Multi-valued attributes with AD Connect and Azure AD

Reading Time: 2 minutes

I was working with a use case on adding multi-value attributes for dynamic groups in Azure AD. I started off looking for on-prem AD attributes we could use for the multi-value string. To find these attributes I start PowerShell to get the AD Schema loaded.

Next step was to add which optional attributes (muli-value) that I could use for testing. To filter the attributes I use the Powershell command below.

I set filter is, IsSingleValued (multi-value) to False. Just as part of the demo I selected URL as the attribute.

I added values to the URL attribute and changed AD Connect Directory extensions attributes and on AD Connect I start a deltasync with Start-ADSyncSyncCycle -PolicyType Delta

When looking into the AD Connect Metaverse Connectors I could see that the changed was applied and attribute was added, but AAD did not show any changes. I first verified that the AzureADApplicationExtensionProperty actually had synced to AAD and I could confirm this was added with the AAD Powershell command below.

To verify the values on the User object I checked the AAD extension property with the AAD PowerShell command below.

However, I could not find any values as marked in yellow question mark above. Since I could not find any values I started testing some other Multi-value Attributes and synched them to AAD. But still, I could not get this scenario to work. So after some troubleshooting, I found this article in the feedback section at Azure. As my gut feeling expected, I could see that the Azure AD team confirms that Multi-Value is not supported yet.

Leave a Reply