Sync UsageLocation from Active Directory

Posted on by

Sync UsageLocation from Active Directory

Hello,

When using Office 365, you need to have some kind of sync engine. the preferred one from Microsoft is “Azure Active Directory Connect” (AADConnect). By default, it sync a lot of attributes, but each time you assign a license on a user, you still need to specify a “Usage location”, and then, a license SKU.

Sync UsageLocation from Active Directory - Usage Location GUI

Sync UsageLocation from Active Directory – Usage Location GUI

Sync UsageLocation from Active Directory – The PowerShell way

Of course, you can set this attribute with PowerShell :

Set-MsolUser -UserPrincipalName emmanuel.demilliere@itfordummies.net -UsageLocation FR
Sync UsageLocation from Active Directory - Usage Location with PowerShell

Sync UsageLocation from Active Directory – Usage Location with PowerShell

But there is a nicer way.

Sync UsageLocation from Active Directory – The rule way

Indeed, you can use a synchronization rule to do it for you. The synchronization will perform a transformation and copy the “c” attribute from your AD to the “UsageLocation” attribute of Azure AD.

You can create this rule with those lines of PowerShell on the AADConnect server :

$ADConnector = Get-ADSyncConnector | Where-Object {$_.Type -eq 'AD'} | Select-Object -ExpandProperty Identifier | Select-Object -ExpandProperty guid
$syncRule = New-ADSyncRule  -Name 'In from AD - User UsageLocation' -Identifier ([GUID]::NewGuid().Guid) -Description 'User Join with UsageLocation from C' -Direction 'Inbound' -Precedence 95 -PrecedenceAfter '00000000-0000-0000-0000-000000000000' `
    -PrecedenceBefore '00000000-0000-0000-0000-000000000000' -SourceObjectType 'user' -TargetObjectType 'person' -Connector $ADConnector -LinkType 'Join' -SoftDeleteExpiryInterval 0 -ImmutableTag ''
$syncRule = Add-ADSyncAttributeFlowMapping -SynchronizationRule $syncRule[0] -Source @('c') -Destination 'usageLocation' -FlowType 'Expression' -ValueMergeType 'Update' -Expression 'IIF(IsNullOrEmpty([c]),"US",[c])'
Add-ADSyncRule -SynchronizationRule $syncRule[0]

This rule will put “US” as the “UsageLocation in Azure AD if the “c” attribute of AD is empty. You can change this behavior by changing the expression used by the “Add-ADSyncAttributeFlowMapping” cmdlet : ‘IIF(IsNullOrEmpty([c]),”US”,[c])’.

Example

Here we can see it in action :

Sync UsageLocation from Active Directory - with the rule enabled

Sync UsageLocation from Active Directory – with the rule enabled

The “c” attribute in AD is empty for Boba Fett, but its usage location is ‘US’.

Thanks to Aaron for the tip.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.