How to get ExtensionAttribute values from Azure AD

Recently I received an interesting question regarding extracting extensionAttribute data from Azure AD. Apparently this seems simple, but the information is not available through standard Azure AD PowerShell not the Azure AD portal.

In Azure AD Connect, by standard the extensionAttribute# values gets synchronized from the on-premises Active Directory to Azure AD via the following synchronization rules:

From a Mailbox user in Active Directory to the Azure AD Connect Metaverse:
In from AD – User Common from Exchange

From a User account in Active Directory to the Azure AD Connect Metaverse:
In from AD – User Common

From an Azure AD Connect Metaverse person to the Azure AD synched user object:
Out to AAD – User ExchangeOnline

Extension attributes are initially introduced by the Exchange schema, and reading these values require Exchange Online PowerShell.

Also, in Exchange Online, the data from extensionAttribute# are stored as CustomAttribute#.

To simplify output from the Get-EXO* cmdlets, certain output properties are categorized into related property sets, which basically are “groups” of related output properties, with the purpose of ensuring that data retrieval does not get slow and bloated.

To get values of all properties in the “Custom” property set for an Exchange Online recipient, run the following command:

Get-EXORecipient –Identity jakob@adatum.dk -PropertySets Custom

Output example:

ExternalDirectoryObjectId : abc12345-7890-abcd-1234-56789abcdefg
Identity : Jakob Østergaard Nielsen
Name : Jakob Østergaard Nielsen
CustomAttribute1 :
CustomAttribute2 : jakob
CustomAttribute3 : jakob@adventureworks.dk
CustomAttribute4 : Mailbox migration completed
CustomAttribute5 : User mailbox
CustomAttribute6 :
CustomAttribute7 :
CustomAttribute8 :
CustomAttribute9 :
CustomAttribute10 :
CustomAttribute11 :
CustomAttribute12 :
CustomAttribute13 :
CustomAttribute14 :
CustomAttribute15 :
ExtensionCustomAttribute1 : {}
ExtensionCustomAttribute2 : {}
ExtensionCustomAttribute3 : {}
ExtensionCustomAttribute4 : {}
ExtensionCustomAttribute5 : {}
PrimarySmtpAddress : jakob@adatum.dk

To retrieve the value of CustomAttribute3 from an Exchange Online recipient, run the following command:

Get-EXORecipient -Identity jakob@adatum.dk -PropertySets Custom | Select-Object Identity, PrimarySmtpAddress, CustomAttribute3

Output example:

Identity                   PrimarySmtpAddress  CustomAttribute3
--------                   ------------------  ----------------
Jakob Østergaard Nielsen   jakob@adatum.dk     jakob@adventureworks.dk

The following table show the currently available property sets for the Get-EXORecipient and Get-EXOMailbox cmdlets, and the properties contained in each set:

