31

We have an application which has used a local AD to fetch user info. Some customers want to move to the cloud and are using Azure AD. We extended the app to sign users in via owin and now we're fetching users via Microsoft Graph.

However from Microsoft Graph we do not get full user profiles. We want to fetch all properties on users, not just the basic ones.

var client = new RestClient(string.Format("https://graph.microsoft.com/v1.0/users/{0}", userEmail)); request = new RestRequest(); request.Method = Method.GET; request.AddHeader("Authorization", _token.Token); var reponse = client.Execute(request);

This only gives me some information though, for example I don't get 'Department' from this. Is it possible to configure in azure what should be returned here, if so then where? Or do I need something other than /users/?

Different customers might have different special properties that need to be fetched. So the best solution would be to have an endpoint to call and get everything, including special properties not standard in azure ad. After that I can parse it on my side. Is this possible?

The app has permission to read both basic and full profiles. Do I need something more?

Improve this question

8 Answers 8

Reset to default
37

That's the normal behaviour of Graph API, see documentation here and this extract:

This operation returns by default only a subset of the more commonly used properties for each user. These default properties are noted in the Properties section. To get properties that are not returned by default, do a GET operation for the user and specify the properties in a $select OData query option. Because the user resource supports extensions, you can also use the GET operation to get custom properties and extension data in a user instance.

You have to specify all fields in the select, as $select=* will only output the key fields in Graph API implementation.

So you will not be able to get what you ask (variable custom fields).

More info on the fields of User can be found here

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

Ah ok i see. But getting custom fields are not possible at all via microsoft graph? Can i get them some other way?
I did not say that you can't get custom fields
I misunderstood the 'So you will not be able to get..'-part. So I can still get them by putting them in the $select but i cant do a request that returns everything is what you meant?
If you know the fields name, you can get them. You just can ask for "all fields" without providing their names
Just to summarize (per Nicolas) - on the user entity type just the base/default set of properties are returned for a standard GET operation. If you want more than the standard set you need to explicitly ask for the set of properties you want using $select. $select=* is not supported. If you are looking for this functionality please request it on UserVoice here: officespdev.uservoice.com/forums/…
|
8

Using the Microsoft Graph Explorer, I've been able to find all available properties for a user:

  1. Go to "Groups"
  2. Select "list all groups in my organization"
  3. Change the query to filter by a group you know and expand members: https://graph.microsoft.com/v1.0/groups?$filter=mail eq '[email protected]'&$expand=members

Now you'll see all the available properties for the users.

For example:

{ "@odata.type": "#microsoft.graph.user", "id": "4dcd337f-75a0-4d69-831b-7d78b75f", "deletedDateTime": null, "accountEnabled": true, "ageGroup": null, "businessPhones": [ "123456" ], "city": "Remote", "companyName": "CorpCompany", "consentProvidedForMinor": null, "country": "US", "createdDateTime": "2015-07-08T09:17:57Z", "creationType": null, "department": "Org Department", "displayName": "Doe, John", "employeeId": "987654", "employeeHireDate": null, "employeeType": null, "externalUserState": null, "externalUserStateChangeDateTime": null, "faxNumber": null, "givenName": "John", "jobTitle": "Senior Analyst", "legalAgeGroupClassification": null, "mail": "[email protected]", "mailNickname": "John_Doe", "mobilePhone": null, "onPremisesDistinguishedName": "CN=John_Doe,OU=Users,OU=Austin,DC=amer,DC=corpcompany,DC=com", "onPremisesDomainName": "amer.corpcompany.com", "onPremisesImmutableId": "bRTSaH7GlFgP1Rzg==", "onPremisesLastSyncDateTime": "2022-07-02T01:41:52Z", "onPremisesSecurityIdentifier": "S-1-5-21-1809667-647914-18612-22857", "onPremisesSamAccountName": "John_Doe", "onPremisesSyncEnabled": true, "onPremisesUserPrincipalName": "[email protected]", "otherMails": [], "passwordPolicies": "None", "officeLocation": "A031", "postalCode": "99999", "preferredDataLocation": null, "preferredLanguage": null, "proxyAddresses": [ "X500:/o=CorpCompany/ou=External (FYDIBOSPDLT)/cn=Recipients/cn=3d9287c631e5fbf8ead0ae3e", "x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHPDLT)/cn=Recipients/cn=589233f75f11df8188-John_Doe", "smtp:[email protected]", "x500:/o=CORP/ou=Exchange Administrative Group (FYDIBOSPDLT)/cn=Recipients/cn=John_Doe", "X500:/o=CORP/ou=Exchange Administrative Group (FYDIBODLT)/cn=Recipients/cn=John_Doe", "smtp:[email protected]", "smtp:[email protected]", "SMTP:[email protected]", "smtp:[email protected]" ], "refreshTokensValidFromDateTime": "2022-06-12T21:33:16Z", "imAddresses": [ "[email protected]" ], "isResourceAccount": null, "showInAddressList": true, "signInSessionsValidFromDateTime": "2022-06-12T21:33:16Z", "state": "Texas", "streetAddress": null, "surname": "Doe", "usageLocation": "US", "userPrincipalName": "[email protected]", "userType": "Member", "[email protected]": "#Collection(String)", "extension_d2d89_departmentNumber": [ "11-20-713" ], "extension_d2d60d497e54995e89_employeeType": "CorpCompany", "extension_d2d6bf54995e89_employeeID": "987654", "authorizationInfo": { "certificateUserIds": [] }, "employeeOrgData": null, "passwordProfile": null, "onPremisesExtensionAttributes": { "extensionAttribute1": "987654", "extensionAttribute2": null, "extensionAttribute3": null, "extensionAttribute4": null, "extensionAttribute5": null, "extensionAttribute6": "[email protected]", "extensionAttribute7": null, "extensionAttribute8": null, "extensionAttribute9": "0", "extensionAttribute10": null, "extensionAttribute11": "987654", "extensionAttribute12": "Ent", "extensionAttribute13": null, "extensionAttribute14": "[email protected]", "extensionAttribute15": "E5+EXO+YAM+SKYPE+VIVA+PBI+PAUTO+PAPPS+MPL" } }
Improve this answer

