Sync Azure AD Extension Attribute for Office 365 Custom Property

Last Updated on Oct 28, 2020

The discoveries in the field of technology are aimed to improve the overall business function and operations. Microsoft- a leading technology company is consistently working to streamline tasks and optimize processes. Office 365 is a line of subscription services launched by Microsoft in the year 2011. Microsoft has provided a vivid range of new services and features in this cloud-based subscription that is beneficial for most businesses in improving their overall processes.

Most of the organizations have moved their business in a cloud-based subscription with the help of a SharePoint development company and eliminate their on-premise servers to reduce the maintenance cost and move to the cloud. These organizations have local AD servers that need to sync with Azure AD for further use of the server. SharePoint developers are responsible to set sync processes from local AD to Azure AD. In SharePoint On-premise server, an administrator can configure the synchronization process from Active Directory (AD) to the SharePoint User Profile Service Application (UPA). But in SharePoint Online, the process of synchronization is quite different.

Let see, How Office 365 user synchronization pipeline works:

There are four processes in managing user profile synchronization from local active directory to SharePoint Online:

  • Azure AD Connect:  Connect syncs data from your On-premise Active Directory to Azure Active Directory. 
  • AAD to SPO Sync: Syncs data from Azure Active Directory to SPO directory Store.
  • AD Import:  syncs data from the SPO Directory Store to User Profile Service Application.
  • WSS Sync : Syncs data from User Profile Application to the SharePoint Online site collection.

As a part of the synchronization process, the job is handled by a timer and managed by Microsoft, so in that regard, the first question that comes to mind is when will I expect to see my changes in User Profile Application? 

The Answer to this is the changes are processed in batches, and the timer job runs until the changes from the SPO Directory are synced to the User Profile Application. The required time will depend on the number of changes. However, the Service Level Agreement (SLA) states that any change in a user profile in SPO Directory will be reflected within 24 hours in their respective User Profile Service.

The properties are synced by this processing pipeline which is very limited to some predefined properties like UserPrincipalName, DisplayName, telephoneNumber, proxyAddress, Title, Department, PreferredLanguage, etc to guarantee consistent performance of the timer job. Users can see a complete list of properties here. So, if you want to sync custom properties from local AD, the administrator will have to set up a process for the same.

Let’s sync Azure Active Directory extension attribute with SharePoint Online User Profile Service Application custom property

SharePoint developers can sync AD extension attributes with SharePoint Online User Profile Service custom property using PowerShell. Once this property is synced with Azure Active Directory from your local Active Directory, you can write CSOM code with PowerShell to sync properties.

PowerShell script

Import-Module MSOnline  
Import-Module Microsoft.Online.SharePoint.PowerShell  
 
# add SharePoint CSOM libraries  
Import-Module 'C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll'  
Import-Module 'C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll'  
Import-Module 'C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll'  
 
# Defaults  
$spoAdminUrl = https://tenant-admin.sharepoint.com  
 
# Get credentials of account that is AzureAD Admin and SharePoint Online Admin  
$credential = Get-Credential  
Try {  
    # Connect to AzureAD  
    Connect-AzureAD -Credential $credential  
 
    # Get credentials for SharePointOnline  
    $spoCredentials=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.GetNetworkCredential().Username, (ConvertTo-SecureString $credential.GetNetworkCredential().Password -AsPlainText -Force))  
    $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($spoAdminUrl)  
    $ctx.Credentials = $spoCredentials  
    $spoPeopleManager = New-Object Microsoft.SharePoint.Client.UserProfiles.PeopleManager($ctx)  
 
    # Get all AzureAD Users  
    Get-AzureADUser -All $true | ForEach-Object {

Import-Module MSOnline
Import-Module Microsoft.Online.SharePoint.PowerShell
# add SharePoint CSOM libraries
Import-Module ‘C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll’
Import-Module ‘C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll’
Import-Module ‘C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll’
# Defaults
$spoAdminUrl = https://tenant-admin.sharepoint.com
# Get credentials of account that is AzureAD Admin and SharePoint Online Admin
$credential = Get-Credential
Try {
# Connect to AzureAD
Connect-AzureAD -Credential $credential
# Get credentials for SharePointOnline
$spoCredentials=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.GetNetworkCredential().Username, (ConvertTo-SecureString $credential.GetNetworkCredential().Password -AsPlainText -Force))
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($spoAdminUrl)
$ctx.Credentials = $spoCredentials
$spoPeopleManager = New-Object Microsoft.SharePoint.Client.UserProfiles.PeopleManager($ctx)
# Get all AzureAD Users
Get-AzureADUser -All $true | ForEach-Object {

SharePoint developers can also sync the custom property using PnP-PowerShell commands. You can see we can reduce the code by using PnP-PowerShell script:

PnP-PowerShell script

$appSiteUrl = "<SharePoint Online URL>"
$credential = Get-Credential 
Connect-PnPOnline -Url $appSiteUrl -Credentials $credential
Connect-AzureAD -Credential $credential
$conn = Get-PnPConnection
 
Get-AzureADUser -All $true | ForEach-Object {
    if ($_.ExtensionProperty.ContainsKey("<extension attribute key>")) {
        $adValue = $_.ExtensionProperty.Item("<extension attribute key>")
        Set-PnPUserProfileProperty -Account $_.UserPrincipalName.ToString() -PropertyName "CustomPropertyInternalName" -Value $adValue
    }
}

Conclusion

The unique combination of Sharepoint and Microsoft Dynamic 365 helps any SharePoint development company to migrate the user requirements from local Azure AD to SharePoint Online site for future use. By syncing the property from local AD to SharePoint Online User Profile Service custom property. You can also set automation functions in MS Azure to sync property recursively.

Comments


Your comment is awaiting moderation.