Jun 15 2023 01:42 PM
I've got some custom attributes that are marked as confidential in Active Directory, however I need to move these attributes to Azure Active Directory with AADC. However these attributes always come back as null.
The service account in AADC has permissions to view these attributes, however it appears that AADC ignores them out of the box based on the search flag.
Has anyone had to deal with this and if so what was the solution.
Thanks,
Chris
Jun 16 2023 11:49 PM
Hi, Chris.
Perhaps double-check that the AAD Connect service account has both of the following two rights specified within the ACE, rather than perhaps just the first one:
Here's an example when viewed using the Microsoft ldp.exe tool:
If you have the first in place but not the second, you will get null as the return value.
Cheers,
Lain