Some Jint components display information from the user profile by querying Microsoft Entra ID (formerly Azure Active Directory) directly. If fields appear empty or grayed out in Entra ID, the cause is often related to the configuration of your on-premises Active Directory and its synchronization to the cloud.

This article explains why some attributes do not sync and how to fix this.

Table of Contents

• 1. How Jint components retrieve user information
• 2. Why an attribute may be missing or read-only in Entra ID
• 3. Practical case: the employeeHireDate attribute (hire date)
• 4. Solution: use msDS-cloudExtensionAttribute to synchronize the attribute

1. How Jint components retrieve user information

Depending on the component used, profile data is read from two sources:

• The SharePoint directory (SharePoint user profile)
• Microsoft Entra ID via the Microsoft Graph API

When a component queries Entra ID, it displays exactly what is in the Entra profile. If an attribute is empty or missing in Entra ID, the component will not be able to display it — regardless of the value present in your HR system or your on-premises AD.

2. Why an attribute may be missing or read-only in Entra ID

In organizations with an on-premises Active Directory synchronized to Entra ID via Azure AD Connect (or Microsoft Entra Connect), user attributes in Entra ID are read-only: they can only be modified from the local AD and then synchronized.

If an attribute is missing or empty in Entra ID, it generally means one of the following situations:

• The attribute does not exist in the version of Windows Server Active Directory used
• The attribute exists but is not included in the synchronization scope configured in Azure AD Connect
• The attribute exists but its value is not set in the local AD

⚠️ In this case, it is not possible to enter the value directly in Entra ID. The modification must be done through the local AD.

3. Practical case: the employeeHireDate attribute (hire date)

The employeeHireDate attribute is often affected by this issue. It corresponds to the employee's hire date.

Observed symptom: the employeeHireDate field appears grayed out (read-only) in the Entra ID portal, and its value is empty.

Cause: this attribute is not natively available in all versions of Windows Server Active Directory (notably Windows Server 2016 Standard). It therefore cannot be synchronized directly.

You can check the availability of this attribute on a user account via PowerShell:

Get-ADUser <username> -Properties *

If employeeHireDate does not appear in the results, the attribute does not exist in your local AD schema.

4. Solution: use msDS-cloudExtensionAttribute to synchronize the attribute

Microsoft provides extension attributes specifically designed for cloud synchronization: the msDS-cloudExtensionAttribute (from 1 to 20).

These attributes are available in all Active Directory environments compatible with Azure AD Connect and are synchronized to Entra ID.

4.1 Required value format

For employeeHireDate, the value entered in the AD attribute must strictly follow the following format:

yyyyMMddHHmmss.fZ

Example for March 15, 2022:

20220315000000.0Z

⚠️ An incorrect format will cause a synchronization error or incorrect display in Entra ID.

4.2 Configuration procedure

1. In your on-premises Active Directory, fill in the msDS-cloudExtensionAttribute1 (or another available number) attribute with the hire date value in the yyyyMMddHHmmss.fZ format
2. Ensure that Azure AD Connect is configured to synchronize this attribute to Entra ID
3. Run a synchronization (or wait for the next cycle)
4. Verify in the Entra ID portal that the value correctly appears on the test user's profile

For the complete setup procedure, we recommend the following resource, written by a Microsoft Active Directory expert:

🔗 How to synchronize employeeHireDate – windows-active-directory.com

For the official Microsoft documentation on attributes synchronized by Azure AD Connect:

🔗 Attributes synchronized by Azure AD Connect – Microsoft Learn