Get to know how you can sync every onpremis directory extension attribute to AAD for any purpose!
In Azure AD Connect, extensionAttribute# values gets synchronized from the on-premises Active Directory to Azure AD by default. Imagine, you want to sync one of the “msDS-cloudExtensionAttribute” attribute to AAD. To do this, follow these easy steps.
- Open Azure AD Connect
- Customize synchronization options
- Optional Features, check “Directory extension attribute sync” on and click next.
- Now you can choose an Directory Extension. For example: msDS-cloudExtensionAttribute1
- Move “msDS-cloudExtensionAttribute1” to the “Selected Attributes” section and click next.
- Do a full sync.
- Open the Synchronization Rules Editor and double click on rule “Out to AAD – User DirectoryExtension” in the “Direction” outbound.
- Under “Transformations” in the “Target Attribute” section you will find the property that we use to filter on in AAD. It is something like:
- To copy this property, go back to rule “Out to AAD – User DirectoryExtension” in the Synchronization Rules Editor and select it (single click)
- Click on “Export”
- In this .tmp file(opened in Notepad) you can copy the property.
Now that we have “msDS-cloudExtensionAttribute1” in sync with AAD. We can use it for an dynamic group in AAD. With a rule syntax like: (user.extension_9a07786cb30c4b22b3f41a4f99d41189_msDS_cloudExtensionAttribute1 -eq “YOUR VALUE IN AD”)