The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Azure Active Directory Domain Services: Portal Created Accounts sync different than GraphAPI Created Ones RRS feed

  • Question

  • Hi @All

    We created a nice looking registration Page to allow specific users to create an account in our Azure AD which has DS enabled. The registration Page is an trusted "App" in the AAD and creates users by using the Azure Graph Libraries as described here http://justazure.com/azure-active-directory-part-5-graph-api/.

    When it comes to account creation, everything works fine, expect one neat detail. Accounts created via the Azure Management Portal own the attribute "userName" which gets populated to the AAD DS, where as accounts created via the Graph API don't have such an attribute.

    See the POST request to the Azure Management Portal when creating a new user, not sure if this only UI, but probably this is additional information which is user for defining the username in DS.

    Compared with users create by the Graph API, the attributes synced to the AAD DS are significantly different.

    Max Muster was create by using the Portal (like one one above) where Michael Schnyder was created by the Graph API.

    What i found is different

    - CN
    - distinguishedName
    - name
    - sAMAccountName

    Question: How can the Graph API be called to that the AAD DS behaves the same as for users create in the Management Portal?

    BTW: This editor is a too small. buggy just a shame for such a modern and forward looking company. Please update / migrate asap... How do you appreciate customer feedback when this channel is almost unusable?

    Sunday, February 7, 2016 1:08 PM

All replies

  • Hello,

    We are researching on the query and would get back to you soon on this.

    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,

    Sadiqh

    Monday, February 8, 2016 8:39 AM
  • Hi Sadiqh

    I found out that the MailNickname is the corresponding field when using the GraphAPI directly. So, the value set in the MailNickname becomes the attribute "Name" and "sSAMAccount" in the AAD DS LDAP/AD after synchronization.

    But I'm still questioning for a complete list of the synchronized values and their assignments from AAD to AAD DS.

    Tuesday, February 16, 2016 3:42 PM
  • Thanks Max

    So is it correct to say that the synchronization from AAD --> AAD DS is the same as OnPremise Windows AD -> AAD?

    Michael

    Monday, February 29, 2016 4:37 PM
  • Michael,

    Can you explain what AAD --> AAD DS means? 

    As for on premise to AAD, depends on the tool you are using to sync the information.

    I would suggest investigating the Microsoft Graph API for working with your user objects:
    https://graph.microsoft.io/en-us/

    Regards,
    MaxV (msft)

    Friday, March 18, 2016 8:09 PM
  • Hi Max

    Well you referred to the documentation of DirSync, which (as far as i understood) is synchronizing a on-premises active directory with a Azure Active Directory.

    Our setup is slightly different. We use AAD as a primary directory and enabled Azure Active Directory Domain Services for our Azure hosted Virtual Machines. So with AAD --> AAD DS I meant the synchonization between the AAD and the Domain Services we enabled in our environment.

    So we basically dont use DirSync. And the question is now, why do you refer that? Did you miss something or is the Azure Active Director Domain Services -Feature actually built with DirSync?

    Michael

    Saturday, March 26, 2016 9:57 AM