AADConnect cn attribute and group member count

Iron Contributor



Related to AADConnect i have some doubts I need help with


1. When check a group which is being synced member count on-premise is different and member count online is different ?


2. I have check CN attribute is pulled into metaverse, and to the point i have undestood it is synced to commonName attribute in Azure AD but it never shows when you dump user attributes from Azure AD ? (CN is not available in Azure AD ?)

5 Replies

1) Are all users synced? Nested groups?

2) There are multiple attributes that are synced to Azure AD, but not exposed in any of the admin portals. Some of these can be accessed via the Graph, other such as the CN cannot. But you can use something like the onPremisesDistinguishedName?

Hello Vasil,


I have read a lot of your article / blogs on Office 365 groups must say great job,


However in this case i can see this attribute is being synced from onpremises to online from cn to commonName, it is mentioned in the microsoft documentation also however only for AzureRMS not why ?,

But the issue is it is not visible either so neither CN nor commonName or Alias for that attributes are visible when AzureAD is queried

It's simply not exposed anywhere. But as CN is practically a part of the DistinguishedName attribute, you can get it from the value of the onPremisesDistinguishedName, which is available via the Graph or Azure AD (Get-AzureADUserExtension).

Thats exactly my question here why is this attribute not exposed on AzureAD whats the rationale behind not only the CN attribute commonName, alias and infact when you expand extensionproperty attribute you can see user identities that one is also empty and with the full dn value being returned will require tweaking to extract only the cn value however i am curious why this behavior in the first place

That can only be answered by the relevant folks at Microsoft... which you will not find here on these boards :)