Getting MSOL users through REST API for Sharepoint - sharepoint

I'm looking for a REST call to get all MS-Online users.
I am able to get these users through the following Powershell command
Get-MSOLUser -All
I am currently using http://{siteurl}/_api/web/siteusers call to fetch users, but this doesn't return all users that I get using Powershell.
Is there a way I could get all those users?
NOTE: One thing that I have noted is that /siteusers call doesn't return those users who haven't created a personal site(Onedrive) or in other words, returns only those users who have a /personal/user_name_domain_com site.
Could this be the reason why /siteusers call is not returning this data while Powershell is?

I figured it out myself! The trick is to use Graph API. Refer to Azure Graph API for users.
Get an access token for "https://graph.windows.net" resource. This access token can then be used to access https://graph.windows.net
Url to hit
https://graph.windows.net/yourdomain/users?api-version=2013-04-05
Domain should be something like abc.onmicrosoft.com
Headers
Content-Type : application/json;odata=verbose Note::(application/json will do)
Authorization : Bearer eYrvwvZ_PN9Ty5a2pQrb23y******

Related

Microsoft Graph API - Sharepoint list unable to call create/update SharePoint list items, GET/DELETE works

Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks

How to use Power BI REST API's in Azure Data Factory

I am trying to create a list of all the workspaces and the reports contained in each one of them for a documentation project.
I found online that we can use this to get the workspaces, I wanna use it with a "web" activity:
https://api.powerbi.com/v1.0/myorg/groups
And then I want to use the IDs we get in the output with a foreach and another web activity inside of it and use this to get the reports in each workspace, then copy it somewhere (datalake or DB) :
https://api.powerbi.com/v1.0/myorg/groups/{groupId}/reports
But I don't know how to configure the activity and the authentication.
If there is a better way like connecting directly to Power BI I'm all ears, I tried to do a get data from web source but I don't have any "key" for API and organization authentication doesn't work.
When I run the code here: https://learn.microsoft.com/en-us/rest/api/power-bi/groups/getgroups it works perfectly.
Thanks in advance
'But I don't know how to configure the activity and the authentication.' For this question, I'm not sure if you don't know how to use access token to call an API.
Register an azure ad application with the api permission of 'https://analysis.windows.net/powerbi/api/Workspace.ReadWrite.All'
so that you can generate an access token by this application with
this scope. Add api permission.
Use ropc flow to generate an access token. This flow contains user information so that your api could know who you are to return correct groups.
Add 'Authorization' in request head with value of 'Bearer accessToken' to call the api.
ropc flow 1.0:

Retrieving user's calendar events in Microsoft graph using application permissions

I'm trying to build a small application that can retrieve a particular user's calendar events without a signed in user, that is to utilize the application permissions in Graph API and query the events by authenticating with App ID, Tenant ID and Secret values. I was able to follow this documentation https://learn.microsoft.com/en-us/graph/auth-v2-service and generate JWT tokens to query the graph API. And it worked fine when i tried to retrieve all the users information, or even retrieve a particular users information using the following paths.
/users
/users/{id | userPrincipalName}
Both the above endpoints worked fine and i was able to retrieve details, but when i tried to access the calendar events of a particular user using the following Graph API path
/users/{id | userPrincipalName}/events
I get the following error,
I'm not sure what i'm doing wrong here, i have the following Application permissions set up in Azure AD Portal and the permissions are reflected in the JWT token.
I feel like the token generation part is working fine since the first two Graph API endpoints i mentioned above are functional, but I'm not sure where else I'm going wrong and as to why I'm not able to retrieve a particular user's calendar events. Any help would be much appreciated.

Use accessToken to obtain Dynamics Organization Uri

I have a nodejs project that is using adal-node (https://www.npmjs.com/package/adal-node) to authenticate via OAuth2 to Dynamics CRM. I have successfully gotten the authorizationUrl, then posted the code to get the accessToken. However, this last response does not return an instanceUrl. So I've been scowering the MSDN pages online for documentation on how to use the accessToken to obtain the correct organization instance Uri. I've tried this (https://msdn.microsoft.com/en-us/library/mt607485.aspx) and just get a 401 "Authorization has been denied for this request" response. Maybe I'm formatting this request improperly? Can someone kindly direct me to some documentation on how to use the valid accessToken I've obtained to retrieve the organization instance Uri for this user? Thanks.
Recently went through this myself, the issue I think you might be experiencing is the resource that is being requested access to when you request your authentication token is incorrect. While you would think it would be https://globaldisco.crm.dynamics.com/, I actually been successfully with https://disco.crm.dynamics.com/ (ensure to include the trialing slash) as the resource.
If your token is rejected then look at the WWW-Authenticate attribute in the response header and it will indicate the resource you should be requesting. Similar to this:
Bearer authorization_uri=https://login.windows.net/common/oauth2/authorize, resource_id=https://disco.crm3.dynamics.com/
After getting the right resource I was able to query the global disco service without issues and even though giving the NA disco resource returned instances from various regions. This worked on Azure AD tenants started in NA as well as the UK.
I have blogged a full sample here - http://colinvermander.com/2017/01/19/calling-the-dynamics-global-discovery-service/
According the description at https://msdn.microsoft.com/en-us/library/mt607485.aspx, to request against to https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances(UniqueName='myorg'), you need to replace myorg to your own unique name of your dynamic crm server.
You can refer to https://www.dynamics-pros.com/support/kb/kb102033 for how to get the unique name.

How to find if OneDrive is active for a user in Office365 through API?

Is there a way I could find out that a user has a OneDrive Site(for an Office365 account)?
I'm getting user list for my sharepoint site through
https://{domain}-my.sharepoint.com/_api/web/siteusers
but there is no field that could indicate if a user has an active OneDrive .By OneDrive I mean a personal site of this sort;
https://{domain}-my.sharepoint.com/personal/user_name_domain_microsoft_com
One way to find out is by accessing this URL for that user and check if it yields a 404 response.
I'm trying to get it done via the REST API? Any help on this?
The following User properties could be used to distinguish actual (or active) SPO users:
Principal.PrincipalType property - PrincipalType.User
value specifies a user as the principal type
UserIdInfo.NameIdIssuer property - configuration-agnostic
reference to the type of the name identifier issuer, for SPO users its value: urn:federation:microsoftonline
REST request:
/_api/web/siteusers?$filter=PrincipalType eq 1 and UserId/NameIdIssuer eq 'urn:federation:microsoftonline'
You can't do this right now using the O365 Files REST API, but you can using Powershell cmdlets (e.g. this page http://blog.blksthl.com/2014/08/07/office-365-guide-series-provision-onedrive-for-business-using-powershell/ shows you how to use Powershell to provision OneDrive for Business for a list of users, from there it's just a slight modification to print out if these folks have OneDrive provisioned)
But another workaround, which you alluded to, is to use the O365 Files REST API and make a call to this endpoint:
https://your_SP_URL.com/_api/v1.0/me/drive
If you get an error, you'll know the Drive hasn't been provisioned yet. It's an ugly solution, but it should work just fine for your purpose.

Resources