Active Directory and Office 365 Attribute Naming – the Ultimate Guide

AD to Azure AD Connect Metaverse to Azure AD replication

As pointed out in my previous post Active Directory and Azure AD user attribute naming is a bit of a mess!

When you have Office 365 and attributes are synchronized from your on-prem AD to your Azure AD (AAD) the attribute names appear to change in random:

  • Some attribute names may change when replicated from AD to the Azure AD Connect Metaverse
  • Some attribute names may change when replicated from the Azure AD Connect Metaverse to Azure AD

Additionally, some attribute names may change depending on what Office 365 script interface you’re using.

For reference, this is what on-premises AD <-> AAD Connect Metaverse <-> AAD replication looks like:

AD to Azure AD Connect Metaverse to Azure AD replication

Make sure to read this to fully understand Azure AD Connect replication and the Metaverse.

This article will give you a complete overview of the various attribute names that are transformed during the AD to AAD replication.

Attribute Name Changes From AD to AAD Connect Metaverse to AAD (Office 365)

First, let’s get an overview of the entire attribute mapping in the AD to AAD Connect to AAD replication (I used this script to extract the information).

The following table shows you the LDAP display name of AD user attributes, the name of the attributes in the Azure AD Connect Metaverse and the name of the attributes in Azure AD (Office 365):

