A local Active Directory can have directory extensions. For example, when installing Microsoft Exchange 15 extension attributes are created in Active Directory.

Die Werte dieser Verzeichniserweiterungen werden nicht mit Azure AD Connect synchronisiert. Wenn diese Werte in Azure AD benötigt werden, muss Azure AD Connect so konfiguriert werden, dass dies geschieht.

In a customer project, there was a requirement to provide the “employeeID” directory extension in Azure AD so that an enterprise application in the cloud could access this value.

Customize synchronization options

Launch Azure AD Connect and select “Customize synchronization options”

Connect to Azure AD with a global administrator

Check connection to local Active Directory

check the tick for the optional feature “Directory extension attribute sync”

All directory extensions are now listed and can be selected. A maximum of 100 attributes can be added for synchronization.

The configuration is now checked and can be startet by clicking “Configure”

Force full synchronization

After successful completion of the configuration, an Azure AD Full Sync can be triggered with PowerShell.

Sponsored Links

Check value of directory extension

Powershell can be used to check the value of the directory extension. The following PowerShell command will show the value of “employeeID” attribute.

The value of the “employeeID” attribute has been correctly synchronized with “cl16” and can now be read by the enterprise application.


Follow me on LinkedIn and get informed about my latest posts.

Sponsored Links