(Cloud) Tip of the Day: AAD Sync: Sync empty attribute

Today’s (Cloud) Tip…

One of the new features of AAD Sync allows you to configure which attributes (supported of course) you don’t want to synchronize to the cloud. Usually when you remove an attribute from scope, the value will remain in the cloud.

Here is a tip to empty the value of an attribute that was recently removed from scope…

1. Start “Synchronization Service”. Find “Connectors” and identify the AAD Connector.
2. Then click “Properties”, and “Select Attributes”. Find the attribute you removed in the wizard and re-select the attribute.
3. Run a “full import” on the AAD Connector. This will bring in the attribute into the Sync Engine so we can manage it.
4. Start the Sync Rule Editor. Go to “Outbound” and create a new outbound Sync Rule. Create the rule like this (scope and join should be empty): In my example, I will empty out the givenName attribute.

1. Run a full sync on your source MA. This will stage a delete on this attribute(s) for all users.
2. Run an export on the AAD Connector to delete the attribute.
3. Delete the Sync Rule you created.
4. Go back to “Synchronization Service”. Find “Connectors” and identify the AAD Connector. Then click “Properties”, and “Select Attributes”. Find the attribute and de-select it again.