Forum Discussion

Chris_Smith_Bouncer83's avatar
Chris_Smith_Bouncer83
Copper Contributor
Jun 15, 2023

Synchronizing AD attributes with security bit set (search flag 128/129) to Azure using AADC

I've got some custom attributes that are marked as confidential in Active Directory, however I need to move these attributes to Azure Active Directory with AADC.  However these attributes always come back as null.

 

The service account in AADC has permissions to view these attributes, however it appears that AADC ignores them out of the box based on the search flag.

 

Has anyone had to deal with this and if so what was the solution.

 

Thanks,

Chris

 

 

Azure AD Connect

1 Reply

  • LainRobertson's avatar
    LainRobertson
    Silver Contributor
    Jun 17, 2023

    Chris_Smith_Bouncer83 

     

    Hi, Chris.

     

    Perhaps double-check that the AAD Connect service account has both of the following two rights specified within the ACE, rather than perhaps just the first one:

     

    • Read attribute (at a minimum; obviously you could use something higher-privileged);
    • Control access.

     

    Here's an example when viewed using the Microsoft ldp.exe tool:

     

     

    If you have the first in place but not the second, you will get null as the return value.

     

    Cheers,

    Lain

Resources