Recently I received an interesting question regarding extracting extensionAttribute data from Azure AD. Apparently this seems simple, but the information is not available through standard Azure AD PowerShell not the Azure AD portal.
In Azure AD Connect, by standard the extensionAttribute# values gets synchronized from the on-premises Active Directory to Azure AD via the following synchronization rules:
From a Mailbox user in Active Directory to the Azure AD Connect Metaverse:
In from AD – User Common from Exchange
From a User account in Active Directory to the Azure AD Connect Metaverse:
In from AD – User Common
From an Azure AD Connect Metaverse person to the Azure AD synched user object:
Out to AAD – User ExchangeOnline
Extension attributes are initially introduced by the Exchange schema, and reading these values require Exchange Online PowerShell.
Also, in Exchange Online, the data from extensionAttribute# are stored as CustomAttribute#.
To simplify output from the Get-EXO* cmdlets, certain output properties are categorized into related property sets, which basically are “groups” of related output properties, with the purpose of ensuring that data retrieval does not get slow and bloated.
To get values of all properties in the “Custom” property set for an Exchange Online recipient, run the following command:
Get-EXORecipient –Identity jakob@adatum.dk -PropertySets Custom
Output example:
ExternalDirectoryObjectId : abc12345-7890-abcd-1234-56789abcdefg Identity : Jakob Østergaard Nielsen Name : Jakob Østergaard Nielsen CustomAttribute1 : CustomAttribute2 : jakob CustomAttribute3 : jakob@adventureworks.dk CustomAttribute4 : Mailbox migration completed CustomAttribute5 : User mailbox CustomAttribute6 : CustomAttribute7 : CustomAttribute8 : CustomAttribute9 : CustomAttribute10 : CustomAttribute11 : CustomAttribute12 : CustomAttribute13 : CustomAttribute14 : CustomAttribute15 : ExtensionCustomAttribute1 : {} ExtensionCustomAttribute2 : {} ExtensionCustomAttribute3 : {} ExtensionCustomAttribute4 : {} ExtensionCustomAttribute5 : {} PrimarySmtpAddress : jakob@adatum.dk
To retrieve the value of CustomAttribute3 from an Exchange Online recipient, run the following command:
Get-EXORecipient -Identity jakob@adatum.dk -PropertySets Custom | Select-Object Identity, PrimarySmtpAddress, CustomAttribute3
Output example:
Identity PrimarySmtpAddress CustomAttribute3 -------- ------------------ ---------------- Jakob Østergaard Nielsen jakob@adatum.dk jakob@adventureworks.dk
The following table show the currently available property sets for the Get-EXORecipient and Get-EXOMailbox cmdlets, and the properties contained in each set:
PropertySet | Properties |
Minimum | Alias DisplayName DistinguishedName EmailAddresses ExchangeVersion ExternalDirectoryObjectId Guid Id Name OrganizationId PrimarySmtpAddress RecipientType RecipientTypeDetails UserPrincipalName |
AddressList | AddressBookPolicy AddressListMembership ExternalDirectoryObjectId GeneratedOfflineAddressBooks HiddenFromAddressListsEnabled OfflineAddressBook |
Archive | ArchiveDatabase ArchiveDomain ArchiveGuid ArchiveName ArchiveQuota ArchiveRelease ArchiveState ArchiveStatus ArchiveWarningQuota AutoExpandingArchiveEnabled DisabledArchiveDatabase DisabledArchiveGuid ExternalDirectoryObjectId JournalArchiveAddress |
