While working on a project for a customer, I noticed that the didn’t have a way to correlate “uniqueness” between guest identities that they create and a source of authority system. I wanted to explore using the
employeeId attribute in Azure AD as a way to set this data.
Here’s what I learned.
Where is this value located? I’m glad you asked:
If you expand
ExtensionProperty, you can see a number of values stored there:
If you synchronize identities, some values can (or will) be populated. However, in the case of guest users, they’re not.
As it turns out
Set-AzureADUser does that have ability to set values in the
ExtensionProperty value, but the directions are obtuse (at best). It’s relatively undocumented in our public documentation, so you’ve definitely come to the right place.
You can see I tried a lot of things.
Sometimes, when the error tells you it wants a dictionary, it will let you send a hash table key/value pair. This time, however, it does not.
So, what do we do?
As it turns out, we need to create an actual dictionary.
$employeeId = New-Object System.Collections.Generic.Dictionary"[String,String]" $employeeId.Add("employeeId","value") Set-AzureADUser -ObjectId <objectId> -ExtensionProperty $employeeId
Here’s how it looks in action:
In this example, I set the data type for the dictionary to be
"[String,String]". Before you get too excited,
Set-AzureADUser -ExtensionProperty only takes string data types for both parameters (ask my how I know).
But, you can still set the
ExtensionProperty to something. And that’s pretty cool.