1 Comment

It is batshit crazy that this work around has to be done to get all the properties. WTF. $expand should be available for a direct call for a user
6 
User user = await graphServiceClient .Users[emailId] .Request() .Select(aadUser => new { aadUser.Id, aadUser.UserPrincipalName, aadUser.DisplayName, aadUser.GivenName, aadUser.Surname, aadUser.City, aadUser.MailNickname, aadUser.UserType }) .GetAsync() .ConfigureAwait(false);
Improve this answer

1 Comment

While this code may solve the question, including an explanation of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please edit your answer to add explanations and give an indication of what limitations and assumptions apply.
2

As already stated by NicolasR, you must list all the fields you want to retrieve by using the "$select" parameter; if you want, instead, to retrieve the custom fields, you can either add them to the previous parameter (if you know their names) or you can use "$expand=extensions"

Improve this answer

2 Comments

"$expand=extensions" i didnt get anything different by adding this parameter so could you please expand :D
@ChopLabalagun you can refer to this other question, it should solve your doubts ;) stackoverflow.com/questions/45925030/…
2 
function getGraphDataAdvanced($authToken, $urlGraph){ $url = $urlGraph + '&$count=true' $data = (Invoke-RestMethod -Headers @{ Authorization = "Bearer $($authToken)" ConsistencyLevel = "eventual" } -Uri $url -Method Get) $dataList = @() $dataList += $data.value $url = $data.'@Odata.NextLink' while ($null -ne $url){ Write-Warning 'Retreiving Next Page' $data = (Invoke-RestMethod -Headers @{ Authorization = "Bearer $($authToken)" ConsistencyLevel = "eventual" } -Uri $url -Method Get) $dataList += $data.value $url = $data.'@Odata.NextLink' } return $dataList } getGraphDataAdvanced $authToken 'https://graph.microsoft.com/beta/users? $expand=extensions'
Improve this answer

Comments

2

I've been trying to find a way to get all Azure AD properties of objects via Powershell MSGraph cmdlets without it truncating at the right edge of the console.

I've discovered that Format-Custom triggers vomiting of (apparently) all properties of an object in a huge, alphabetical, indented, and bracketed list.

Get-MgUser -filter "startswith(userprincipalname, 'username')" | format-custom

The formatted properties of a newly created and unused user account in Azure AD is 13217 lines long.

Improve this answer

1 Comment

While it outputs lots of stuff, most of it seems to be empty unless queried explicitly using ODATA: get-mguser -UserId [...] -Select 'DisplayName,UserPrincipalName,Mail,Id,Identities,proxyAddresses' | Format-List The value for Identities wouldn't be availble otherwise.
1

The 'AzureAD' module would allow for Get-AzureADUser -ObjectId [email protected] | fl and spit out everything for that user. It's an incredibly fast and easy way to see what has and has not been set.

Improve this answer

2 Comments

Hi, while this does work, this isn't a good answer because unfortunately, the AzureAD PowerShell module has been marked as deprecated and will be removed in future. It's replacement is the Microsoft Graph Powershell SDK.
Get-MgUser -UserId [email protected] | Format-List produces the same results as Get-AzureADUser, so this is still relevant.
-1

You can use the beta endpoint to retrieve all user attributes via Microsoft Graph.

# Connect to Microsoft Graph with the required scopes. Connect-MgGraph -Scopes "User.Read.All" # Make a request to the Microsoft Graph beta endpoint to retrieve user information. # Replace '[email protected]' with the actual user's email address you want to query. $user = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/users/[email protected]" # Get an enumerator for the user's properties and sort them alphabetically by their name (key). $sorteddict = $user.GetEnumerator() | Sort-Object Name # Display the sorted dictionary of user properties. $sorteddict
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.