Search code examples
azureazure-active-directoryazure-storage

add an extended property in Azure Ad which will be accessible across groups in AD

i wanted to add an extended property in Azure Ad which will be accessible across groups in AD.Got this POST https://graph.windows.net/contoso.com/applications//extensionProperties?api-version=1.21-preview { “name”: “skypeId”, “dataType”: “String”, “targetObjects”: [“User”] }

Wanted to understand 2 things which the document is not clear to me on:- 1.if the "targetObjects" is specified as user will the extended property appear across groups as well as users in an application 2.can this be done directly via azure portal without using the https://graphexplorer.cloudapp.net/ as mentioned in the document https://msdn.microsoft.com/library/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions#RegisterAnExtension

Does anybody have an idea on this?

Solution

  • if the "targetObjects" is specified as user will the extended property appear across groups as well as users in an application

    You set the "targetObjects" as the user, that means this extended property will be added in the user's attributes and also can appear across groups as well as users in this application.

    can this be done directly via the Azure portal

    For now, you cannot do this via the Azure portal. You could do this by using Azure AD Graph API(you tried) or Microsoft Graph API, or you can also use AAD PowerShell.

    If you persist in doing this via the portal, the B2C portal is suggested for you. You could manually define a custom attribute for the user. For the details, you could read this doc.

    Using Microsoft Graph API:

    POST https://graph.microsoft.com/v1.0/schemaExtensions
Content-type: application/json

{
    "id":"graphlearn_courses",
    "description": "Graph Learn training courses extensions",
    "targetTypes": [
        "Group"
    ],
    "properties": [
        {
            "name": "courseId",
            "type": "Integer"
        },
        {
            "name": "courseName",
            "type": "String"
        },
        {
            "name": "courseType",
            "type": "String"
        }
    ]
}

    For the details, you could read here.

    Using AAD PowerShell:

    Set-AzureADUserExtension
   -ObjectId <String>
   -ExtensionName <String>
   -ExtensionValue <String>
   [<CommonParameters>]

    For the details, you could refer to here.