question

KomoroskeGina-5094 avatar image
0 Votes"
KomoroskeGina-5094 asked ·

Steps to sync a new user attribute from on-prem to Azure using Azure AD Connect

Hi,
I have been requested to sync an attribute that is in our on-premise active directory user objects to Azure. We use Azure AD Connect. I thought I could go into the synchronization service manager, go to connectors, select properties on our connector, select attributes and just check the attribute to sync. It is telling me that it is deprecated and to use the Wizard. I went to the wizard and noticed if I select this attribute here, the ones we already sync are in the list to choose from as well. If I select only that new attribute to sync (and not all the ones we already sync), will I lose all those attributes we currently sync then? Do I have to use the Wizard and select ALL the attributes we want to sync, or can I just add that one attribute and the rest will remain synced as desired?

Thanks in advance for help.
Gina

azure-ad-connect
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Refresh directory schema
This option is used if you have changed the schema in one of your on-premises AD DS forests. For example, you might have installed Exchange or upgraded to a Windows Server 2012 schema with device objects. In this case, you need to instruct Azure AD Connect to read the schema again from AD DS and update its cache. This action also regenerates the Sync Rules. If you add the Exchange schema, as an example, the Sync Rules for Exchange are added to the configuration.

When you select this option, all the directories in your configuration are listed. You can keep the default setting and refresh all forests or unselect some of them.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema

0 Votes 0 ·
michev avatar image
1 Vote"
michev answered ·

You seem to be talking about the Directory extensions feature, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions

First of all, this is needed only for attributes that are not present in the Azure AD schema, if you simply want to add an attribute you've previously excluded, use the "Azure AD app and attribute filtering" feature instead. But if you do want to add an attribute that is not part of the schema, you simply need to add it to the list, no need to add any "existing" ones. Do make sure your expectations are set correctly, as such attributes cannot be "consumed" directly by any of the first-party apps (Office 365 as the prime example). Instead, you leverage them directly via Graph API calls in your apps. Refer to the document above for more details.

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Thanks for the additional link. It appears, yes, it is a Directory extension I want to add. We have set up this sync process close to 5 years ago when we started using O365, using DirSync at the time, which has evolved to Azure AD Connect. In Dirsync, it was called an attribute. I guess now they call it a Directory extension. Regardless, I just want to add one 'attribute' or 'extension' to Azure, syncing it from our on-prem AD. The wizard doesn't give me a 'warm fuzzy' and the previous scheduler interface seems more my pace (because that's what I know). So to be honest, I'm a bit unsure on your response. Can you tell me more about this "Azure AD app and attribute filtering" feature. Where do I find this? Maybe I just need to read more about this.

Thanks,
Gina

0 Votes 0 ·
michev avatar image michev KomoroskeGina-5094 ·

You can find it the same way you found the Directory extension one - run the AAD Connect Setup wizard and select it under "optional" features :) But again, that's for "built-in" attributes, if you want to add something that is not synced by default, Directory extensions is the way to go.

0 Votes 0 ·
$$ANON_USER$$ avatar image
0 Votes"
$$ANON_USER$$ answered ·

Hi Gina,

This write up was very helpful for me in trying to accomplish what I think is the same thing you are needing to.

user-provisioning-sync-attributes-for-mapping



hope that helps!

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Thanks for the response. This link is the exact article I was following when I stopped. . . because when you select the attribute you want (in this case 'division'), the message stated, 1 of 100 selected. If I looked at the rest of the attributes/extensions, many we already sync. So my question is, if I use this method in the link you sent, and only select the new attribute/extension I want (division), will it continue to sync all the other attributes/extensions that we are already syncing? Or if I just select that one (division), will it stop syncing all the other ones?

We have a dev environment, but it's used quite heavily and I don't want to mess anyone up who's using that right now. Also, it is just SO different than the way we set up Azure AD Connect and the attributes to sync, I'm a bit nervous as this is new and very different!

Thanks, hope that makes sense?

0 Votes 0 ·
michev avatar image michev KomoroskeGina-5094 ·

100 is simply the limit of "extensions" you can have in a single Azure AD instance. And yes, it will continue syncing all the rest, as I mentioned above.

1 Vote 1 ·