Attribute mapping - Active Directory to Microsoft Entra ID
Article
You can use the cloud sync attribute mapping feature to map attributes between your on-premises user or group objects and the objects in Microsoft Entra ID.
The following document guides you through attribute scoping with Microsoft Entra Cloud Sync for provisioning from Active Directory to Microsoft Entra ID. If you're looking for information on attribute mapping from Microsoft Entra ID to AD, see Attribute mapping - Microsoft Entra ID to Active Directory.
You can customize (change, delete, or create) the default attribute mappings according to your business needs. For a list of attributes that are synchronized, see Attributes synchronized to Microsoft Entra ID.
Note
This article describes how to use the Microsoft Entra admin center to map attributes. For information on using Microsoft Graph, see Transformations.
Understand types of attribute mapping
With attribute mapping, you control how attributes are populated in Microsoft Entra ID. Microsoft Entra ID supports four mapping types:
Mapping Type
Description
Direct
The target attribute is populated with the value of an attribute of the linked object in Active Directory.
Constant
The target attribute is populated with a specific string that you specify.
The target attribute is left unmodified. However, if the target attribute is ever empty, it's populated with the default value that you specify.
Along with these basic types, custom attribute mappings support the concept of an optional default value assignment. The default value assignment ensures that a target attribute is populated with a value if Microsoft Entra ID or the target object doesn't have a value. The most common configuration is to leave this blank.
Schema updates and mappings
Cloud sync occasionally updates the schema and the list of default attributes that are synchronized. These default attribute mappings are available for new installations but won't automatically be added to existing installations. To add these mappings, you can follow the steps below.
Click on add attribute mapping
Select the Target attribute dropdown
You should see the new attributes that are available here.
Along with the type property, attribute mappings support certain attributes. These attributes depend on the type of mapping you have selected. The following sections describe the supported attribute mappings for each of the individual types. The following type of attribute mapping is available.
Direct
Constant
Expression
Direct mapping attributes
The following are the attributes supported by a direct mapping:
Source attribute: The user attribute from the source system (example: Active Directory).
Target attribute: The user attribute in the target system (example: Microsoft Entra ID).
Default value if null (optional): The value that is passed to the target system if the source attribute is null. This value is provisioned only when a user is created. It won't be provisioned when you're updating an existing user.
Apply this mapping:
Always: Apply this mapping on both user-creation and update actions.
Only during creation: Apply this mapping only on user-creation actions.
Constant mapping attributes
The following are the attributes supported by a constant mapping:
Constant value: The value that you want to apply to the target attribute.
Target attribute: The user attribute in the target system (example: Microsoft Entra ID).
Apply this mapping:
Always: Apply this mapping on both user-creation and update actions.
Only during creation: Apply this mapping only on user-creation actions.
Expression mapping attributes
The following are the attributes supported by an expression mapping:
Default value if null (optional): The value that is passed to the target system if the source attribute is null. This value is provisioned only when a user is created. It won't be provisioned when you're updating an existing user.
Target attribute: The user attribute in the target system (example: Microsoft Entra ID).
Apply this mapping:
Always: Apply this mapping on both user-creation and update actions.
Only during creation: Apply this mapping only on user-creation actions.
Add an attribute mapping - AD to Microsoft Entra ID
This module examines all the planning aspects that must be considered when implementing directory synchronization between on-premises Active Directory and Microsoft Entra ID.