Forum Discussion
Azure AD extension attributes from AD Connect
juliansperling The same thing was happening with the graph commands I ran, but I'm much less comfortable with that interface. Running get-mguser on a user, then piping it to format-list -property, and the property does not show up at all in the list. If I manually select for the propery by schema extension name -- as obtained from Get-AzureADApplication | Get-AzureADApplicationExtensionProperty -- it turns back a null result.
EStrong9 Hello,
It is a good idea to clarify between an Entra ID Directory Extension and the Extension Attributes from 1 to 15 - from the CmdLets you used I presumed you mean Directory Extensions, which are new Attributes added to Entra ID, while the extension Attributes are always there and would be handled differently - if I am incorrect please say so. (Also note: Maybe your UID is also one of the Attributes that are Synced to Entra ID by default?)
Your Problem was probably either, that "Get-MgUser -Property ..." Really only Returns the Properties you specify there, or that you missed that your result is returned in the AdditionalProperties of the Result.
Format-list can only show Properties that are there, so you can only copy what you requested in get-mguser.
To Shorten this thread this Snippet worked for me, at least as far as I understand what you are trying to achieve:
# Necessary Permissions / Scopes: Directory.Read.All
# Tip: Use Find-MgGraphCommand to find the URI being used for better Documentation as well as the Necessary Permissions
# Find the required Extension Property
$extension = Get-MgDirectoryObjectAvailableExtensionProperty | where Name -match "exampleExtension"
$user = get-mguser -UserId $mggraphConfig.testUser -Property Displayname, Id, UserPrincipalName, $extension.Name
$extensionValue = @{Name = "$($extension.Name)"; Expression = {$_.AdditionalProperties.$($extension.Name)}}
$user | select Displayname, $extensionValue | ft
Result:
- Hi, can I offer any further assistance? If you found my snippet useful please mark it as best answer.
juliansperling
Thank you, that has gotten me most of the way there. I can see the value of the property using the code you helpfully provided. Now I'm trying to figure out how to change the property value.
update-mguser -userid $user -additionalproperties @{$extensionValue="yyyyyyyyy"}is what I've been working with, but it doesn't seem to be doing what I want.
Related question, with
$user | select Displayname, AdditionalProperties
the Additional Properties is cut off; is there an easy way to get it to display the whole hash table?
EStrong9 Hi, I happen to have used this as a jump off point for a full blog Post - https://sparrowte.ch/index.php/en/2023/12/07/391/
However your follow up question will lead me to make a few edits since I recognize I could extend the Documentation a bit 🙂I also have how to update them in there, but I can't recommend doing that if you are synchronising them from OnPremises - you might run into conflicts with your Entra ID (AAD) connect sync down the line, that should be done by manipulating the base Properties in Active Directory
To the related note (and why I should work on my Naming and Documentation):
$extensionValue is not the Value of the extension, it defines a custom Property in Select-Object to handle exactly the issue you described - it tells select-Object to Take the Value from Additionalproperties, so the select statement you are looking for is
$extensionValue = @{Name = "$($extension.Name)"; Expression = {$_.AdditionalProperties.$($extension.Name)}} $user | select Displayname, $extensionValue | ftIf you have multiple Values in $AdditionalProperties you can define more Custom Expressions for Select - see https://learn.microsoft.com/en-us/powershell/scripting/samples/selecting-parts-of-objects--select-object-?view=powershell-7.4 for example.