Category Archives: Active Directory

Extend local AD extension attributes to Azure AD in a non-hybrid exchange online only environment

Active Directory, Azure November 19, 2019 Leave a comment

There might be a scenario where the environment has Azure AD synced users from local Active Directory. The mailboxes will be created directly in exchange online with no hybrid configured from the underlying time as a rule for new businesses.

Usually developers for customizing the login experience for different business units in their application consume the local extension AD attributes and its usually fine for fully on premise environments.

If we have exchange installed in the environment , the active directory schema will be extended to include user extensionattributes in the exchange mailbox properties.

There is another option of Using the Exchange Server install media, extend only the local Active Directory schema. Usually this option is not recommended. Doing this would add Exchange attributes to the local Active Directory. These attributes could then be set, and Azure AD Sync would then be configured to sync these attributes to Office 365.This option requires much testing, and there is always risk associated with AD schema changes.

Even in hybrid setup these values gets populated in Exchange online via exchange hybrid configuration for all users.

In the third scenario where we do not own a exchange hybrid and if the developer is using Azure AD via graph API and expecting these values on azure AD for the customization. In this case we have a better option of extending these values from the Azure AD connect by running them again and selecting only the required AD extension attributes.

Login to Azure AD with global admin credentials and select customize synchronization options

Select directory extension attribute sync.

Here we will have the option to choose the local active directory attributes. In our case we are selecting the two atttributes extensionattribute7 and extensionattribute8 .

Once done go ahead and click on configure.

It must be working usually in this steps but in this case we did a directory refresh schema.

Selected the directory for refresh.

Now went to the local Active Directory and populated the extensionattribute8 for one user.

Once after the sync is completed we can verify if the value is populated in the azure ad via graph explorer.

Login to the graph explorer from the below url.

https://developer.microsoft.com/en-us/graph/graph-explorer

We can login with any valid credentials from your tenant.

We will be asked for the admin consent and needs to be selected based on the requirement.

Run the below query.

https://graph.microsoft.com/v1.0/me?$select=mail,jobTitle,companyName,onPremisesExtensionAttributes

For Reading on premise attributes (mail, jobTitle, company Name and onPremisesExtensionAttributes) using Graph API. You should see the extensionAttribute8 under onPremisesExtensionAttributes which is being used currently.

In our case we can see the extension attribute8 value which has been synched and available in Azure AD.

Using the directory extension option in the azure ad connect achieves this task in a lot less simpler way.

Thanks & Regards

Sathish Veerapandian

Setup Active Directory  thumbnail photo for Outlook ,Skype for Business client 

Active Directory, Exchange 2016 June 17, 2016 Leave a comment

In order to maintain identity information users of web-based applications or desktop-based applications want to set image in their account profile.

In a similar condition surfaced while working with an email server giant, MS Exchange, a query arises ‘how to setup user account image in Exchange 2016?’ As an answer to the same, the following segment will be discussing a few workarounds to let users know of the same procedure.

Prerequisites for Image to be Setup

Some parameters are applicable on the images to be uploaded on the User accounts are mentioned below:

  • The size of the image should not be more than 10KB
  • The file format of the image should be JPG (JPEG)

Ways to Set Up Account Image on Exchange Server

 Step1: Configuration of Global Catalog

The step comprises of following procedure to be followed, to configure the copy of image attributes to Global Catalog:

  • Open your machine and login to your session
  • From your keyboard, press Windows key + R to open the Run window on the screen. On that window, type regsrv32 schmmgmt.dll and press Enter

RUn

  • A ‘DIIRegisterServer in schmmgmt.dll succeded’ message box will appear as below in front of you, click on OK

PIC2

 

  • Again, press Windows key+R, type mmc and press Enter
  • Go to the menu bar of window and click on File >> Add/Remove Snap-ins >> Active Directory Schema >> Add >> OK

PIC3

  • Now expand the Active Directory Schema [<Your Server Name>] and then click on Attributes
  • In attributes list, search for thumbnailPhoto attribute and double-click on it

PIC4

  • From the options displaying in front of you, check on Replicate this attribute to the Global Catalog >> OK

 PIC5

Step 2: Import Pictures to Active Directory Users

For importing the picture that you want to set on your Exchange profile, you require a cmdlet: Import-RecipientDataProperty. The cmdlet is being used to import image in Exchange 2016.

 

You have to open command prompt window and type the following cmdlet:

Import-RecipientDataProperty-Identity <Mailbox> -Picture -FileData ([Byte[][]$(Get-Content-path<Image Path> -Encoding Byte -ReadCount 0))

 

Step 3: Validating the Procedure

To validate or check whether the image has been setup on your account or not, go to initial page of the Outlook and check whether the image has been uploaded or not. If not, then you must have performed the procedure incorrectly. In this case, repeat Step 1 and 2 until the image is not uploaded.

Conclusion

After going through the above information, we concluded with the fact that configuration of domain controller, i.e. Global Catalog is quite an important fact. If the configuration were improper, then the resultant would be that the Active Directory schema would not be activated. As a result, it was impossible to set the image on Exchange 2016. Moreover, if all goes correct, then user will successfully be able to setup account image in Exchange 2016.

Thanks & Regards
Tej Pratap

%d bloggers like this: