Forum Discussion
Solved
Microsoft Entra ID - User attributes / properties export
Hi all,
Is there a documented list of built-in user attributes in Entra ID with data type and maximum length? If this information can be extracted using MS Graph I would appreciate some guidance.
Thanks in advance.
The short answer is no. The Graph schema does not compare to a more mature schema such as that found in Active Directory.
Rather than writing up a summary, it's best to see it for yourself, which you can do through accessing the metadata endpoint (using the beta endpoint in this example):
This may take some time to load, and if you're running Edge, it may even suggest the site has hung but it hasn't. Just wait a while as it's a rather large XML file which the browser may take some time to render.
Once it's loaded, search the page for the following string to jump to the user class definition:
<EntityType Name="user" BaseType="graph.directoryObject"
As you noted, this does not contain directory extension attributes, meaning you have to make another call to Graph to retrieve those as illustrated below using the AAD Connect application. Even then, it's still inferior to more mature schemas, with no guidance on limits.
Historically, this couldn't be trusted, either, as Graph did not honour Azure AD when it came to multivalued attributes created via AAD Connect.
For example, for the multivalued attributes above, they initially weren't exposed via Graph at all and couldn't be used in searches. Then, searching became possible but the values weren't present in the response data. Then they were present but only as a single value, and finally, within about the last, maybe 18 months, we finally got the real multivalued response that always existed within Azure AD itself. So, it's been a very long journey to reach parity with Active Directory in this scenario.
I should finish with a disclaimer that I don't check frequently on what's updated in Graph, but as far as I can see, nothing's changed with respect to the exposing of the schema, in which case there is no single, comprehensive exposition the way there is with Active Directory.
Cheers,
Lain
4 Replies
- Yes, but there are more attributes on user object in Entra ID than in that list.
The short answer is no. The Graph schema does not compare to a more mature schema such as that found in Active Directory.
Rather than writing up a summary, it's best to see it for yourself, which you can do through accessing the metadata endpoint (using the beta endpoint in this example):
This may take some time to load, and if you're running Edge, it may even suggest the site has hung but it hasn't. Just wait a while as it's a rather large XML file which the browser may take some time to render.
Once it's loaded, search the page for the following string to jump to the user class definition:
<EntityType Name="user" BaseType="graph.directoryObject"
As you noted, this does not contain directory extension attributes, meaning you have to make another call to Graph to retrieve those as illustrated below using the AAD Connect application. Even then, it's still inferior to more mature schemas, with no guidance on limits.
Historically, this couldn't be trusted, either, as Graph did not honour Azure AD when it came to multivalued attributes created via AAD Connect.
For example, for the multivalued attributes above, they initially weren't exposed via Graph at all and couldn't be used in searches. Then, searching became possible but the values weren't present in the response data. Then they were present but only as a single value, and finally, within about the last, maybe 18 months, we finally got the real multivalued response that always existed within Azure AD itself. So, it's been a very long journey to reach parity with Active Directory in this scenario.
I should finish with a disclaimer that I don't check frequently on what's updated in Graph, but as far as I can see, nothing's changed with respect to the exposing of the schema, in which case there is no single, comprehensive exposition the way there is with Active Directory.
Cheers,
Lain
