Escorts
    Arpora Escorts
    Escorts in South Goa
    Escorts in Goa

    Goa Escorts
    Call Girls in Goa
    Russian Escorts in Goa
    Russian Escorts Service in Goa
    Panjim Escorts
    Anjuna Escorts
    candolim Escorts
    Calangute Escorts
    Baga Escorts
    Arpora Escorts
    Escorts in South Goa
    Escorts in Goa

    ReplyDelete
  11. bp doctor 3.0 pro wearable blood pressure smartwatch If you want to find an accurate fitness tracker, just try this smartwatch.

    ReplyDelete
  12. yhe bp doctor smartwatch Have a smart watch that you can use for exercise and daily life

    ReplyDelete
  13. Very informative Post, Keep Sharing such amazing content.
    Kind regards
    by Nanny
    by Vanny
    And canny

    ReplyDelete
  14. For example, did you know that in Indian cooking you should cook onions for at least thirty minutes, until they’re completely caramelised? Some dishes even require you to burn the onions a little bit for added flavour.

    Online Baking classes

    ReplyDelete