Hi John,

I've stumbled on your question here a year later with (I think) the same goal in mind: use Azure AD User Provisioning to add/create Departments that don't exist within your ServiceNow instance.

ServiceNow posted a Knowledge Base article that says that the Azure AD User Provisioning service is able to update sys_user or sys_group tables, but NOT cmn_ tables (such as cmn_department). Here's a link to the article that includes more information: https://hi.service-now.com/kb_view.do?sysparm_article=KB0655991

Another point I'd like to touch on was when you said "however if the value on the user record in azure does not exist in cmn_department, the user record would not be updated" - I believe this might be due to your setup in Azure AD. If you navigate to the ServiceNow integration from Azure AD, go to Manage > Provisioning > Mapping and click the name of the attributes mapping (ours is "Synchronize Azure Active Directory Users to ServiceNow"). Find Department on the list and click on it. If "Match objects using this attribute" is set to Yes, then I believe it will cause the behavior of skipping the update on the entire user record. I have this toggled to No and all of our users profiles are updated, albeit with many errors where the Department field doesn't align with what's available in ServiceNow (due to a bigger issue with how our HR system tracks and feeds Departments and Business Units into AD).

Given the amount of time that has passed, I'm not sure that this response will prove useful to you, but I hope it will benefit others such as myself who stumble upon your question in the future. Did you ever resolve this?

Mike