Audit | AuditAdmin AuditDelegate AuditEnabled AuditLogAgeLimit AuditOwner DefaultAuditSet ExternalDirectoryObjectId |
Custom | CustomAttribute1 CustomAttribute2 CustomAttribute3 CustomAttribute4 CustomAttribute5 CustomAttribute6 CustomAttribute7 CustomAttribute8 CustomAttribute9 CustomAttribute10 CustomAttribute11 CustomAttribute12 CustomAttribute13 CustomAttribute14 CustomAttribute15 ExtensionCustomAttribute1 ExtensionCustomAttribute2 ExtensionCustomAttribute3 ExtensionCustomAttribute4 ExtensionCustomAttribute5 ExternalDirectoryObjectId |
Delivery | AcceptMessagesOnlyFrom AcceptMessagesOnlyFromDLMembers AcceptMessagesOnlyFromSendersOrMembers DeliverToMailboxAndForward DowngradeHighPriorityMessagesEnabled ExternalDirectoryObjectId ForwardingAddress ForwardingSmtpAddress GrantSendOnBehalfTo MaxBlockedSenders MaxReceiveSize MaxSafeSenders MaxSendSize MessageCopyForSendOnBehalfEnabled MessageCopyForSentAsEnabled MessageRecallProcessingEnabled MessageTrackingReadStatusEnabled RecipientLimits RejectMessagesFrom RejectMessagesFromDLMembers RejectMessagesFromSendersOrMembers RulesQuota |
Hold | ComplianceTagHoldApplied DelayHoldApplied ExternalDirectoryObjectId InPlaceHolds InactiveMailboxRetireTime LitigationHoldDate LitigationHoldDuration LitigationHoldEnabled LitigationHoldOwner |
Moderation | BypassModerationFromSendersOrMembers ExternalDirectoryObjectId ModeratedBy ModerationEnabled SendModerationNotifications |
Move | ExternalDirectoryObjectId MailboxMoveBatchName MailboxMoveFlags MailboxMoveRemoteHostName MailboxMoveSourceMDB MailboxMoveStatus MailboxMoveTargetMDB |
Policy | AddressBookPolicy DataEncryptionPolicy EmailAddressPolicyEnabled ExternalDirectoryObjectId ManagedFolderMailboxPolicy PoliciesExcluded PoliciesIncluded RemoteAccountPolicy RetentionPolicy RetentionUrl RoleAssignmentPolicy SharingPolicy ThrottlingPolicy |
PublicFolder | DefaultPublicFolderMailbox EffectivePublicFolderMailbox ExternalDirectoryObjectId IsExcludedFromServingHierarchy IsHierarchyReady IsHierarchySyncEnabled IsRootPublicFolderMailbox |
Quota | ArchiveQuota ArchiveWarningQuota CalendarLoggingQuota ExternalDirectoryObjectId IssueWarningQuota ProhibitSendQuota ProhibitSendReceiveQuota RecoverableItemsQuota RecoverableItemsWarningQuota RulesQuota UseDatabaseQuotaDefaults |
Resource | ExternalDirectoryObjectId IsResource ResourceCapacity ResourceCustom ResourceType RoomMailboxAccountEnabled |
Retention | EndDateForRetentionHold ExternalDirectoryObjectId OrphanSoftDeleteTrackingTime RetainDeletedItemsFor RetainDeletedItemsUntilBackup RetentionComment RetentionHoldEnabled RetentionPolicy RetentionUrl SingleItemRecoveryEnabled StartDateForRetentionHold UseDatabaseRetentionDefaults |
SCL | AntispamBypassEnabled ExternalDirectoryObjectId SCLDeleteEnabled SCLDeleteThreshold SCLJunkEnabled SCLJunkThreshold SCLQuarantineEnabled SCLQuarantineThreshold SCLRejectEnabled SCLRejectThreshold |
SoftDelete | ExternalDirectoryObjectId IncludeInGarbageCollection IsInactiveMailbox IsSoftDeletedByDisable IsSoftDeletedByRemove WhenSoftDeleted |
StatisticsSeed | ArchiveDatabaseGuid DatabaseGuid ExchangeGuid ExternalDirectoryObjectId |
References:
Get-EXORecipient: https://docs.microsoft.com/en-us/powershell/module/exchange/get-exorecipient?view=exchange-ps
Properties and property sets in the EXO V2 module: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#properties-and-property-sets-in-the-exo-v2-module