Does anyone know how to order the results of a query to the Azure AD Graph API using the nuget assembly (https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/) by "Created Date" (i.e. when the user was created in the directory?
I can't find any documentation about a property which would contain this. Is the result set automatically ordered in this way?
There is a restriction at the moment on the '$orderby' expressions that can be specified for a Graph API query. From the documentation -
The following restrictions apply to $orderby expressions:
Two sort orders are currently supported: DisplayName for User and Group objects, and UserPrincipalName for User objects. The default sort order for users is by UserPrincipalName.
So even if the 'Created Date' was exposed as property on the User I doubt the query will work.
Related
In my app, the user should be able to choose a company, in which his article gets published.
The Azure Active Directory has the Company name for that, which is maintained by our AAD Team. Is there any way to request all values from this field? Like a SELECT DISTINCT in SQL?
AFAIK, currently there is no way to request all distinct values using companyName attribute.
You can use filter parameter by looping through each companyName.
Please note that Distinct is not supported in Microsoft graph API.
You can raise Azure Support ticket or feature request for the same by visiting below link:
Azure Support Options | Microsoft Azure
References:
Is there a way to query distinct user profile attribute values from the Graph API? For example $select=Distinct(jobTitle)? The scenario would be to build a "refinement" experience for a People Search experience. - Microsoft Q&A
Distinct values in Microsoft Graph query - Stack Overflow
I'm trying to create a Workbook Parameter drop down, where we can choose Subscription to filter.
However, 1 Tenant/ Directory might have one or more subscriptions.
Instead of a flat subscription drop-down list like this:,
Subscription-1
Subscription-2
Subscription-3
Subscription-4
Subscription-5
Is there a way to create a drop-down list of subscription grouped by Tenant/Directory similar to the ones in Azure Resource Graph Explorer page (located in the right side) like this:?
Tenant 1
Subscription-1
Subscription-2
Tenant 2
Subscription 3
Tenant 3
Subscription 4
Subscription-5
Thank you very much for your help.
A partial solution:
create a new parameter
pick "subscription picker" as the parameter type
pick "query" as the "get data from" option
in the query, set the data source to "Azure Resource Graph"
pick all or default (subscription filtered subs) as the subscriptions value
use the query
ResourceContainers | where type =~ "microsoft.resources/subscriptions"
// add any other filters you want here
| project id, name, group=tenantId
you'll get a dropdown parameter that is subs grouped by tenant.
limitation: Azure Resource Graph doesn't have tenant names (not sure why), so the dropdown itself won't have those. you'd possibly have to query ARM separately to get all the tenants by name+id and merge with that if you want tenant names?
Update: Jason went the extra step of using merge to get data, which i'm not sure why i didn't think of that.
you could possibly use the ARM data source and query the /tenants api to get that info to use in the merge:
in my place i'm only getting on tenant back in that list, though, so i can't verify that it will work and get you all the tenants. i swear i have access to more than one but i'm only getting back my primary one?
On top of John Gardner's answers, I managed to get it work by creating a Merge between 2 queries. one for the resource graph, and one on KQL referring to external Blob storage with mapping between TenantId and Tenant Name.
Create the parameter, use Merge, and select the Tenant Name field, rename it as "group".
I'm using the Graph API to pull down information about a specific user in my organization. This works great, however one piece of information I need is the users "Security Groups" from their Active Directory account.
I use the following URL to request the Graph API information for a given Active Directory objectID.
https://graph.windows.net/[domain]/users/[objectID]?api-version=1.5
This gives me an JSON result that contains the users information such as their Department, jobTitle, userPrincipalName, etc.
How can I also request the users Security Group memberships? Is this possible?
They are available on the memberOf navigation property. So you can make a call to this:
https://graph.windows.net/[domain]/users/[objectID]/memberOf?api-version=1.5
User entity documentation
In Azure Search we can create multiple indexes for different search results, and we have two types of api-key. One is for administation and other one is for querying. But with same api-key users can search all indexes.
In my solution I need to design a system so that different users that use the system will get different results by their previleges. I thought this could be solved with dedicated indexes for each role but still users can query other indexes if they want to.
How can I be sure that every user can ONLY be able to search on particular a index.
Out of the box it is not possible to restrict the key usage for a specific index. You would need to do something on your own.
Other possibility would be to create different search service accounts and then creating indexes in them instead of having one account. You can then grant access to your users to appropriate search service account.
UPDATE
Based on your comments, you're actually looking to restrict search results (documents) by user's role i.e. going one level deeper than indexes. To achieve this, what you could do is dynamically append this role criteria to your search query as OData Filter. For example, let's say your index has boolean fields for each role type (Administrator, User etc. etc.) and the user searches for some keyword. Then what you could do is create an OData Filter $filter where you check for these conditions. So your search URL would look something like:
https://<search-service-name>.search.windows.net/indexes/<index-name>/docs?search=<search-string>&$filter=Administrator%20eq%20true
That way Search Service is doing all the filtering and you don't have to do anything in your code.
You can learn more about query options here: https://msdn.microsoft.com/en-us/library/azure/dn798927.aspx.
We're trying to set up a workflow for approval of an item in a list in Sharepoint 2010, where whenever a user creates an item in the list, it automatically routes to their manager for approval before being added to the queue of work items. We'd also like to go a step further and recursively query up the heirarchy until we reach a user with a specific "Job Title".
We use the "manager" attribute and "title" attribute in user profiles so we should be able to poll all this info from AD.
Anyone have any experience or thought as in how to accomplish this task?
Thanks for the help.
+1 to what Patricker suggested with respect to user profile traversal. For AD Query assuming you are using an MS product for AD, create an LDAP Query.
You should be able to figure out lot of tools as well to build LDAP queries. My personal favorite is Search Using Active Directory Users and Computers
To execute LDAP queries via .Net you would use classes in System.DirectoryService namespace