A complete and highly resilient solution for automating Microsoft Entra AD (Azure AD) Extension Attributes management based on information from Active Directory and/or Microsoft Intune.
- Overview
- Key Features
- Architecture
- Installation
- Configuration
- Usage
- Web Dashboard & API
- Health Checks and Monitoring
- Configuration Examples
- Available Properties
- Resilience and Retry Logic
- Multi-Channel Notifications
- Troubleshooting
- Testing and Debug
- Contributing
- Documentation
- License
The Extension Attributes Automation Worker Service is a powerful and highly resilient tool that automates the synchronization of Microsoft Entra AD Extension Attributes using data from:
- Active Directory on-premise - AD computer attributes
- Microsoft Intune - Hardware, software, and compliance information from managed devices
The solution supports regular expressions for extracting specific values, default values, a unified configuration that prevents collisions, comprehensive monitoring, automatic retry, multi-channel notifications, and a web dashboard with REST API.
- Single configuration section for all Extension Attributes
dataSourcefield to specify whether to use Active Directory or Intune- Automatic collision prevention - impossible to configure the same Extension Attribute with multiple sources
- Active Directory: Uses AD computer attributes like OU, company, location, department
- Microsoft Intune: Uses device information like manufacturer, model, compliance state, storage info
- Regular Expressions: Extract specific parts from attribute values
- Default Values: Automatic fallback when data is not available
- Concurrent Processing: Efficient handling of thousands of devices
- Detailed Logging: Complete operation tracking with Serilog
- π Single Device Processing: Debug and test on specific devices
- Windows Service: Automatic scheduled execution in background
- Console Application: Manual execution for testing and debugging
- π Device-Specific: Processing individual devices for troubleshooting
- π Device by ID: Processing via Entra AD Device ID
- π Web Dashboard: Interactive web interface with real-time monitoring
- Quartz.NET Integration: Advanced scheduling with CRON expressions
- Separate Jobs: Ability to schedule AD and Intune independently
- Unified Job: Combined processing of all sources
- 4 Integrated Health Checks: Configuration, Entra AD, Active Directory, Intune
- Real-time monitoring of service status
- Detailed metrics for each component
- Automatic alerting for critical issues
- Polly Integration: Automatic retry for transient errors
- Circuit Breaker: Prevention of cascading failures
- Graph API Throttling: Intelligent handling of Microsoft rate limits
- Exponential Backoff: Optimization of retry strategies
- Microsoft Teams: Notifications via webhook with formatted cards
- Slack: Structured messages with attachments
- Email: Support for SMTP/SendGrid/Azure Communication Services
- Intelligent Alerting: Configurable thresholds to avoid spam
- π Interactive Dashboard: Real-time monitoring and device processing
- π REST API: Comprehensive endpoints for system integration
- π Health Checks UI: Visual health status monitoring
- π Swagger Documentation: Complete API documentation
- π Remote Device Processing: Process devices via web interface
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Entra AD (Azure AD) β
β βββββββββββββββββββββββ β
β β Extension β β
β β Attributes 1-15 β β
β βββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Extension Attributes Automation Worker β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β π Web Dashboard & REST API β β
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββββββββββ β β
β β β Status API β β Health UI β β Device Processing β β β
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β UnifiedExtensionAttributeHelper β β
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββββββββββ β β
β β β AD Helper β β Intune Helper β β Notification Service β β β
β β βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Health Checks β β
β β βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β β
β β β Config β β Entra AD β β AD β β Intune β β β
β β βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Polly Resilience β β
β β βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β β
β β β Retry β βCircuit Breakβ β Timeout β β Graph Throttling β β β
β β βββββββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββ¬ββββββββββββββββββ¬ββββββββββββββββββ¬ββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββ
β Active Directory β β Microsoft Intuneβ β Notifications β
β β β β β β
β β’ Computer Objects β β β’ Device Info β β β’ Teams Webhooks β
β β’ OU Structure β β β’ Hardware Info β β β’ Slack Integration β
β β’ Attributes β β β’ Compliance β β β’ Email SMTP β
βββββββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββββββ
- .NET 10.0 Runtime/SDK (LTS β supported until November 2028)
- Windows Server 2019 or higher (for AD integration)
- Active Directory access (if used)
- Microsoft Graph API permissions for Entra AD and Intune
- Certificate or Client Secret for Azure authentication
- Clone the repository:
git clone https://github.com/robgrame/ExtensionAttributes.Automation.git
cd ExtensionAttributes.Automation- Build the solution:
dotnet build --configuration Release- Install as Windows Service:
cd Nimbus.ExtensionAttributes.Worker\bin\Release\net10.0-windows
Nimbus.ExtensionAttributes.WorkerSvc.exe --serviceThe appsettings.json file contains all necessary configurations:
{
"AppSettings": {
"ExportPath": "C:\\Temp\\Automation\\Export",
"ExportFileNamePrefix": "DevicesProcessed",
"DataSources": {
"EnableActiveDirectory": true,
"EnableIntune": true,
"PreferredDataSource": "Both"
},
"ExtensionAttributeMappings": [
{
"extensionAttribute": "extensionAttribute1",
"sourceAttribute": "distinguishedName",
"dataSource": "ActiveDirectory",
"regex": "(?<=OU=)(?<value>[^,]+)(?=,OU=(?i:Locations))",
"defaultValue": "Unknown Department"
},
{
"extensionAttribute": "extensionAttribute5",
"sourceAttribute": "manufacturer",
"dataSource": "Intune",
"useHardwareInfo": true,
"defaultValue": "Unknown"
}
]
},
"EntraADHelperSettings": {
"TenantId": "<your-tenant-id>",
"ClientId": "<your-client-id>",
"UseClientSecret": false,
"CertificateThumbprint": "<your-cert-thumbprint>",
"PageSize": 1000
},
"ADHelperSettings": {
"RootOrganizationalUnitDN": "OU=Computers,DC=contoso,DC=com",
"PageSize": 1000
}
}# Run all tests
dotnet test
# Run in console mode with dry-run
dotnet run --project Nimbus.ExtensionAttributes.Worker -- --dry-run
# Process a specific device
dotnet run --project Nimbus.ExtensionAttributes.Worker -- --device "WORKSTATION01"
# Run the web dashboard
dotnet run --project Nimbus.ExtensionAttributes.Worker -- --webappContributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Detailed guides are available in the docs/ folder:
| Guide | Description |
|---|---|
| Authentication Setup | Azure AD app registration, certificate and client secret configuration |
| CMTrace Logging Guide | SCCM/CMTrace-compatible logging configuration and usage |
| Implementation Summary | Technical overview of the architecture and implementation details |
| Service Web Integration | REST API endpoints, SignalR integration, and service hooks |
| Web Interface Guide | Web dashboard setup, features, and usage instructions |
This project is licensed under the GNU General Public License v3.0 β see the LICENSE.txt file for details.