10

Sync Mobile Phone from Azure Active Directory to Employee Directory Plus using PowerShell

Since Microsoft doesn't sync mobile number and profile images from Azure AD / user profile to SharePoint online profile, mobile number and profle images are not synced automatically, below is the article to sync profile images and phone number to SharePoint onlline / Employee Directory Plus.

Prerequisites

If you're already managing your Office 365 / SharePoint Online tenant using PowerShell chances are you'll have these installed, but if not you'll need:

Additionally, you'll need a set of credentials for both Office 365 tenant and the Azure AD tenant. This user must be a global admin on the SharePoint User Profile Application as well as a Service Admin on the Azure tenant. Lastly - be sure that the user account is not configured for Multi-Factor Authentication, otherwise you'll be unable to connect via PowerShell.

Running the PowerShell Script

There is a flag that controls the behaviour of the script with regards to existing values in the "Cell Phone" UPA field - by default it will not overwrite values but by setting $overwriteExistingSPOUPAValue = "True" it will do so.

Run the "Windows Azure Active Directory Module for Windows PowerShell" as an Administrator, then execute this script:


Import-Module MSOnline
Import-Module Microsoft.Online.SharePoint.PowerShell

# add SharePoint CSOM libraries
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll'
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll'
Import-Module 'C:\Program Files\Common Files\microsoft shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll'

# Defaults
$spoAdminUrl = "https://tenant-admin.sharepoint.com"
$overwriteExistingSPOUPAValue = "False"

# Get credentials of account that is AzureAD Admin and SharePoint Online Admin
$credential = Get-Credential

Try {
    # Connect to AzureAD
    Connect-MsolService -Credential $credential

    # Get credentials for SharePointOnline
    $spoCredentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.GetNetworkCredential().Username, (ConvertTo-SecureString $credential.GetNetworkCredential().Password -AsPlainText -Force))
    $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($spoAdminUrl)
    $ctx.Credentials = $spoCredentials
    $spoPeopleManager = New-Object Microsoft.SharePoint.Client.UserProfiles.PeopleManager($ctx)

    # Get all AzureAD Users
    $AzureADUsers = Get-MSolUser -All

    ForEach ($AzureADUser in $AzureADUsers) {

        $mobilePhone = $AzureADUser.MobilePhone
        $targetUPN = $AzureADUser.UserPrincipalName.ToString()
        $targetSPOUserAccount = ("i:0#.f|membership|" + $targetUPN)

        # Check to see if the AzureAD User has a MobilePhone specified
        if (!([string]::IsNullOrEmpty($mobilePhone))) {
            # Get the existing value of the SPO User Profile Property CellPhone
            $targetUserCellPhone = $spoPeopleManager.GetUserProfilePropertyFor($targetSPOUserAccount, "CellPhone")
            $ctx.ExecuteQuery()

            $userCellPhone = $targetUserCellPhone.Value

            # If target property is empty let's populate it
            if ([string]::IsNullOrEmpty($userCellPhone)) {
                $targetspoUserAccount = ("i:0#.f|membership|" + $AzureADUser.UserPrincipalName.ToString())
                $spoPeopleManager.SetSingleValueProfileProperty($targetspoUserAccount, "CellPhone", $mobilePhone)
                $ctx.ExecuteQuery()
            }
            else {
                # Target property is not empty
                # Check to see if we're to overwrite existing property value
                if ($overwriteExistingSPOUPAValue -eq "True") {
                    $targetspoUserAccount = ("i:0#.f|membership|" + $AzureADUser.UserPrincipalName.ToString())
                    $spoPeopleManager.SetSingleValueProfileProperty($targetspoUserAccount, "CellPhone", $mobilePhone)
                    $ctx.ExecuteQuery()
                }
                else {
                    # Not going to overwrite existing property value
                    Write-Output "Target SPO UPA CellPhone is not empty for $targetUPN and we're to preserve existing properties"
                }
            }
        }
        else {
            # AzureAD User MobilePhone is empty, nothing to do here
            Write-Output "AzureAD MobilePhone Property is Null or Empty for $targetUPN)"
        }
    }
}
Catch {
    [Exception]
}

Results

During the run there were a couple of accounts with no value in the AAD MobilePhone property, and one account that already had a value in the UPA CellPhone property - since the default behaviour is to preserve existing values it was not overwritten.

Checking the User Profile Details now, you can see we've successfully copied the values from Azure Active Directory to the SharePoint User Profile Service Application:

Before Updating User Profile Properties

Before Updating User Profile Properties

Updated User Profile Properties

Updated User Profile Properties

Now, once the search crawl process picks it up the new values in CellPhone they will be available for use in Employee Directory Plus applications.

TOP