Entra ID Schema Extension with custom Namespace
I'm currently playing with schema extension and custom namespaces around and I get some strange error messages - maybe some of you know how to deal with it:
According to M$ documentation: domains with following tld's are supported to create schema extensions: .org. net. com
I've created the following Graph Query:
$Query = @{
Method = "POST"
Headers = @{
Authorization = ("Bearer " + $JWT)
}
URI = "https://graph.microsoft.com/v1.0/schemaExtensions"
ContentType = "application/json"
Body = @{
id = 'd***demo.com_CustomAttributes'
description = 'Custom Attribute für das Entra ID'
targetTypes = @(
'Group'
)
properties = @(
@{
name = 'SomeFancyAttribute1'
type = 'Boolean'
}
)
} | ConvertTo-Json
}
Invoke-RestMethod @Query
While posting this Schema Extension, Graph replied with:
"Your organization must own the namespace d***demo.com as a part of one of the verified domains."
But the Domain is added and verified....
$Query = @{
Method = "GET"
Headers = @{
Authorization = ("Bearer " + $JWT)
}
URI = "https://graph.microsoft.com/v1.0/domains/d***demo.com"
ContentType = "application/json"
}
Invoke-RestMethod @Query
Did anyone of you had a similar experience and could tell me how to solve this or is Microsoft just doing Microsoft things?
I'm not 100% sure of this, please verify if this works for you.
The documentation says this:
If you already have a vanity .com,.net, .gov, .edu or a .org domain that's verified with your tenant, you can use the domain name along with the schema name to define a unique name, in this format {domainName}_{schemaName}. For example, if your vanity domain is contoso.com, you can define an id of contoso_mySchema. This option is highly recommended.
So your id should be:
id = 'd***demo_CustomAttributes'
- Get all user properties from Microsoft graph
- ASP.NET Azure AD / Entra Authentication - App roles in token, but not being assigned to principal
- How to do azure single sign on with next.js 14 and App Router
- Azure ClientCertificateCredential - Using SNI
- Entra ID Schema Extension with custom Namespace
- MSAL Node service & The Partner Center API
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Authenticating to Sharepoint Online Site via React SPA in MS Teams personal Tab
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- MSAL library fails to parse token in Chromium based browsers
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- EntraID: how to pass application roles downstream
- During signIn receiving B2C error code ‘AADB2C99059’
- How can I read local MS Teams status
- How to find the tenant where a multi-tenant AAD application was registered
- Azure AD permissions for MS Forms
- ASP.NET Core app running on IIS gives Http Error 401.2-Unauthorize
- Azure Active Directory skip account selection on logout
- Azure active directory - Get access token using Azure CLI
- Azure B2C / WPF - Handling a failed MFA verification flow
- How do I display Job Title in my Next Auth app
- Login failed for user identified principal
- What does "grant admin consent" button do in azure Azure Active Directory application?
- Azure AD Graph API or Powershell Graph: Gathering all the assigned roles that are associated to a group
- Azure AD user unable to connect to Azure SQL Error: 18456,State:1,Class:14
- Is there a way to add the sam_account_name of a user in the id_token claims?
- No users to select from the list in Azure Role assignments using Resource Group Owner
- Azure pipelines cannot connect to Azure SQL via AD/Entra using a custom console application