Forum Discussion
AADConnect cn attribute and group member count
1) Are all users synced? Nested groups?
2) There are multiple attributes that are synced to Azure AD, but not exposed in any of the admin portals. Some of these can be accessed via the Graph, other such as the CN cannot. But you can use something like the onPremisesDistinguishedName?
- Himanshu SinghFeb 22, 2019Iron Contributor
Hello Vasil,
I have read a lot of your article / blogs on Office 365 groups must say great job,
However in this case i can see this attribute is being synced from onpremises to online from cn to commonName, it is mentioned in the microsoft documentation also however only for AzureRMS not why ?,
But the issue is it is not visible either so neither CN nor commonName or Alias for that attributes are visible when AzureAD is queried
- VasilMichevFeb 22, 2019MVP
It's simply not exposed anywhere. But as CN is practically a part of the DistinguishedName attribute, you can get it from the value of the onPremisesDistinguishedName, which is available via the Graph or Azure AD (Get-AzureADUserExtension).
- Himanshu SinghFeb 23, 2019Iron ContributorThats exactly my question here why is this attribute not exposed on AzureAD whats the rationale behind not only the CN attribute commonName, alias and infact when you expand extensionproperty attribute you can see user identities that one is also empty and with the full dn value being returned will require tweaking to extract only the cn value however i am curious why this behavior in the first place