Jan 31 2024 04:24 AM
Is it possible to add new attributes in AD, for example "Employee hire date" and "Cost center" and sync them with Azure?
Jan 31 2024 06:03 AM
Yes, it is possible to create new attributes in AD, and sync them to Entra ID (Azure).
1) Steps to create a custom Attribute:
Active Directory: Schema Update and Custom Attribute | Microsoft Learn
2) Steps to instruct Microsoft Entra Connect to read the schema again from AD
3) Steps to add additional attributes in sync to Entra ID
Microsoft Entra Connect Sync: Directory extensions - Microsoft Entra ID | Microsoft Learn
Please let me know, if you have any other questions!
Jan 31 2024 07:15 AM
Solution
That's mostly correct, however, there is no need to use directory extensions since Azure AD already contains native attributes for employeeHireDate and employeeOrgData.costCenter (these being the names used in Graph, as distinct from AAD Connect and possibly Cloud Sync):
I personally don't use Cloud Sync, so I'm unsure if these Azure AD attributes are presented as targets in Cloud Sync. They certainly exist in AAD Connect and MIM when using the Graph connector.
You don't specify if you're using AAD Connect or Cloud Sync to synchronise from Active Directory to Azure Active Directory, so here's the respective links for each showing the appropriate interface for defining the import and export attribute flows:
Cheers,
Lain
Jan 31 2024 05:48 PM
Jan 31 2024 07:15 PM
Take it with a grain of salt though as this list hasn't been updated in a while and only represents the default mappings. For example, the lifecycle attributes have had export attribute flows defined for a while now (where you as the customer need to define the import attribute flows) yet you won't find any mention of this in the default mappings article.
The default mappings are effectively the "minimum required mappings" to achieve expected platform functionality. You can - and in complex environments almost always will need to - define custom mappings to achieve better business outcomes.
The best point of reference is to jump into either the AAD Connect synchronisation rules editor or the Cloud Sync equivalent and have a look at which attributes are listed.
Cheers,
Lain
Jan 31 2024 07:15 AM
Solution
That's mostly correct, however, there is no need to use directory extensions since Azure AD already contains native attributes for employeeHireDate and employeeOrgData.costCenter (these being the names used in Graph, as distinct from AAD Connect and possibly Cloud Sync):
I personally don't use Cloud Sync, so I'm unsure if these Azure AD attributes are presented as targets in Cloud Sync. They certainly exist in AAD Connect and MIM when using the Graph connector.
You don't specify if you're using AAD Connect or Cloud Sync to synchronise from Active Directory to Azure Active Directory, so here's the respective links for each showing the appropriate interface for defining the import and export attribute flows:
Cheers,
Lain