Aggregating Extension Attribute from Azure AD to Tenant using Azure Connector

Hello Experts

I need clarification certain aspects of the instructions in the document

We have a user custom attribute visible in Entra ID . Is there any way to find out which client ID value to use by querying Entra using Graph API ?

We have tried using the Client ID of the enterprise application credential that is already configured in the connector in the query Entra ID --And this does not work .

We have named the source attribute in the Account schema as per the documentation but on aggregation the values are not read in .

Hi @anuragbong,

I understand your question. I believe you should use the client ID of the “Tenant Schema Extension App”, which is ideally configured by your AD/Infra team. Here is the documentation to its config: Microsoft Entra Connect Sync: Directory extensions - Microsoft Entra ID | Microsoft Learn

We dont have a Entra Connect in our enviorment .

@anuragbong,

Can you share how you modified your schema to get the required attribute?

For example, we have “employeeType” being captured from our Entra Tenant and added the following to our schema to capture it:

extension_<TenantID>_employeeType

extension_517a0$$$$$$$$$$$$$$$$$$$$$$$$$$$$_ExtensionAttribute13

This is a extension attribute in Azure the document suggests otherwise for these

You have said tenant ID where the document says client ID … I am confused .

@anuragbong,

Apologies, it’s been a while since we configured this. It’s not the tenant ID, it’s the “Application (client) ID” of the Entra Application that does the syncing from your on-prem environment.

However, it sounds like you’re just cloud native, not a hybrid environment setup, correct?

No We dont have a onpremises setup

Try using the Graph API explorer and run a GET against the /beta/users API on your tenant. That should include the extension attributes with the proper field names

image973×713 8.12 KB

onPremisesExtensionAttributes": {
“extensionAttribute1”: null,
“extensionAttribute2”: null,
“extensionAttribute3”: null,
“extensionAttribute4”: null,
“extensionAttribute5”: null,
“extensionAttribute6”: null,
“extensionAttribute7”: null,
“extensionAttribute8”: null,
“extensionAttribute9”: null,
“extensionAttribute10”: null,
“extensionAttribute11”: null,
“extensionAttribute12”: null,
“extensionAttribute13”: “retentionpolicy6m”,
“extensionAttribute14”: null,
“extensionAttribute15”: null
},

How should I proceed ?

Account Schema : Currently

Do I need to do anyting here in Create Account Section

image612×414 10.9 KB

Maybe the schema attribute should be named differently… this is how mine is

meaning the prefix you’re using “onPremisesExtensionAttributes_” may not be needed

Also, the extension attributes in my screenshot are at the root of my object, and not in the onPremisesExtensionAttributes property… which looks like this

image353×413 4.12 KB

The Document I have attached in my post has a section that says below

image978×741 10.4 KB

That is Why I have written like this .

The document does not mention how the client Id is mentioned

I was able to solve this ideally you need to add it to the account schema in the format present in the document. A static value can be printed to Azure using this .

The Create Account section will only populate value when a account is created .

For my use case I had to work with Identity Profile , Transform and Attribute sync to add conditional logic for printing the value .