[AZURE AD CONNECT SYNC SERVICES] HOWTO: Control which attribute flows to UPN
Problem Statement / Goal
In this scenario we have multiple partitions selected in a single On-Premise Active Directory Connector We want to control which attribute flows in the Metaverse Attribute userPrincipalName based on the suffix in the userPrincipalName. One condition would have the On-Premise Active Directory mail attribute to flow the value to the Metaverse Attribute userPrincipalName. The other condition to flow the value from userPrincipalName to userPrincipalName.
The best way to accomplish this is to create a customized synchronization rule that uses an Expression for the Transformation of the userPrincipalName.
(1) Create a new customized synchronization rule.
In my example, I named my customized synchronization rule "In from AD - UPN Flow". The recommendation is to name the synchronization rule that makes sense of its purpose in your environment.
- Name: Identifies the name of your customized synchronization rule
- Description: Describe what the Synchronization Rule is used for
- Connected System: Which connector does the synchronization rule pertain too
- Connected System Object Type: User
- Metaverse Object Type: Person
- Precedence: Order in which the Synchronization Rule fires
(2) Scoping Filter. You would need to configure a Scoping Filter if you need to focus this synchronization rule on specific objects. For the purpose of my example I did not use a synchronization rule.
(3) Join Rules. This would allow you to join to specific objects. In my example, I did not use any Join Rules as Azure AD Connect Sync Services joins automatically.
(4) Transformations. On an Inbound Synchronization Rule we are going from the Connector Space Object to the Metaverse Object. In order to control which attribute is utilized to flow the value into the userPrincipalName an Expression will need to be utilized.
Example: IIF( Mid( [attribute name], InStr( [attribute name], "@" ), Len( [attribute name] ) ) = "@suffix.com", [attribute name], [other attribute name] )
- Azure AD Connect Sync: Function Reference: https://azure.microsoft.com/en-in/documentation/articles/active-directory-aadconnectsync-functions-reference/