Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Sync Roles update fields in Azure AD

Iron Contributor

Hallo,

i use active sync service to connect my on-premise AD with the azure AD. It works fine. Then I create an input sync role to set the azure ad field “usage location” depended on the country field. It works fine when the user is created in the azure AD and for the first time synced to azure AD. But it will not update the “usage location” (when the country field are changed).

What I can do to update the field “usage location” when the country field in the on-premise AD will change?

 

Thanks for your help

Stefan

3 Replies

Hi Stefan can you describe the exact steps you have taken so far to push this attribute to Azure AD? Be as specific as possible

Hi,

 

here is description of the rule

 

New-ADSyncRule `
-Name 'usage location' `
-Identifier '' `
-Description '' `
-Direction 'Inbound' `
-Precedence 100 `
-PrecedenceAfter '00000000-0000-0000-0000-000000000000' `
-PrecedenceBefore '00000000-0000-0000-0000-000000000000' `
-SourceObjectType 'user' `
-TargetObjectType 'person' `
-Connector '' `
-LinkType 'Join' `
-SoftDeleteExpiryInterval 0 `
-ImmutableTag '' `
-OutVariable syncRule


Add-ADSyncAttributeFlowMapping `
-SynchronizationRule $syncRule[0] `
-Source @('c') `
-Destination 'usageLocation' `
-FlowType 'Expression' `
-ValueMergeType 'Update' `
-Expression 'IIF(IsNullOrEmpty([c],"DE",[c])' `
-OutVariable syncRule

All looks good to me, except TO Azure AD should be "outbound" not inbound right?

 

I must admit I have not created a rule with PS yet but I don't see how you have a source AND an expression, in the GUI the source IS the expression 

 

i.e. displayname transformation source is below but you specify a source as 'c' as well as an expression, wondering how this looks in the source field for your rule?

 

IIF(IsNullOrEmpty([displayName]),[cn],[displayName])