PropertySet Properties
Minimum Alias
DisplayName
DistinguishedName
EmailAddresses
ExchangeVersion
ExternalDirectoryObjectId
Guid
Id
Name
OrganizationId
PrimarySmtpAddress
RecipientType
RecipientTypeDetails
UserPrincipalName
AddressList AddressBookPolicy
AddressListMembership
ExternalDirectoryObjectId
GeneratedOfflineAddressBooks
HiddenFromAddressListsEnabled
OfflineAddressBook
Archive ArchiveDatabase
ArchiveDomain
ArchiveGuid
ArchiveName
ArchiveQuota
ArchiveRelease
ArchiveState
ArchiveStatus
ArchiveWarningQuota
AutoExpandingArchiveEnabled
DisabledArchiveDatabase
DisabledArchiveGuid
ExternalDirectoryObjectId
JournalArchiveAddress
Audit AuditAdmin
AuditDelegate
AuditEnabled
AuditLogAgeLimit
AuditOwner
DefaultAuditSet
ExternalDirectoryObjectId
Custom CustomAttribute1
CustomAttribute2
CustomAttribute3
CustomAttribute4
CustomAttribute5
CustomAttribute6
CustomAttribute7
CustomAttribute8
CustomAttribute9
CustomAttribute10
CustomAttribute11
CustomAttribute12
CustomAttribute13
CustomAttribute14
CustomAttribute15
ExtensionCustomAttribute1
ExtensionCustomAttribute2
ExtensionCustomAttribute3
ExtensionCustomAttribute4
ExtensionCustomAttribute5
ExternalDirectoryObjectId
Delivery AcceptMessagesOnlyFrom
AcceptMessagesOnlyFromDLMembers
AcceptMessagesOnlyFromSendersOrMembers
DeliverToMailboxAndForward
DowngradeHighPriorityMessagesEnabled ExternalDirectoryObjectId
ForwardingAddress
ForwardingSmtpAddress
GrantSendOnBehalfTo
MaxBlockedSenders
MaxReceiveSize
MaxSafeSenders
MaxSendSize
MessageCopyForSendOnBehalfEnabled
MessageCopyForSentAsEnabled
MessageRecallProcessingEnabled
MessageTrackingReadStatusEnabled
RecipientLimits
RejectMessagesFrom
RejectMessagesFromDLMembers
RejectMessagesFromSendersOrMembers
RulesQuota
Hold ComplianceTagHoldApplied
DelayHoldApplied
ExternalDirectoryObjectId
InPlaceHolds
InactiveMailboxRetireTime
LitigationHoldDate
LitigationHoldDuration
LitigationHoldEnabled
LitigationHoldOwner
Moderation BypassModerationFromSendersOrMembers
ExternalDirectoryObjectId
ModeratedBy
ModerationEnabled
SendModerationNotifications
Move ExternalDirectoryObjectId
MailboxMoveBatchName
MailboxMoveFlags
MailboxMoveRemoteHostName
MailboxMoveSourceMDB
MailboxMoveStatus
MailboxMoveTargetMDB
Policy AddressBookPolicy
DataEncryptionPolicy
EmailAddressPolicyEnabled
ExternalDirectoryObjectId
ManagedFolderMailboxPolicy
PoliciesExcluded
PoliciesIncluded
RemoteAccountPolicy
RetentionPolicy
RetentionUrl
RoleAssignmentPolicy
SharingPolicy
ThrottlingPolicy
PublicFolder DefaultPublicFolderMailbox
EffectivePublicFolderMailbox
ExternalDirectoryObjectId
IsExcludedFromServingHierarchy
IsHierarchyReady
IsHierarchySyncEnabled
IsRootPublicFolderMailbox
Quota ArchiveQuota
ArchiveWarningQuota
CalendarLoggingQuota
ExternalDirectoryObjectId
IssueWarningQuota
ProhibitSendQuota
ProhibitSendReceiveQuota
RecoverableItemsQuota
RecoverableItemsWarningQuota
RulesQuota
UseDatabaseQuotaDefaults
Resource ExternalDirectoryObjectId
IsResource
ResourceCapacity
ResourceCustom
ResourceType
RoomMailboxAccountEnabled
Retention EndDateForRetentionHold
ExternalDirectoryObjectId
OrphanSoftDeleteTrackingTime
RetainDeletedItemsFor
RetainDeletedItemsUntilBackup
RetentionComment
RetentionHoldEnabled
RetentionPolicy
RetentionUrl
SingleItemRecoveryEnabled
StartDateForRetentionHold
UseDatabaseRetentionDefaults
SCL AntispamBypassEnabled
ExternalDirectoryObjectId
SCLDeleteEnabled
SCLDeleteThreshold
SCLJunkEnabled
SCLJunkThreshold
SCLQuarantineEnabled
SCLQuarantineThreshold
SCLRejectEnabled
SCLRejectThreshold
SoftDelete ExternalDirectoryObjectId
IncludeInGarbageCollection
IsInactiveMailbox
IsSoftDeletedByDisable
IsSoftDeletedByRemove
WhenSoftDeleted
StatisticsSeed ArchiveDatabaseGuid
DatabaseGuid
ExchangeGuid
ExternalDirectoryObjectId

 

 

References:

Get-EXORecipient: https://docs.microsoft.com/en-us/powershell/module/exchange/get-exorecipient?view=exchange-ps

Properties and property sets in the EXO V2 module: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#properties-and-property-sets-in-the-exo-v2-module

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.