Background
Crossware Mail Signature can extract information from Windows Azure Active Directory(WAAD) using the published API (This is known as Graph API).
Most customers use AAD Connect to synchronise their on premise Active Direct(AD) with Windows Azure Active Directory.
The main issue with WAAD and Graph API is the limited number of attributes available to Crossware Mail Signature.
To get around this limitation, AAD Connect has a feature to synchronise attributes within the customers Active Directory to Extension attributes within WAAD.
These Extension attributes are available to Crossware Mail Signature and can be used in lookups and rules.
Setup
The setup of the synchronisation process is based on the following Microsoft article.
Crossware is not responsible for this part of the process.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started-custom/#directory-extension-attribute-sync
Enable Directory extension attribute sync
If not already enabled you will need to enable this feature in AAD Connect.When this option is selected, you can then select the Active Directory attribute to synchronise. Make sure you select user attributes and not "group" attributes.
If you need to add additional attributes you will need to re run the AzureADConnect.exe application.
Once the changes have been saved, the synchronisation process will create new attributes within Windows Azure Active Directory.
Finding the new attributes
The newly created attributes names are different for each tenant, therefore you will need to find the attribute name.
The new attribute will take the following format:
e.g. extensionAttribute1
Filling in the values via Directory/Powershell
There are two ways of filling in extesnsion attributes.
1. The first way is through your local directory:
- Open your local directory > Click on the Users file > Find the user, select the user's name and click on properties on the tool bar located on the top
- Once you have loaded the user's information, click on Attribute Editor > Scroll till you find the list of atttributes beginning with extensionAttribute (e.g., extensionAttribute1)
2. You can set it through a powershell command:
- Open up Active Directory Module for Windows PowerShell > Enter the command in the terminal and click <enter> (replace the text "anyUser" with the user's email and "myString" with the desired value
Using Graph Explorer
Microsoft provide a web application for examining the raw output from Graph API. This allows customers to view the attributes available to Crossware Mail Signature.
Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph
To use Graph Explorer, you must login with your Microsoft 365 credentials.
You examine an individual user's extension attributes using a url similar to the one below
https://graph.microsoft.com/v1.0/users?$filter=startswith(userPrincipalName,'{user'sEmail}')&$select=id,displayname,mail,officeLocation,onPremisesExtensionAttributes
Creating a new lookup
Once the attribute name has been determined, a new lookup can be created to extract the information.
e.g.
Test/Preview the new lookup
Before testing the new lookup, please check the server log to ensure that all the changes have been correctly pushed out to Crossware's SMTP Servers.
Creating a new lookup, will have forced a refreshed our cache of WAAD.
The test email should contain the correct data. This lookup can now be used in signature configuration documents and rules just like any other lookup.