Many of us may have wondered what is Directory Extension attribute sync feature and how it works and what is the use case. I will try to explain the same and how it works with Azure Active Directory.

This feature is helpful when we need to sync non-default attributes to office 365 and that attribute is required for any other app.

You can enable this feature within Azure AD Connect and I will show different places you can verify that this worked perfectly.

  • Run Azure AD Connect Wizard.
  • Click on Customize.
  • Provide Azure AD Credentials and at ‘Optional Features’ page, turn on ‘Directory Extension Attribute Sync’ feature.Directory Extension.jpg
  • Select required attribute ‘AccountExpires’.

custom attribute.jpg

  • As soon as full sync runs, you can see within ‘Synchronization Service’ that new attribute is tying to be synced to Office 365 but you will notice that attribute in office 365 will have this format ‘extension_<tenantGUID>_accountExpires’.attribute_actexpires.jpg
  • In Azure AD, you will see a new App named ‘Tenant Schema Extension App’, this get created as soon as you enable ‘Directory Extension Attribute Sync’ feature.tenant app
  • Azure AD Connect creates inbound and outbound rule as well, you can check that in ‘Synchronization Rules Editor’ to find out what happened in backend.
    • OutBound Ruleout rule1.jpg                   Outrule.jpg
    • Inbound Ruleinboudn.jpginbond_again.JPG
  • Now you can verify in Azure AD that attribute has synced.
    • Login to https://graphexplorer.azurewebsites.net with user who would have received the attribute.
    • you can mention query url like below.

https://graph.windows.net/ltechf.onmicrosoft.com/users/2@ltechf.onmicrosoft.com

    • At the bottom you will see that new attribute has synced.

verify

  • This way we have see, how to enable ‘Directory Extension Attribute Sync’ feature and how to confirm that it worked.

Thank you for reading !