Tuesday, November 7, 2017

Fetching custom attributes from Azure Active Directory via the Microsoft Graph

This post was inspired by Juan Carlos González who asked a question about retrieving custom/extension attributes from Azure AD via the Microsoft Graph.

image

Custom or extension attributes in on-premises active directory is nothing new, and many have set up synchronizing these to Azure AD as well – which makes sense. Once the attributes are in place, you might want to use them in applications as well, and in todays day and age, using the Microsoft Graph API is the way we play.

Custom attributes are not retrievable directly by their name like for example userPrincipalName.

https://graph.microsoft.com/v1.0/me/?$select=userPrincipalName

Instead they are named with extension_<randomid>_attribute, which means we need to figure out what this random id is. As far as I know you cannot list it via the Graph, but using Azure AD PowerShell it’s doable. The below sample shows a custom attribute named division on my user object.

Connect-AzureAD
$aadUser = Get-AzureADUser -ObjectId me@madcow.dog
$aadUser|select -ExpandProperty ExtensionProperty

Key                                                     Value
---                                                     -----
extension_e96266002973421daef990ab9be89e86_division     64

By looking at the result we have the prefix we need which works just fine in a graph query.

https://graph.microsoft.com/v1.0/me/?$select=userPrincipalName,extension_e96266002973421daef990ab9be89e86_division

image