User Profile
EStrong9
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Re: Azure AD extension attributes from AD Connect
juliansperling Short version: no love, scrapping this part of the project. Slightly longer version: I looked at your site and pulled the part about building out the param array and assigning it. Ran it on my test user, got some errors. Modified things, got it to run without errors. Went to check for the value. No value in the property. Went back and did more checking. With the previous background of the SSO that keys off the property value works and continues to work, I ran the select statement as you provided earlier, and it continued to return the correct value... for my account. On all other accounts I tested, not a single one returned a value at all. When I dug down into it, and checked the Additional Properties on all those accounts, all of them had the default context and that's it. I don't know why. They can sign in, so the information contained within the additional properties field of my account of that extension value is there, somewhere, but I can't find it. But all this was primarily to be a short workaround for an more onerous way of getting a service account access, and it is providing to be less short and straightforward than is probably worth it.Re: Azure AD extension attributes from AD Connect
juliansperling Thank you, that has gotten me most of the way there. I can see the value of the property using the code you helpfully provided. Now I'm trying to figure out how to change the property value. update-mguser -userid $user -additionalproperties @{$extensionValue="yyyyyyyyy"} is what I've been working with, but it doesn't seem to be doing what I want. Related question, with $user | select Displayname, AdditionalProperties the Additional Properties is cut off; is there an easy way to get it to display the whole hash table?Re: Azure AD extension attributes from AD Connect
juliansperling The same thing was happening with the graph commands I ran, but I'm much less comfortable with that interface. Running get-mguser on a user, then piping it to format-list -property, and the property does not show up at all in the list. If I manually select for the propery by schema extension name -- as obtained from Get-AzureADApplication | Get-AzureADApplicationExtensionProperty -- it turns back a null result.Azure AD extension attributes from AD Connect
I'm struggling with finding my data in AAD. We've been running Azure Connect for years to bring the data from our on-prem AD over to our AAD instance. Back last spring, I expanded the scope of the fields we were bringing over; in Azure Connect I configured it to also send the uid from AD, where we were storing a value that I needed for SSO for a specific application. I was able to configure the claims rules for the enterprise application that I configured in AAD to send the value along to the app, and SSO works fine. My problem is where that data is. I'll be referring here mostly to Powershell commands to look at the users. If I run a Get-Azureaduser a user -- I've tried several, all who can successfully use the SSO -- then pipe that along to select to expand the extension properties, the extension property isn't even in the list. The one place I have found it is if I run Get-AzureADApplication | Get-AzureADApplicationExtensionProperty It is in the list of defined extension properties, targetting users. Ideally, I'd like to be able to see the value for a given user from AAD, and set it through Powershell as well. Help? Why doesn't it show up in the extension attributes for our users?
