Configuring “employeeId” with Set-AzureADUser

Configuring “employeeId” with Set-AzureADUser

5/5 - (1 vote)

While working on a project for a customer, I noticed that the didn’t have a way to correlate “uniqueness” between guest identities that they create and a source of authority system.  I wanted to explore using the employeeId attribute in Azure AD as a way to set this data.

Here’s what I learned.


Where is this value located? I’m glad you asked:

If you expand ExtensionProperty, you can see a number of values stored there:

If you synchronize identities, some values can (or will) be populated.  However, in the case of guest users, they’re not.

As it turns out Set-AzureADUser does that have ability to set values in the ExtensionProperty value, but the directions are obtuse (at best). It’s relatively undocumented in our public documentation, so you’ve definitely come to the right place.

You can see I tried a lot of things.

Sometimes, when the error tells you it wants a dictionary, it will let you send a hash table key/value pair.  This time, however, it does not.

So, what do we do?


As it turns out, we need to create an actual dictionary.

$employeeId = New-Object System.Collections.Generic.Dictionary"[String,String]"
Set-AzureADUser -ObjectId <objectId> -ExtensionProperty $employeeId

Here’s how it looks in action:

In this example, I set the data type for the dictionary to be "[String,String]".  Before you get too excited, Set-AzureADUser -ExtensionProperty only takes string data types for both parameters (ask me how I know). Once you’ve got it set, you’re kind of stuck and can’t null it out (since NULL isn’t of type STRING).  If you need to nuke the value (for now), you’ll need to agree upon a value for NULL for your organization, and then update any code to flow that value.

But, you can still set the ExtensionProperty to something.  And that’s pretty cool.


Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version