I'm setting up a new domain that uses Azure AD Connect for password writeback. After digging through various discussions, I've come to the realization that I can't manage attributes like extensionAttribute1 in the cloud. This creates an issue because my cloud flows for onboarding and offboarding users rely on editing this attribute, specifically custom attribute 1 in Exchange. I'm looking for suggestions or workarounds to manage this situation effectively.
1 Answer
You should be able to manage it by editing a sync rule in Azure AD Connect. While the extension attributes don't show in the Entra GUI, you can access them via the graph. Just make sure that you're set up correctly for syncing those attributes. But let me clarify - are you looking for Entra to be the source of authority for this attribute? That might require a different approach to what you're trying to do.
Exactly, I need Entra to be the SOA for that one attribute. I tried removing extensionAttribute1 from the sync rule, but when I attempted to edit it in the Exchange admin center, I got an error saying the operation failed because it’s synchronized from on-prem. I’m hoping to find a solution since I only need it in the cloud for dynamic group memberships.