|
| 1 | +--- |
| 2 | +title: Create and manage custom attributes for Azure AD Domain Services | Microsoft Docs |
| 3 | +description: Learn how to create and manage custom attributes in an Azure AD DS managed domain. |
| 4 | +services: active-directory-ds |
| 5 | +author: justinha |
| 6 | +manager: amycolannino |
| 7 | + |
| 8 | +ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2 |
| 9 | +ms.service: active-directory |
| 10 | +ms.subservice: domain-services |
| 11 | +ms.workload: identity |
| 12 | +ms.topic: how-to |
| 13 | +ms.date: 03/06/2023 |
| 14 | +ms.author: justinha |
| 15 | + |
| 16 | +--- |
| 17 | +# Custom attributes for Azure Active Directory Domain Services |
| 18 | + |
| 19 | +For various reasons, companies often can’t modify code for legacy apps. For example, apps may use a custom attribute, such as a custom employee ID, and rely on that attribute for LDAP operations. |
| 20 | + |
| 21 | +Azure AD supports adding custom data to resources using [extensions](/graph/extensibility-overview). Azure Active Directory Domain Services (Azure AD DS) can synchronize the following types of extensions from Azure AD, so you can also use apps that depend on custom attributes with Azure AD DS: |
| 22 | + |
| 23 | +- [onPremisesExtensionAttributes](/graph/extensibility-overview?tabs=http#extension-attributes) are a set of 15 attributes that can store extended user string attributes. |
| 24 | +- [Directory extensions](/graph/extensibility-overview?tabs=http#directory-azure-ad-extensions) allow the schema extension of specific directory objects, such as users and groups, with strongly typed attributes through registration with an application in the tenant. |
| 25 | + |
| 26 | +Both types of extensions can be configured By using Azure AD Connect for users who are managed on-premises, or MSGraph APIs for cloud-only users. |
| 27 | + |
| 28 | +>[!Note] |
| 29 | +>The following types of extensions aren't supported for synchronization: |
| 30 | +>- Custom Security Attributes in Azure AD (Preview) |
| 31 | +>- MSGraph Schema Extensions |
| 32 | +>- MSGraph Open Extensions |
| 33 | +
|
| 34 | + |
| 35 | +## Requirements |
| 36 | + |
| 37 | +The minimum SKU supported for custom attributes is the Enterprise SKU. If you use Standard, you need to [upgrade](change-sku.md) the managed domain to Enterprise or Premium. For more information, see [Azure Active Directory Domain Pricing](https://azure.microsoft.com/pricing/details/active-directory-ds/). |
| 38 | + |
| 39 | +## How Custom Attributes work |
| 40 | + |
| 41 | +After you create a managed domain, click **Custom Attributes (Preview)** under **Settings** to enable attribute synchronization. Click **Save** to confirm the change. |
| 42 | + |
| 43 | +:::image type="content" border="true" source="./media/concepts-custom-attributes/enable.png" alt-text="Screenshot of how to enable custom attributes."::: |
| 44 | + |
| 45 | +## Enable predefined attribute synchronization |
| 46 | + |
| 47 | +Click **OnPremisesExtensionAttributes** to synchronize the attributes extensionAttribute1-15, also known as [Exchange custom attributes](/graph/api/resources/onpremisesextensionattributes?view=graph-rest-1.0). |
| 48 | + |
| 49 | +## Synchronize Azure AD directory extension attributes |
| 50 | + |
| 51 | +These are the extended user or group attributes defined in your Azure AD tenant. |
| 52 | + |
| 53 | +Select **+ Add** to choose which custom attributes to synchronize. The list shows the available extension properties in your tenant. You can filter the list by using the search bar. |
| 54 | + |
| 55 | +:::image type="content" border="true" source="./media/concepts-custom-attributes/add.png" alt-text="Screenshot of how to add directory extension attributes."::: |
| 56 | + |
| 57 | + |
| 58 | +If you don't see the directory extension you are looking for, enter the extension’s associated application appId and click **Search** to load only that application’s defined extension properties. This search helps when multiple applications define many extensions in your tenant. |
| 59 | + |
| 60 | +>[!NOTE] |
| 61 | +>If you would like to see directory extensions synchronized by Azure AD Connect, click **Enterprise App** and look for the Application ID of the **Tenant Schema Extension App**. For more information, see [Azure AD Connect sync: Directory extensions](../active-directory/hybrid/how-to-connect-sync-feature-directory-extensions.md#configuration-changes-in-azure-ad-made-by-the-wizard). |
| 62 | +
|
| 63 | +Click **Select**, and then **Save** to confirm the change. |
| 64 | + |
| 65 | +:::image type="content" border="true" source="./media/concepts-custom-attributes/select.png" alt-text="Screenshot of how to save directory extension attributes."::: |
| 66 | + |
| 67 | +Azure AD DS back fills all synchronized users and groups with the onboarded custom attribute values. The custom attribute values gradually populate for objects that contain the directory extension in Azure AD. During the backfill synchronization process, incremental changes in Azure AD are paused, and the sync time depends on the size of the tenant. |
| 68 | + |
| 69 | +To check the backfilling status, click **Azure AD DS Health** and verify the **Synchronization with Azure AD** monitor has an updated timestamp within an hour since onboarding. Once updated, the backfill is complete. |
| 70 | + |
| 71 | +## Next steps |
| 72 | + |
| 73 | +To configure onPremisesExtensionAttributes or directory extensions for cloud-only users in Azure AD, see [Custom data options in Microsoft Graph](/graph/extensibility-overview?tabs=http#custom-data-options-in-microsoft-graph). |
| 74 | + |
| 75 | +To sync onPremisesExtensionAttributes or directory extensions from on-premises to Azure AD, [configure Azure AD Connect](../active-directory/hybrid/how-to-connect-sync-feature-directory-extensions.md). |
0 commit comments