Forum Discussion
Azure AD extension attributes from AD Connect
EStrong9Hi - you are using the AzureAD Module, which is marked for Deprecation. If you want full access to all Information in Entra ID (new Name for Azure AD) you will want to move to the new PowerShell Modules.
You should try Get-MgUser and Update-MgUser, however I personally find that the documentation of the PowerShell SDK for the Graph API (the semi-new way to talk to Entra ID) is so poor that I prefer using Invoke-MgGraphrequest and the Graph API Documentation (https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=powershell). When interacting with Users it is important to know that you have to explicitly request a lot of properties, since the API only returns basic information by default.
juliansperling The same thing was happening with the graph commands I ran, but I'm much less comfortable with that interface. Running get-mguser on a user, then piping it to format-list -property, and the property does not show up at all in the list. If I manually select for the propery by schema extension name -- as obtained from Get-AzureADApplication | Get-AzureADApplicationExtensionProperty -- it turns back a null result.
EStrong9 Hello,
It is a good idea to clarify between an Entra ID Directory Extension and the Extension Attributes from 1 to 15 - from the CmdLets you used I presumed you mean Directory Extensions, which are new Attributes added to Entra ID, while the extension Attributes are always there and would be handled differently - if I am incorrect please say so. (Also note: Maybe your UID is also one of the Attributes that are Synced to Entra ID by default?)
Your Problem was probably either, that "Get-MgUser -Property ..." Really only Returns the Properties you specify there, or that you missed that your result is returned in the AdditionalProperties of the Result.
Format-list can only show Properties that are there, so you can only copy what you requested in get-mguser.
To Shorten this thread this Snippet worked for me, at least as far as I understand what you are trying to achieve:
# Necessary Permissions / Scopes: Directory.Read.All # Tip: Use Find-MgGraphCommand to find the URI being used for better Documentation as well as the Necessary Permissions # Find the required Extension Property $extension = Get-MgDirectoryObjectAvailableExtensionProperty | where Name -match "exampleExtension" $user = get-mguser -UserId $mggraphConfig.testUser -Property Displayname, Id, UserPrincipalName, $extension.Name $extensionValue = @{Name = "$($extension.Name)"; Expression = {$_.AdditionalProperties.$($extension.Name)}} $user | select Displayname, $extensionValue | ftResult:
- Hi, can I offer any further assistance? If you found my snippet useful please mark it as best answer.
juliansperling
Thank you, that has gotten me most of the way there. I can see the value of the property using the code you helpfully provided. Now I'm trying to figure out how to change the property value.
update-mguser -userid $user -additionalproperties @{$extensionValue="yyyyyyyyy"}is what I've been working with, but it doesn't seem to be doing what I want.
Related question, with
$user | select Displayname, AdditionalProperties
the Additional Properties is cut off; is there an easy way to get it to display the whole hash table?