![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 75%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGL%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,252 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello @Graham Lindsay ,
Let me answer your queries one by one.
What you see in the transformations is called declarative provisioning . This has a separate language called Declarative Provisioning Expression Language The expression language which is used in attribute flows is a subset of Microsoft VB for apps (similar to VBScript) . The Declarative Provisioning Expression Language is only using functions and is not a structured language. The list of function which are used in Azure AD connect Sync is provided in an article for function reference. Please check the link for more information. You can understand more on the default configurations in the sync rules in AAD connect here. Its more or less regular expressions.
Your second question related to knowing about what the current transform does.
IIF(IsNullOrEmpty([displayName]),[cn],[displayName])
The IF function is designed in such a way where it evaluates one condition at the start and then returns the values mentioned in the expression . The second parameter(in this case [cn]) is returned if condition is true and the last parameter(in this case [displayName]) is returned if condition is false. The following is an attempt to best describe the exact meaning of the above transform.
"" If displayName attribute is not present for the object or is an empty value in the connector space or metaverse then update the value of cn attribute to the displayName And if its not null or empty then let whatever value displayName attribute has from the source connector, get updated to the displayName attribute in target (AD connector space or AAD connector space or MV ). ""
IIF(IsNullOrEmpty([displayName]),"Prefix_" & [cn],"Prefix_" & [displayName])
If the related attribute from source has any value populated for displayName then it will Append the string "prefix_" before displayName and if the related attribute from source does not have any value then it will append "prefix_" before cn attribute and store the resultant in displayName target attribute.
I have made changes as per the existing rule that you have. I would suggest you to test it before applying it in your own environment because there may be other rules within your configuration/environment dependent on each other which would change the resultant value within the metaverse. For this you can copy this rule and create a test rule. within the test rule you can create a scoping filter to have a scope specific to one test group so that any modification can be seen on that group itself and this rule does not apply to any other object. You can use attribute based filtering for defining scoping filters. Once testing is complete you can apply this rule in the main sync rule.
Hope the information helps . If the information provided in the post helps , please do mark it as answer so that its helpful to other members of the community. In case you have any further queries please let us know and we will be happy to help.
I have linked many article which you can go through to understand more . They are not specific to FIM but the concept is the same in both AAD connect and FIM products. FIM actually provides you much larger ways of customizing the object provisioning.
Thank you.