By DavidLundell September 26, 2025
This article is the fourth in a series about Custom Attributes in Entra ID and will discuss the Data Types that each of these approaches can use.
- Names and aliases
- Naming Conventions
- Resource Types
- Data Types
- Lifecycle
- Limitations
- Use Cases
- Decision Tree
| Resource Types | Extension attributes | Directory Extensions | Schema Extensions | Open Extensions | Custom Security Attributes |
| String | Y | 256 characters | Y | Y | 64 Characters |
| Binary | N | Y | Y | N | N |
| Boolean | N | Y | Y | N | Y |
| DateTime | N | Y | Y | N | N |
| Integer | N | Y | Y | N | Y |
| LargeInteger | N | Y | N | N | N |
| Multi-valued Attributes | N | Y | N | Y | Y |
| Strongly Typed | N | Y | Y | N | Y |
Going beyond single valued strings
If you need to go beyond single valued string data then Extension Attributes are out. If you need to go beyond Multi-valued String data then Open Extensions are out (although the apps use it can store whatever they want in the string and interpret it however they want). If you must use Extension Attributes then you are stuck with 15 single valued string attributes.
Custom Security Attributes – ok but limited
Custom Security Attributes have a 64 unicode character limit on strings, can’t handle binary nor DateTime.
Schema Extensions – ok but no multi-valued
Schema Extensions cannot do multi-valued or 64-bit integers, however they cover everything else.
Directory Extensions are the most flexible
Directory Extensions are the most flexible although strings are limited to either 250 or 256 unicode characters (Connect Sync docs say it truncates it 250 but other docs say limit is 256 and they could both be right – the actual limit could be 256 but Entra ID Connect is or was configured to truncate at 250 characters.
What type is missing?
What type is missing from all of these that is so crucial to a directory? – Reference (i.e. Manager, Owner, Member). I don’t see a way to add Reference attributes.