Hello @thomas magami ,
Welcome to the Q&A MS Forum.
I just tested this command in the Windows PowerShell ISE and got the object Id in the output. Meanwhile, you could see from my screenshot I didn't use directory extensions attributes in the claim.
Can you test if you will get object id by creating the test policy with the below script:
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
Are you able to share the script what you used to create the Policy? I'd like to test on my side.
If you run your script in AzureAD module, could you test with uninstalling it and installing AzureADPreview?
Update: just tested with the creating new Policy using directory extensions attributes and objectId was returned for it too.
Below is the script what I used during my testing:
Install-Module -Name Microsoft.Graph -RequiredVersion 1.2.0
Import-Module Microsoft.Graph.SchemaExtensions
Connect-MgGraph -TenantId "XXXX.onmicrosoft.com" -Scopes "User.ReadWrite.All", "Group.ReadWrite.All", "Application.ReadWrite.All", "Directory.AccessAsUser.All", "Directory.ReadWrite.All"
Get-MgContext
# After authenticating, I created a new, empty ArrayList
$SchemaProperties = New-Object -TypeName System.Collections.ArrayList
# define our keys and the types
$prop1 = @{
'name' = 'costcenter';
'type' = 'String';
}
$prop2 = @{
'name' = 'pin';
'type' = 'Integer';
}
# and add them to the SchemaProperties
[void]$SchemaProperties.Add($prop1)
[void]$SchemaProperties.Add($prop2)
# Created the new schema extension for the resource User. Our Azure AD app is the owner.
$SchemaExtension = New-MgSchemaExtension -TargetTypes @('User') -Properties $SchemaProperties -Id 'myapp1' -Description 'my organization additional user properties' -Owner "xxxxxxx"
# Check the new schema extension:
Get-MgSchemaExtension -SchemaExtensionId $SchemaExtension.Id | fl
#use appId as an owner
Update-MgSchemaExtension -SchemaExtensionId $SchemaExtension.Id `
-Status 'Available' `
-Owner "xxxxxx"
New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true","ClaimsSchema":[{"Source":"user","ID":"YourExtensionID","SamlClaimType":"team_id","JwtClaimType":"MyCustomClaim1"},{"Source":"user","ID":"YourExtensionID","SamlClaimType":"team_id","JwtClaimType":"MyCustomClaim2"}]}}') -DisplayName "ExtensionAttributeMapping" -Type "ClaimsMappingPolicy"
Get-AzureADPolicy
Sincerely,
Olga Os