Add AD User Extended Properties To Azure User

1 minute read

Description:

Let’s say you have an AD extended attribute on prem called ‘companyEmployeeID’ and you want this to be an extended attribute for the same user with the Azure AD user, this post will get that information added using RestAPI’s mostly following this guide.

To Resolve:

  1. First create an application in Azure AD and get its applicationID. We have 269fc2f7-6420-4ea4-be90-9e1f93a87a64

  2. Create a POST request with the name you want the object to be. It can only have a data type of String or Byte I believe.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    
     POST
     https://graph.microsoft.com/v1.0/applications/269fc2f7-6420-4ea4-be90-9e1f93a87a64/extensionProperties
     {
         "name": "companyEmployeeID",
         "dataType": "String",
         "targetObjects": [
             "User"
         ]
     }
    
    • Response:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    
     {
         "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications('269fc2f7-6420-4ea4-be90-9e1f93a87a64')/extensionProperties/$entity",
         "id": "5d0a80ec-125a-4ea3-96d8-0094ea115d77",
         "deletedDateTime": null,
         "appDisplayName": "custom class attributes",
         "dataType": "String",
         "isSyncedFromOnPremises": false,
         "name": "extension_b5cfcf360940477da1b4bb2042c2b585_companyEmployeeID",
         "targetObjects": [
             "User"
         ]
     }
    
  3. Just to verify, do a GET request to your application and see if it shows the extensions name value

    1
    2
    3
    
     GET
     https://graph.microsoft.com/v1.0/applications/269fc2f7-6420-4ea4-be90-9e1f93a87a64/extensionProperties
     # Looks good = extension_b5cfcf360940477da1b4bb2042c2b585_companyEmployeeID
    
  4. Now let’s write a value to a user:

    1
    2
    3
    4
    5
    6
    
     PATCH
     https://graph.microsoft.com/v1.0/users/gerry@domain.com
    
     {
         "extension_b5cfcf360940477da1b4bb2042c2b585_companyEmployeeID": "015645645612"
     }
    
  5. Verify:

    1
    2
    
     GET
     https://graph.microsoft.com/v1.0/users/gerry@domain.com?$select=extension_b5cfcf360940477da1b4bb2042c2b585_companyEmployeeID
    
    • At this point, you can script something that writes each on-prem value to Azure!
  6. If you ever want to remove the extension value for a user:

    1
    2
    3
    4
    5
    6
    
     PATCH
     https://graph.microsoft.com/v1.0/users/gerry@domain.com
    
     {
         "extension_b5cfcf360940477da1b4bb2042c2b585_companyEmployeeID": null
     }
    
  7. If you don’t even want it as an option, you need to un-register the extension (get the ID first from step 2):

    1
    2
    3
    
     DELETE
     https://graph.microsoft.com/v1.0/applications/{applicationID}/extensionProperties/{extensionIDFromStep2}
     # https://graph.microsoft.com/v1.0/applications/269fc2f7-6420-4ea4-be90-9e1f93a87a64/extensionProperties/5d0a80ec-125a-4ea3-96d8-0094ea115d77
    

-----------------------------------------------------------
Spotted a mistake in this article? Why not suggest an edit!
-----------------------------------------------------------

Comments