azure ad connect ISR

testuser7 271 Reputation points
2023-01-10T20:03:13.647+00:00

Hello,

while making Inbound-synchronization Rule in Azure-AD Connect , we can use one function called "ImportedValue()" in the attribute transformation.

Can anybody demystify this function for me in simple English ?

The doc is not enough for me to interpret this function. Per doc.,

Usually during synchronization an attribute uses the expected value, even if it hasn’t been exported yet or an error was received during export (“top of the tower”). An inbound synchronization assumes that an attribute that hasn’t yet reached a connected directory eventually reaches it. In some cases, it is important to only synchronize a value that has been confirmed by the connected directory (“hologram and delta import tower”).

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,562 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 16,031 Reputation points Microsoft Employee
    2023-01-31T14:12:22.85+00:00

    Hello @testuser7 ,

    Thanks for your time and patience. I was able to get inputs with an example from our resources.

    • The function ImportedValue is different than all other functions since the attribute name must be enclosed in quotes rather than square brackets: ImportedValue("proxyAddresses")
    • Inbound synchronization has a concept of assuming that an attribute that hasn’t yet reached a connected directory will eventually reach it at some point so, normally, synchronization gets an attribute value from the respective connector space, even if it hasn’t been yet exported or an error occurred during export. (Example a device object while doing hybrid AD join shows in Azure AD though hybrid AD join is not completed)
    • In some cases, however, it is important to only synchronize a value that has been exported and confirmed during import from the connected directory. This function can be found in multiple “In From AD/AAD” out-of-box transformation rules where the attribute should only be synchronized when it has been confirmed that the value was exported successfully.
    • An example of this function can be found in the out-of-box Synchronization Rule In from AD – User Common from Exchange”, for ProxyAddresses attribute flow with Hybrid Exchange. When a user’s ProxyAddresses have one address “user@contoso.com” and a secondary address “user@fabrikam.com” is added, the ImportedValue function will only return “user@contoso.com”, until the new address has been exported and confirmed in the following Import. This is required when the target directory might have additional logic that can change or discard an exported attribute value silently, and we want the synchronization to only process confirmed attribute values

    Thanks,

    Akshay Kaushik

    Please "Accept the answer", "Upvote" and share your feedback (Yes/No) if the suggestion works as per your business need. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments