I have queried the user endpoint using advanced query capabilities. but I didn't get the value of Department field.
This is my query:
https://graph.microsoft.com/v1.0/users?$count=true&$search="displayName:tobias"&ConsistencyLevel=eventual&$select=employeeId,department,jobTitle
The above query shows all info of the user except the info of block of job information.
Using select query for the user above:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(employeeId,department,jobTitle)",
"#odata.count": 1,
"value": [
{
"employeeId": null,
"department": null,
"jobTitle": null
}
]
}
What is the problem about?
Please note that, getting the details of user from Microsoft Graph API returns only few details/properties by default.
Please refer this MsDoc which confirms the same.
Please use $select to select the job details of the user like below:
https://graph.microsoft.com/v1.0/users?$select=employeeId,department,jobTitle
Reference:
How do I retrieve Job Info from Azure AD via MS Graph by DerDani81
Related
I am trying to get appRoleAssignedTo for my Azure Tenant, now suppose if I have 10 applications under that tenant I will have to make 10 different calls by passing the servicePrincipal Id for all the 10 applications.
GET /servicePrincipals/{id}/appRoleAssignedTo
Is there a way through which I can get all the appRoleAssignedTo under respective servicePrincipal using just one API call.
Alternatively Microsoft provides a delta call for servicePrincipal, is there a way that the delta returns me the servicePrincipal when appRoleAssignedTo has changed(basically connecting the appRolesAssignedTo to servicePrincipal)
P.S I have tried doing it using $select and $expand and it doesn't work.
https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignments?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/serviceprincipal-delta?view=graph-rest-1.0&tabs=http
Please try with $expand=appRoleAssignedTo in Graph Explorer.
https://graph.microsoft.com/v1.0/servicePrincipals?$expand=appRoleAssignedTo
If you want to use both $select and $expand, the "id" is required.
https://graph.microsoft.com/v1.0/servicePrincipals?$select=id,displayName&$expand=appRoleAssignedTo
The response looks like:
{
"value": [
{
"id": "xxxxxx",
"displayName": "Managed Service",
"appRoleAssignedTo#odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals('xxxxx')/appRoleAssignedTo",
"appRoleAssignedTo": []
},
....
]
}
I am trying to use the Microsoft Graph Explorer to update a custom attribute I created in B2C named GroupID.
First, I get the id of the user I want to edit using this query:
GET https://graph.microsoft.com/v1.0/{myResourceName}.onmicrosoft.com/users
This returns the following JSON:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": [
{
"displayName": "User Name",
"surname": "Name",
"givenName": "User",
"id": "ff46335221e1a365",
"userPrincipalName": "user#username.com",
"businessPhones": [],
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null
}
]
}
Now I'd like to add a value for GroupID for this user. The attribute itself does not appear in the above JSON, presumably because it does not yet have a value assigned.
I tried using this query:
PATCH https://graph.microsoft.com/v1.0/{myResourceName}.onmicrosoft.com/users/ff46335221e1a365
With request body:
{"GroupID": 1234}
But I get a 405 error:
The method or operation is not allowed.
Am I using the wrong query? I tried to follow the guide here.
UPDATE
Attached is a screenshot of the request. In this screenshot, I omitted the {myResourceName}.onmicrosoft.com from the URL. But I've tried both ways and still get the 405 error.
Please see this document:
Extension attributes in the Graph API are named by using the
convention extension_ApplicationClientID_attributename, where the
ApplicationClientID is the Application (client) ID of the
b2c-extensions-app application (found in App registrations > All
Applications in the Azure portal). Note that the Application (client)
ID as it's represented in the extension attribute name includes no
hyphens. For example:
"extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342"
So the real custom attribute name is extension_{ApplicationClientID}_GroupID.
Go to Azure AD -> App registrations to find the application id of the b2c-extensions-app application.
The {ApplicationClientID} is the application id without hyphens.
