Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell

In this post, we will look into the simple process of syncing an Azure AD property to SharePoint Online.

In SharePoint on-premise, we know that administrators are able to configure the synchronization of values from different sources to SharePoint User Profile application; however, it is quite different in synchronization of values from Azure Active Directory (AAD) to the SharePoint User Profile Service Application (UPA).

While working in SharePoint Online project, I implemented a very interesting task to sync a property from Azure Active Directory to SharePoint Online.

In SharePoint Online, you can see User Profile properties of a user ("SharePoint Admin Centre > User Profiles > Manage User Profiles > Edit User Profile") as below.

Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 
 
Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 

First, let’s understand the Azure Active Directory (AAD) mailbox's structure and the custom attributes (Go to Exchange Admin -> mailboxes).

Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 

Double-click the username (in my case, it was Vipul Jain). Then, a window will open where we can set the Custom Attribute or property.

Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 
 
Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 

In my requirement, I needed to update a custom property, i.e., Circle, available in SharePoint Online with the value of the above custom attribute value (I took the 5th attribute, so in PowerShell code, we need to specify CustomAttribute5).

Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 
Fig: Initially Circle Property is Blank

Prerequisites

To run the PowerShell, install the following.

  • Download and install MS Online Sign-in Assistant from the URL: https://www.microsoft.com/en-us/download/details.aspx?id=41950

    Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell
  • Download and install Office365 CSOM Package from this URL: https://www.microsoft.com/en-us/download/details.aspx?id=42038

    Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell
  • Download and install SharePoint Online Module from this URL: https://www.microsoft.com/en-us/download/details.aspx?id=35588

    Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell
  • Run the below command to check the version of PowerShell.
    $PSVersionTable.PSVersion

NOTE
If the PowerShell version is less than or equal to 3, then update the PowerShell version.

In my case, below is the screenshot of the PowerShell version.

Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 

Steps for running the PowerShell

  • Open the SharePoint Online Management Shell and Run as Administrator.
  • Run the below commands,

    [Install-Module -Name AzureRM –AllowClobber] –> Yes to all
    [Install-Module MSonline] –> Yes to all
    [Install -Module Microsoft.Online.SharePoint.PowerShell] –> Yes to all
  • Use the below command to connect to Office 365 environment.

    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “https://ps.outlook.com/powershell/” -Credential $cred -Authentication Basic -AllowRedirection
  • Import the variable created in step 3.

    Import-PSSession $session–AllowClobber

Once the above steps are executed in SharePoint Online Management Shell, run the below PowerShell code to update the “Circle” property.

  1. Import-Module MSOnline  
  2. Import-Module Microsoft.Online.SharePoint.PowerShell  
  3.  
  4. # add SharePoint CSOM libraries  
  5. Import-Module 'C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll'  
  6. Import-Module 'C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll'  
  7. Import-Module 'C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll'  
  8.  
  9. # Defaults  
  10. $spoAdminUrl = https://tenant-admin.sharepoint.com  
  11. $overwriteExistingSPOUPAValue = "True"  
  12.  
  13. # Get credentials of account that is AzureAD Admin and SharePoint Online Admin  
  14. $credential = Get-Credential  
  15. Try {  
  16.     # Connect to AzureAD  
  17.     Connect-MsolService -Credential $credential  
  18.  
  19.     # Get credentials for SharePointOnline  
  20.     $spoCredentials=New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.GetNetworkCredential().Username, (ConvertTo-SecureString $credential.GetNetworkCredential().Password -AsPlainText -Force))  
  21.     $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($spoAdminUrl)  
  22.     $ctx.Credentials = $spoCredentials  
  23.     $spoPeopleManager = New-Object Microsoft.SharePoint.Client.UserProfiles.PeopleManager($ctx)  
  24.  
  25.     # Get all AzureAD Users  
  26.     $AzureADUsers = Get-MSolUser -All  
  27.   
  28.     ForEach ($AzureADUser in $AzureADUsers) {  
  29.           
  30.          $targetUPN = $AzureADUser.UserPrincipalName.ToString()  
  31.           if ($targetUPN -eq "user_name") {     
  32.             
  33.          $displayName =(get-mailbox $targetUPN).CustomAttribute5  
  34.          
  35.         $targetUPN = $AzureADUser.UserPrincipalName.ToString()  
  36.         $targetSPOUserAccount = ("i:0#.f|membership|" + $targetUPN)  
  37.  
  38.         # Check to see if the AzureAD User has a displayName specified  
  39.         if (!([string]::IsNullOrEmpty($displayName))) {  
  40.             # Get the existing value of the SPO User Profile Property Circle  
  41.             $targetUserTestCircle = $spoPeopleManager.GetUserProfilePropertyFor($targetSPOUserAccount, "Circle")  
  42.             $ctx.ExecuteQuery()  
  43.   
  44.             $userTestCircle = $targetUserTestCircle.Value  
  45.  
  46.             # If target property is empty let's populate it  
  47.             if ([string]::IsNullOrEmpty($userTestCircle)) {  
  48.                 $targetspoUserAccount= ("i:0#.f|membership|" + $AzureADUser.UserPrincipalName.ToString())  
  49.                 $spoPeopleManager.SetSingleValueProfileProperty($targetspoUserAccount, "Circle", $displayName)  
  50.                 $ctx.ExecuteQuery()  
  51.             }  
  52.             else {  
  53.                 # Target property is not empty  
  54.                 # Check to see if we're to overwrite existing property value  
  55.                 if ($overwriteExistingSPOUPAValue -eq "True") {  
  56.                     $targetspoUserAccount = ("i:0#.f|membership|" + $AzureADUser.UserPrincipalName.ToString())  
  57.                     $spoPeopleManager.SetSingleValueProfileProperty($targetspoUserAccount, "Circle", $displayName)  
  58.                     $ctx.ExecuteQuery()  
  59.                 }  
  60.                 else {  
  61.                     # Not going to overwrite existing property value  
  62.                     Write-Output "Target SPO UPA Circle is not empty for $targetUPN and we're to preserve existing properties"  
  63.                 }  
  64.             }  
  65.         }  
  66.         else {  
  67.             # AzureAD User displayName is empty, nothing to do here  
  68.             Write-Output "AzureAD displayName Property is Null or Empty for $targetUPN"  
  69.         }  
  70.     }  
  71. }  
  72. }  
  73. Catch {  
  74.     [Exception]  
  75.     echo $_.Exception.GetType().FullName, $_.Exception.Message  
  76. }  

NOTE
Update the SharePoint tenant details, custom attribute number, and custom SharePoint user profile property name in the above code based on your requirement.

Here is the important command used in the above code.

Get-Mailbox
 
This cmdlet is used to view the mailbox objects and attributes, populate property pages, or supply mailbox information to other tasks.

Output

Once the above PowerShell code is executed in SharePoint Online Management Shell, the property is updated as shown below.

Sync A Property From Azure Active Directory To SharePoint Online Using PowerShell 

Summary

In this article, we studied how we can update a custom user profile property in SharePoint Online (Office 365) from Azure Active Directory using PowerShell. In continuation to this, in the next article, I will write about how we can schedule the PowerShell script using Windows Task Scheduler.

Happy Coding!!