February 8

Multi-valued attributes synchronized from on premises AD using AAD Connect

I saw a lot of questions and discussions about the synchronization of multivalued attributes via AAD. If we have a look on the metaverse schema of AAD Connect we can see a similar picture like this:

AADConnect MV Schema

As we can see there are a lot attributes, what are synchronized by AAD connect…..

Well there are mentioned usually Directory Extensions. The synchronization of additional attributes is configured fast and easily. See the documentation on this here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions

Here is the corresponding page of the AAD Connect Wizard:

As you can see here, there is nothing there to identify multi valued attributes here. This would be probably something for improvement….

The question is how to identify if an attribute a multi valued attribute?

1st Option: Using the Active Directory Users and Computers Console (dsa.msc)

one typical attribute is otherPhone. When we have a look on the attribute Editor, then we’ll see that a multi value attribute editor window is appearing:

2nd Option: Using the public documentation of the on-premises Active Directory schema:

https://docs.microsoft.com/en-us/windows/win32/adschema/attributes-all

 

Why is this so interesting?

Because Azure AD does not supports multi valued attributes as Directory Extensions as documented here:

 

There is an Azure Feedback to this topic: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/32622497-support-for-multi-valued-attributes-synchronized-f

Happy Troubleshooting!

Related posts:

  1. AAD Connect and SIP Address synchronization
  2. AccountExpire is not synchronized by AAD Connect


Copyright 2021. All rights reserved.

Posted February 8, 2021 by akos.regi in category "AAD Connect", "DirectoryExtension", "MultiValuedAttribute", "Uncategorized