Azure AD Connect sometimes renames attributes when replicating your on-premises AD to Azure AD/Office 365. This can lead to some confusion.
I recently published this table to show exactly what user attributes are renamed.
This post will show you in detail how that table was generated using PowerShell.
How to Extract the Azure AD Connect Synchronization Rules With PowerShell
Azure AD Connect includes a Synchronization Rules Editor. It’s a great tool for quickly reviewing specific rules. But getting an overview of all user synchronization rules is not easy.

Fortunately, the Azure AD Connect synchronization engine has an extensive PowerShell API. After importing the ADSync module you can view all synchronization rules using the Get-ADSyncRule commandlet:
The same command can of course be used to see specifics of individual synchronization rules. In this case the “In from AD – User Common” rule:
The AttributeFlowMappings attribute holds the information about the mappings (or transformations) of the user attributes for this specific synchronization rule:
Creating a Script to Show Attribute Names for AD, the Metaverse and AAD
We now pretty much have all the building blocks we need to create a script that will show us:
- The attribute name in our on-premises Active Directory (AD)
- The name for the same attribute in the Azure AD Connect Metaverse (Metaverse)
- The name for the same attribute in the Azure Active Directory (AAD)
The mapping can be done in different ways, but this is how I will do it:
- Create a hash list with AD to Metaverse attribute naming references
- Create a hash list with Metaverse to AAD attribute naming reference
- Pair the two to get the AD to Metaverse to AAD attribute naming reference
This is what the final script looks like:
- Import-Module ADSync
- $In = @{ }
- $Out = @{ }
- # Get all Metaverse rules for inbound replication from on-premises AD
- $InboundRules = Get-ADSyncRule | ? { $_.Name -like '*In from AD - User*' } | % { $_.AttributeFlowMappings | Select-Object -Property Source, Destination }
- ($InboundRules | Sort-Object -Property Source | Get-Unique -AsString) | % {
- If ([string]$_.Source -ne '' -and ([string]$_.Source).IndexOf(" ") -le 0 -and -Not $In.Contains([string]$_.Source)) {
- $In.Add([string]$_.Source, [string]$_.Destination)
- }
- }
- # Get all Metaverse rules for outbound replication to Azure AD
- $OutboundRules = Get-ADSyncRule | ? { $_.Name -like '*Out to AAD - User*' } | % { $_.AttributeFlowMappings | Select-Object -Property Source, Destination }
- ($OutboundRules | Sort-Object -Property Source | Get-Unique -AsString) | % {
- If (-Not $Out.Contains([string]$_.Source)) {
- $Out.Add([string]$_.Source, [string]$_.Destination)
- }
- }
- # Pair the inbound and outbound rule attributes
- $InOut = [System.Collections.ArrayList]@()
- $In.Keys | % {
- $InOutObject = [PSCustomObject]@{
- AD = $_
- Metaverse = $In[$_]
- AAD = $Out[$In[$_]]
- }
- $InOut += $InOutObject
- }
- $InOut | Sort-Object -Property AD
Depending on what schema extensions you have, the output will look similar to this:
And that’s it, there you have the list. I hope you enjoyed this small tour of Azure AD Connect synchronization rule attribute mapping and renaming 🙂