CODEWITHSUNDEEP
powershellazureactive-directory
sensei
sensei

Reputation: 7592

Adding extension property to Azure ActiveDirectory user via Power Shell

I am logged in into Azure AD that I created for test. I am trying to add extension property to user:

I first added extension type to my application: Command:

New-AzureADApplicationExtensionProperty -ObjectID 513aba62-4610-44ef-8be2-5a5e99a5e6bd -DataType "string" -Name "organisationId"

Result:

extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId

ObjectId of application: 513aba62-4610-44ef-8be2-5a5e99a5e6bd

Then I retrieved the id of extension propert: Command:

Get-AzureADApplicationExtensionProperty -ObjectId 513aba62-4610-44ef-8be2-5a5e99a5e6bd

Now I am trying to add this extension to my first user in active directory:

$User = Get-AzureADUser -Top 1
Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId -ExtensionValue "12345"

Error:

Set-AzureADUserExtension : Error occurred while executing SetUser 
Code: Request_BadRequest Message: The following extension properties
are not available for the given resource:
extension_d939d34ab3f34f5dbb6e4e5c35e5787a_organisationId. RequestId:
2cbeff0f-5b91-478a-8c64-586a4d23e4c5 DateTimeStamp: Wed, 14 Jun 2017
13:49:02 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad
Request HttpResponseStatus: Completed At line:2 char:1
+ Set-AzureADUserExtension -ObjectId $User.ObjectId -ExtensionName exte ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (:) [Set-AzureADUserExtension], ApiException
     + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.SetAzureADUserExtension

I am using these docs: https://learn.microsoft.com/en-us/powershell/module/azuread/set-azureaduserextension?view=azureadps-2.0

Upvotes: 2

Views: 9311

Answers (2)

jrg999999
jrg999999

Reputation: 21

I encountered this same issue. For me creating an AzureAD Service Principal for the application seemed to solve the problem.

# CREATE A NEW APP AND SERVICE PRINCIPAL
$MyApp = (New-AzureADApplication -DisplayName "YourNewAppName" -IdentifierUris "https://dummy").ObjectId 
New-AzureADServicePrincipal -AppId (Get-AzureADApplication -SearchString "YourNewAppName").AppId 

# CREATE A NEW EXTENSION PROPERTY IN THE APP
New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "YourPropertyName" -DataType "String" -TargetObjects "User" 

# ADD THE NEW EXTENSION PROPERTY WITH A VALUE TO A USER
$aadUser = Get-AzureADUser -ObjectId [email protected]
Set-AzureADUserExtension -ObjectId $aadUser.ObjectId -ExtensionName "yourExtensionNameReturnedAbove" -ExtensionValue "YourPropertyValue"

See: MS PowerShell AzureAD Extension Attributes Sample

Upvotes: 2

Jason Ye
Jason Ye

Reputation: 13974

For now, we can't use PowerShell to add extension property to Azure AD users. New-AzureADApplicationExtensionProperty create the extension property is not for users, we can use PowerShell command Get-AzureADUser to check it.

PS C:\Users\v-jianye> $d = get-azureaduser -ObjectId 65120ec5-3be1-4365-9d1c-b190414a830f
PS C:\Users\v-jianye> $d.ExtensionProperty

Key                         Value
---                         -----
odata.metadata              https://graph.windows.net/5b47c786-9ca0-4347-9ec8-06590cad075f/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element
odata.type                  Microsoft.DirectoryServices.User
deletionTimestamp
facsimileTelephoneNumber
onPremisesDistinguishedName

PS C:\Users\v-jianye> $c = get-azureaduser -ObjectId 9821a55c-c4c1-46dd-8471-5f99ee8e7c0d
PS C:\Users\v-jianye> $c.ExtensionProperty

Key                                                               Value
---                                                               -----
odata.metadata                                                    https://graph.windows.net/5b47c786-9ca0-4347-9ec8-06590cad075f/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element
odata.type                                                        Microsoft.DirectoryServices.User
deletionTimestamp
facsimileTelephoneNumber
onPremisesDistinguishedName
extension_70e35fde0e05483aa8ace7c8c6d3fb93_whenCreated@odata.type Edm.DateTime
extension_70e35fde0e05483aa8ace7c8c6d3fb93_whenCreated            12/6/2016 4:06:34 AM

Microsoft provides two ways to add custom data to resources using extensions, they are open extensions and schema extensions.
More details about create open extension, please refer to this link.

Upvotes: 0

Related Questions