Hi @MarileeTurscak ,
Thanks for your response.
After much research and experimentation, the confusion we had is that we've learned that really there are two top level ways to create schema extensions: AD Connect Schema Extensions and Microsoft Graph Schema Extensions. There are also MS Graph Open Extensions, but I won't get into that as they are untyped.
AD Connect extensions come in the form as described above extension_(ApplicationID)_(AttributeName) and are listed as attributes in the top level of the User resource just like all the other attributes.
MS Graph schema extensions lead to a nested schema on the User resource and have a schema ID in the form similar to (appdomain)_(schemaName). This schema has attributes including a nested "properties" collection which describes the typed extension attributes in the schema.
It's very straightforward to work with the MS Graph schema extensions through the Graph API. Our trouble is that our customers mostly use AD Connect Schema Extensions and the structuring of AD Connect Schema Extensions is significantly different to MS Graph Schema Extensions. This means we need to maintain two branches of code to support both cases as the differences are non-trivial. Further, this makes it very difficult to test short of having an AD Forest with AD Connect setup with our Azure.
Hopefully this helps someone else in the future as it's not well explained in the docs.