Directory extension attribute sync from Azure AD (AAD) to Azure AD Domain Services (AADDS)

Guido Gibens 1 Reputation point
2022-03-15T09:23:19.337+00:00

Why arn't the AAD Connect directory extension attribute like for example: "msDS_cloudExtensionAttribute1, division, employeetype" not synced from AAD to AADDS?
Those extension are synced from local ADDS to AAD but not available into AADDS.
What needs to be done to get those directory extension attributes from AAD to AADDS?

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,472 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 27,886 Reputation points Microsoft Employee
    2022-03-16T10:46:42.5+00:00

    @Guido Gibens Thank you for reaching out to us.

    As far i am aware Azure AD Domain Services does not support custom schema extensions. Extending schema is not a permitted operation on the AAD Domain Services instance.

    https://learn.microsoft.com/en-us/azure/active-directory-domain-services/faqs#:~:text=Can%20I%20extend%20the%20schema%20of%20the%20managed%20domain%20provided%20by%20Azure%20AD%20Domain%20Services%3F

    However i will check in my lab whether your ask can be achieved or not. Please give me coupe of days time to check and revert.

    Also do you have any specific reason why you want division, employeetype attributes synced from AAD to AADDS ?

    Reference : Attribute mapping for user accounts from Azure AD to Azure AD DS
    https://learn.microsoft.com/en-us/azure/active-directory-domain-services/synchronization#:~:text=specific%20attributes%20for%20user%20objects%20in%20Azure%20AD%20are%20synchronized%20to%20corresponding%20attributes%20in%20Azure%20AD%20DS.