Please bare with me, I am trying to breakdown other people's work. What I am looking through now is a 'deprovisioning' workflow. That workflow does a few things, but it is pulling the edsaAzureUserPrincipalName and the edsvaAzureObjectID. the object ID is present. If fact I can search in Active Roles MMC and yes, that is there. I can even filter on that property.
Ok, the script stops running if the edsaAzureUserPrincipalName returns blank. When I search in the MMC, the property is null. In fact I can't event filter on that property. When search for properties to filter on, it doesn't return available.
I am looking to try and rewrite the existing code, as I am good with powershell, no so much with quest scripts / workflows yet. The object ID in azure really should be good enough. The issue is there are a lot of scripts that are using this attribute. (edsaAzureUserPrincipalName). I did see that there is an article that you have to do a get-qaduser and get both properties (edsaAzureUserPrincipalName and edsvaAzureObjectID) otherwise it will return blank. So the scripts do that, but when I am connected to quest via the shell, it will not let me filter / include other properties not found in the default. I assume there is an acess template controlling that.
Finally I read up and found that the edsa attributes are calculated vs the edsva being a virtual attribute we get to populate. Anyway any help on figuring out this mess would be helpful.