PATCH https://graph.microsoft.com/v1.0/users/ff46335221e1a365
{"extension_{ApplicationClientID}_GroupID": 1234}
I have tried to get custom attributes created in Active directory using Microsoft graph. I am able to get attributes by their names using this query in Microsoft Graph
https://graph.microsoft.com/v1.0/me?$select=Department
But I'm not able to get some attributes which are not their by default (which are customly created) using microsoft graph. For an example, if I put "employeeId", the same query returns
{"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(employeeId)/$entity"}
Interestingly, I can get the employeeId using Azure AD graph which is now old school. (below query)
https://graph.windows.net/me/employeeId
Above query returns me the following Jason
{
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#Edm.String",
"value": "38XXX"}
After some googling, I've found that there are extension attributes which are created using Azure AD connect which will create a Schema Extension App in Azure and we can get them using
extension_{appID}_employeeId
I can't find any Schema Extension App in my Azure Portal and I've tried some Powershell commands too. Our organization don't use Azure B2C AD. What I need is
A way to find AppId of Schema Extension App in Azure
Or an alternative way to get those custom attributes
A way to find AppId of Schema Extension App in Azure
If you want to find the AppId of Schema Extension App, you could use the MS graph api below.
GET https://graph.microsoft.com/beta/applications?$filter=displayName eq 'Tenant Schema Extension App'
For more details about required permission etc, refer to this similar issue.
Eventually, I've found the Tenant Schema Extension AppID buy running below query in Microsoft Graph Explorer
Note : Use Beta for Graph API version
https://graph.microsoft.com/beta/me
Which returned me a lengthy Json with below output
"userPrincipalName": "example#abc.com",
"externalUserState": null,
"externalUserStateChangeDateTime": null,
"userType": "Member",
"extension_{appid}_extensionAttribute3": "XXX",
"extension_{appid}_extensionAttribute2": "XXX",
"extension_{appid}_extensionAttribute1": "XXX",
"extension_{appid}_employeeID": "XXXXXX",
Additionally, the below query returned the extension attributes even without the appid (you should use beta version)
https://graph.microsoft.com/beta/me?$select=UserPrincipalName,onPremisesExtensionAttributes
Which returned the below Json
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#users(userPrincipalName,onPremisesExtensionAttributes)/$entity",
"userPrincipalName": "xxxx#xxx.com",
"onPremisesExtensionAttributes": {
"extensionAttribute1": "XXX",
"extensionAttribute2": "XXX",
"extensionAttribute3": "XXX",
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
}
}
I'm using Graph to get all users on my sharepoint online site. The code works just fine expect for one example.
I've the sharepoint users is synced from azure ad, then im not able to get the properties of the user.
Here is the webApiPermissionRequests:
"webApiPermissionRequests": [
{
"resource": "Microsoft Graph",
"scope": "User.ReadBasic.All"
},
{
"resource": "Microsoft Graph",
"scope": "Contacts.Read"
},
{
"resource": "Microsoft Graph",
"scope": "User.Read.All"
}
]
The request where i get my users:
const users: MSGraphClient = this.context.serviceScope.consume(MSGraphClient.serviceKey);
users
.api("/users")
.select("displayName,mobilePhone,mail,photo,department,jobTitle,mailNickname")
.top(999)
.get((error, response: any, rawResponse?: any) => {
As i said, Everything works just fine expect when a user is imported from the Azure AD.
Can anyone tell me why all properties except displayName is null when it's an imported user.
UPDATED
I've added a picture. It' is only the Mobile Phone number (Mobiltelefon) that I'm able to get with the api above. The rest of the data and information is not being received. Let's take Office (Kontor) is coming from the azure add and is not is NOT being received in the API.
According to your description, you want to get the user's properties by MS Graph API.
Based on my test, we can get the properties. For your case, we should check the properties whose the value is null.
Check the properties in Azure AD whether it is null.
I tried to create update login username or email through Microsoft graph explorer but I am unable to do both actions. Probably the json data I am supplying might not be in correct format.
I am logged in with admin account, used PATCH method and successfully updated information by supplying below codes:
{
"displayName": "AAAlica",
"givenName": "Mews",
"passwordProfile": {
"password": "P#ssword!"
}
}
I don't know what attributes and values should I provide in order to change login username/email address. I tried different format like
{
"displayName": "AAAnamika",
"givenName": "MMews",
"userPrincipalName": "newusername#mycompanydomain#onmicrosoft.com"
}
and always getting error.
References:
graph explorer: Microsoft graph explorer
documentation: Microsoft graph api documentation
I noticed that the userPrincipalName in your post is invalid which contains two #.
The correct format should be like newusername#mycompanydomain.onmicrosoft.com. Here is the detail description for the UPN property:
The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias#domain, where domain must be present in the tenant’s collection of verified domains.