Directory extensions for provisioning Microsoft Entra ID to Active Directory
You can use directory extensions to extend the schema of your groups and then use these attributes for scoping and attribute mapping. You can use the same steps that are outlined in the cloud sync directory extensions and custom attributes doc.
Important
Directory extension for Microsoft Entra Cloud Sync is only supported for applications with the identifier URI "api://<tenantId>/CloudSyncCustomExtensionsApp" and the Tenant Schema Extension App created by Microsoft Entra Connect
For a step-by-step tutorial on how to extend the schema and then use the directory extension attribute with cloud sync provisioning to AD, see Scenario - Using directory extensions with group provisioning to Active Directory.
Ways to create directory extensions
You can create directory extensions in Microsoft Entra ID in several different ways. The following table provides links and additional information.
| Method | Description | URL |
|---|---|---|
| MS Graph | Create extensions using GRAPH | Create extensionProperty |
| PowerShell | Create extensions using PowerShell | New-MgApplicationExtensionProperty |
| Using cloud sync and Microsoft Entra Connect | Create extensions using Microsoft Entra Connect | Create an extension attribute using Microsoft Entra Connect |