Background
Crossware Mail Signature can extract information from Windows Azure Active Directory(WAAD) using the published API (This is known as Graph API).
Most customers use AAD Connect to synchronise their on premise Active Direct(AD) with Windows Azure Active Directory.
The main issue with WAAD and Graph API is the limited number of attributes available to Crossware Mail Signature.
To get around this limitation, AAD Connect has a feature to synchronise attributes within the customers Active Directory to Extension attributes within WAAD.
These Extension attributes are available to Crossware Mail Signature and can be used in lookups and rules.
Setup
The setup of the synchronisation process is based on the following Microsoft article.
Crossware is not responsible for this part of the process.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started-custom/#directory-extension-attribute-sync
Enable Directory extension attribute sync
If not already enabled you will need to enable this feature in AAD Connect.When this option is selected, you can then select the Active Directory attribute to synchronise. Make sure you select user attributes and not "group" attributes.
If you need to add additional attributes you will need to re run the AzureADConnect.exe application.
Once the changes have been saved, the synchronisation process will create new attributes within Windows Azure Active Directory.
Finding the new attributes
The newly created attributes names are different for each tenant, therefore you will need to find the attribute name.
The new attribute will take the following format:
- extension_<32 character hexadecimal string>_
e.g. extension_1ff80bb3d9fc45a98e973ef46ad23e62_extensionAttribute1
Using AAD Connect
You can determine the attribute name by examining an update in the AAD Connector.e.g.
Using Graph Explorer
Microsoft provide a web application for examining the raw output from Graph API. This allows customers to view the attributes available to Crossware Mail Signature.https://graphexplorer.azurewebsites.net/
To use Graph Explorer, you must login with your Microsoft 365 credentials.
You examine an individual users attributes using a url similar to the one below
https://graph.windows.net/crossware.onmicrosoft.com/users/Edmond.Halley@paperface.com?api-version=1.5
You will need to change the tenant name and username to a user within your directory. The user must also have the attributes synced or it may not appear in Graph API.
Creating a new lookup
Once the attribute name has been determined, a new lookup can be created to extract the information.
e.g.
Test the new lookup
Before testing the new lookup, please check the server log to ensure that all the changes have been correctly pushed out to Crossware's SMTP Servers.
Creating a new lookup, will have forced a refreshed our cache of WAAD.
The test email should contain the correct data. This lookup can now be used in signature configuration documents and rules just like any other lookup.