When migrating users from AD (on premises) to AAD, one has two options – AAD Cloud Sync (mostly configured in the cloud – lightweight agents needed on data center) and AAD Connect Regular Sync (a larger software with it’s own 10 GB local SQL database – can be configured to use a different local DB).
  • AAD connect regular does support Directory extension attributes from AD to AAD Support for cloud sync .
  • AAD Cloud Connect Sync does not support directory attributes – extension or otherwise.
  • Remember there are three ways to get user credentials to AAD – 1. Pass Thru Auth 2. Password Hash Sync 3. ADFS Federation. The Pass Thru Authentication is NOT supported by AAD Cloud Connect Sync.

So what does this have to do with multi valued attributes?

  1. Multi valued support in Azure AD has been pending for a while.
  2. It is possible to turn multi valued attributes into multiple directory extension attributes, which could then be synced to AAD using AAD Connect (read more here ).


Need an experienced AWS/GCP/Azure/DevSecOps Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.