AD / Metaverse / AAD – Attribute Names

ADAAD MetaverseAAD
altRecipientaltRecipientaltRecipient
assistantassistantassistant
authOrigauthOrigauthOrig
cccountryLetterCode
cncncommonName
cococountry
companycompanycompany
countryCodecountryCodecountryCode
departmentdepartmentdepartment
descriptiondescriptiondescription
dLMemRejectPermsdLMemRejectPermsdLMemRejectPerms
dLMemSubmitPermsdLMemSubmitPermsdLMemSubmitPerms
employeeIDemployeeIDemployeeID
extensionAttribute1extensionAttribute1extensionAttribute1
extensionAttribute10extensionAttribute10extensionAttribute10
extensionAttribute11extensionAttribute11extensionAttribute11
extensionAttribute12extensionAttribute12extensionAttribute12
extensionAttribute13extensionAttribute13extensionAttribute13
extensionAttribute14extensionAttribute14extensionAttribute14
extensionAttribute15extensionAttribute15extensionAttribute15
extensionAttribute2extensionAttribute2extensionAttribute2
extensionAttribute3extensionAttribute3extensionAttribute3
extensionAttribute4extensionAttribute4extensionAttribute4
extensionAttribute5extensionAttribute5extensionAttribute5
extensionAttribute6extensionAttribute6extensionAttribute6
extensionAttribute7extensionAttribute7extensionAttribute7
extensionAttribute8extensionAttribute8extensionAttribute8
extensionAttribute9extensionAttribute9extensionAttribute9
facsimileTelephoneNumberfacsimileTelephoneNumberfacsimileTelephoneNumber
givenNamegivenNamegivenName
homePhonehomePhonehomePhone
infoinfoinfo
initialsinitialsinitials
ipPhoneipPhoneipPhone
llcity
legacyExchangeDNlegacyExchangeDNlegacyExchangeDN
mailmailmail
mailNicknamemailNicknamealias
managermanagermanager
middleNamemiddleNamemiddleName
mobilemobilemobile
msDS-HABSeniorityIndexmsDS-HABSeniorityIndexmsDsHabSeniorityIndex
msDS-PhoneticDisplayNamemsDS-PhoneticDisplayNamemsDsPhoneticDisplayName
msExchArchiveGUIDmsExchArchiveGUIDmsExchArchiveGuid
msExchArchiveNamemsExchArchiveNamemsExchArchiveName
msExchAssistantNamemsExchAssistantNamemsExchAssistantName
msExchAuditAdminmsExchAuditAdminmsExchAuditAdmin
msExchAuditDelegatemsExchAuditDelegatemsExchAuditDelegate
msExchAuditDelegateAdminmsExchAuditDelegateAdminmsExchAuditDelegateAdmin
msExchAuditOwnermsExchAuditOwnermsExchAuditOwner
msExchBlockedSendersHashmsExchBlockedSendersHashmsExchBlockedSendersHash
msExchBypassAuditmsExchBypassAuditmsExchBypassAudit
msExchDelegateListLinkmsExchDelegateListLinkmsExchDelegateListLink
msExchELCExpirySuspensionEndmsExchELCExpirySuspensionEndmsExchElcExpirySuspensionEnd
msExchELCExpirySuspensionStartmsExchELCExpirySuspensionStartmsExchElcExpirySuspensionStart
msExchELCMailboxFlagsmsExchELCMailboxFlagsmsExchElcMailboxFlags
msExchEnableModerationmsExchEnableModerationmsExchEnableModeration
msExchHideFromAddressListsmsExchHideFromAddressListsmsExchHideFromAddressLists
msExchImmutableIdmsExchImmutableIdmsExchImmutableId
msExchLitigationHoldDatemsExchLitigationHoldDatemsExchLitigationHoldDate
msExchLitigationHoldOwnermsExchLitigationHoldOwnermsExchLitigationHoldOwner
msExchMailboxAuditEnablemsExchMailboxAuditEnablemsExchMailboxAuditEnable
msExchMailboxAuditLogAgeLimitmsExchMailboxAuditLogAgeLimitmsExchMailboxAuditLogAgeLimit
msExchMailboxGuidmsExchMailboxGuidmsExchMailboxGuid
msExchModeratedByLinkmsExchModeratedByLinkmsExchModeratedByLink
msExchModerationFlagsmsExchModerationFlagsmsExchModerationFlags
msExchRecipientDisplayTypemsExchRecipientDisplayTypemsExchRecipientDisplayType
msExchRemoteRecipientTypemsExchRemoteRecipientTypemsExchRemoteRecipientType
msExchRequireAuthToSendTomsExchRequireAuthToSendTomsExchRequireAuthToSendTo
msExchResourceCapacitymsExchResourceCapacitymsExchResourceCapacity
msExchResourceDisplaymsExchResourceDisplaymsExchResourceDisplay
msExchResourceMetaDatamsExchResourceMetaDatamsExchResourceMetadata
msExchResourceSearchPropertiesmsExchResourceSearchPropertiesmsExchResourceSearchProperties
msExchRetentionCommentmsExchRetentionCommentmsExchRetentionComment
msExchRetentionURLmsExchRetentionURLmsExchRetentionUrl
msExchSafeRecipientsHashmsExchSafeRecipientsHashmsExchSafeRecipientsHash
msExchSafeSendersHashmsExchSafeSendersHashmsExchSafeSendersHash
msExchSenderHintTranslationsmsExchSenderHintTranslationsmsExchSenderHintTranslations
msExchUsageLocationusageLocationusageLocation
objectSidobjectSidonPremiseSecurityIdentifier
otherFacsimileTelephoneNumberotherFacsimileTelephoneNumberotherFacsimileTelephoneNumber
otherHomePhoneotherHomePhoneotherHomePhone
otherIpPhoneotherIpPhoneotherIpPhone
otherMobileotherMobileotherMobile
otherPagerotherPagerotherPager
otherTelephoneotherTelephoneotherTelephone
pagerpagerpager
physicalDeliveryOfficeNamephysicalDeliveryOfficeNamephysicalDeliveryOfficeName
postalCodepostalCodepostalCode
postOfficeBoxpostOfficeBoxpostOfficeBox
preferredLanguagepreferredLanguagepreferredLanguage
proxyAddressesproxyAddressesproxyAddresses
publicDelegatespublicDelegatespublicDelegates
pwdLastSetpwdLastSetlastPasswordChangeTimestamp
sAMAccountNameaccountNameonPremisesSamAccountName
snsnsurname
stststate
streetAddressstreetAddressstreetAddress
targetAddresstargetAddresstargetAddress
telephoneAssistanttelephoneAssistanttelephoneAssistant
telephoneNumbertelephoneNumbertelephoneNumber
thumbnailPhotothumbnailPhotothumbnailPhoto
titletitletitle
unauthOrigunauthOrigunauthOrig
urlurlurl
userAccountControlaccountEnabledaccountEnabled
wWWHomePagewWWHomePagewWWHomePage

(The list may differ from your installation depending on what Active Directory extensions you have made)

The keen eye will spot in the above table that some attribute names are changing during replication.

The table below lists the attributes that change their name during transit from AD via the Metaverse to Azure AD:

AD / Metaverse / AAD – Attribute Name Changes

ADAAD MetaverseAAD
cccountryLetterCode
cncncommonName
cococountry
llcity
mailNicknamemailNicknamealias
msDS-HABSeniorityIndexmsDS-HABSeniorityIndexmsDsHabSeniorityIndex
msDS-PhoneticDisplayNamemsDS-PhoneticDisplayNamemsDsPhoneticDisplayName
msExchUsageLocationusageLocationusageLocation
objectSidobjectSidonPremiseSecurityIdentifier
pwdLastSetpwdLastSetlastPasswordChangeTimestamp
sAMAccountNameaccountNameonPremisesSamAccountName
snsnsurname
stststate
userAccountControlaccountEnabledaccountEnabled

Summary

It’s clear from the above table that you need to address certain attributes by different naming depending on your “point of entry”. On-premises Active Directory may use different attribute names than your Azure AD!

This is further complicated by the fact that your PowerShell scripting interfaces also change some of the names as described here.