Share via

Azure AD provisioning problem with referential attributes.

Alex Wilhelmsen 41 Reputation points
2022-03-01T12:36:55.597+00:00

Azure AD provisioning is an amazing tool and we are maybe stretching it to its limit. We have Workday as our HRMS.
New hires are getting flawlessly provisioned into on-prem Active Directory.

However, we don't want all attributes synchronized until the first day in the office. This is done with the following expression:

IIF(DateDiff("d", CDate([StatusHireDate]), Now())>=0, [SupervisoryOrganization], "")

This works fine for all attributes except manager.

IIF(DateDiff("d", CDate([StatusHireDate]), Now())>=0, [ManagerReference], "")

According to documentation, it is due to: "The function should not be used for referential attributes such as manager."
Does anybody have a workaround or are there any updates for the Azure AD provisioning solving this?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,974 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,019 questions
0 comments
Accepted answer
  1. Limitless Technology 44,741 Reputation points
    2022-03-02T11:51:01.48+00:00

    Hello @Alex Wilhelmsen

    Unfortunately it seems that it is a hardcoded requirement, likely due to avoid NULL attritbute issues later.

    You can find more information and the official statement in: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data

    Hope this helps with your query,

    --
    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Lundell 86 Reputation points
    2025-06-08T03:41:54.59+00:00

    I know this is an oldie but just in case someone else has the same type of question ...

    If the real objective is to keep users from showing up in the Organization Charts in O365 you could do a flow like this

    IIF(DateDiff("d", CDate([StatusHireDate]), Now())>=0, "True", "False")

    If you Flow this into ShowInAddressLists this should keep the user from appearing in the Global Address List (GAL) and hence from showing up in the Org Charts.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.