I want to get all group members in the Azure AD group. 5000 users are there. I'm only getting the 500 users using the Azure AD connector Get group members how can I do it in loop so that it will move to 101 to 200 users like that all the way. Any suggestions?
It is a bit more involved, but what you need to do is to get the raw response, azure ad connector is essentially a graph api call, so when you call that, it'll get some max amount of users, but also in the response, there will be a url in the #odata.nextLink field. this field contains the url to the next page of results. so in logic app or flow, you will have to first have a return list variable, create a loop that checks if the value of that while odata.nextlink is not null. then keep iterating and adding the results to the return list variable . until you reach the end, then return the return list variable.
Related
I checked a few posts asked the similar questions before, but none works for my case, not sure if something wrong on my side or it's the AD.
So I have security group at path:
CN=MigratedUsers,OU=Azure Groups,OU=Security Groups,OU=National Organization,DC=abc,DC=firm,AD
And in the MigratedUsers group, there is a member property with a few AD users in the group.
I am trying to get the list of users, so I can iterate through them.
So in my base location I specified:
OU=Azure Groups,OU=Security Groups,OU=National Organization,DC=abc,DC=firm
For the LDAP Filter I have:
(&(objectCategory=user)(memberOf=CN=MigratedUsers,OU=Azure Groups,OU=Security Groups,OU=National Organization,DC=abc,DC=firm))
The result returned 0 records.
I tried other combinations such as (&(objectCategory=group)(CN=MigratedUsers)), it doesn't work either.
So, could anyone point out to me if anything in my query is wrong or I need to start checking something else like AD settings etc.
Thank you.
Your first filter looks fine :
(&(objectCategory=user)(memberOf=CN=MigratedUsers,OU=Azure Groups,OU=Security Groups,OU=National Organization,DC=abc,DC=firm))
But the search base is not, (it's a group search base, while you want to retrieve user entries). The user base should look like this :
OU=Users,OU=National Organization,DC=abc,DC=firm
You're searching for users, but you set the base of the search to:
OU=Azure Groups,OU=Security Groups,OU=National Organization,DC=abc,DC=firm
That tells it to only return users that are in the Azure Groups OU. I'm guessing that there are no users in that OU. Set the base of the search to the root of the domain (e.g. DC=abc,DC=firm), or just don't set it at all, since that will be the default.
Your first filter is the correct one (which has the full DN of the group).
We're using Azure AD as the Identity Provider for User Provisioning into our system.
We have started getting this error of late.
EntrySynchronizationError
Result Failure
Description Failed to match an entry in the source and target systems User 'XXX#XXX.com'
ErrorCode SystemForCrossDomainIdentityManagementMultipleEntriesInResponse
There has been no change in our scim server code. The error message is obviously stating it's fetching more than 1 entry when it should return 1 but in reality, there is no user with the said username & Azure AD should be sending a request to create a new one.
This is happening under the action "Other", I'm guessing it's a GET.
Any idea on what's going wrong here?
A GET operation with a filter (ie: GET /Users?filter=userName eq "Test_User_dfeef4c5-5681-4387-b016-bdf221e82081") is expecting either 0 or 1 result to be returned, but is receiving more than one result. Either your configuration in provisioning is matching on an attribute that is not uniqueness constrained (ie: department eq "Sales") or there's a problem with your logic for returning filtered results.
I create a user account with multiple UPNs in AD. How do we extract whole UPNs from AD?
For instance: sathishM#litwareinc.pri/ sathishM#Facrikam.com; <UPN:: #litwareinc.pri | #Facrikam.com>
I would like to extract #litwareinc.pri and #Facrikam.com. Thanks
That entire value (for example: sathishM#litwareinc.pri) is stored in the userPrincipalName attribute of the AD object. It is only AD Users and Computers that separates it.
If you want just the domain portion, then you will just need to split the string by the #. How you do that depends on how you plan on reading the object.
I am working on a logic app that will create users in third party applications based on AAD group membership. To avoid issues when the group has more than 999 users I have implemented paging. I first get the first 50 users, and a NextLink that I call to get the next 50. This loop runs fine.
Snippet of logic app
When no more nextlink is found, the loop exits. During the loop iterations, I need to store the user information (first name, lastname, UPN etc) in an array so i can process everyone after running through the loop. I have tried running the Union expression as follows:
union(variables('AllUserInfoArray'),body('HTTP_-_Request_My_Group_Name_group_members')['value'])
But this does not add the user data to the AllUserInfoArray, it creates a new array (Compose->Outputs). How do I add all userdata into the AllUserInfoArray array so I can loop through all users once all user info has been gathered?
According to the description of your problem, your concern is the "union" in "Compose" action creates a new array which contains both of the collections(array) but why not append the array from http request to the array "AllUserInfoArray". But why not create an action after the "Compose" to set the variable "AllUserInfoArray" with output value of the "Compose". And then we can do the union again to modify "AllUserInfoArray" in the next loop.
I am trying to detect, after a user registers, which friends from Facebook have already registered for my service. My current implementation is very CPU intensive:
for eachFriend in facebookFriends:
friendUser = User.get_by_key_name(eachFriend['id'])
if friendUser:
friendUsers.append(friendUser)
I tried optimizing the query by using the IN operator:
users = User.all().filter('id IN', idList).fetch(10) # the idList is the list of IDs for a users facebook friends
This method fails as the maximum subqueries of the IN operator is 30.
Any tips?
Using an IN operator actually makes your query less efficient: Instead of doing a fast get operation for each friend, you're doing a slow query operation (IN and != filters are broken out into multiple queries on the backend).
Instead, do a single batch fetch for all the matching suers:
friendUsers = User.get_by_key_name([x['id'] for x in facebookFriends])
This returns a list of all friends, with None values for any friends that don't yet exist.
Yeah, you can have each registered user store his friends in a ListProperty so that when I register, you can do an = query on that property to see who has me as a friend. = queries on ListProperties return all entities having the filtered-on value anywhere in the list, and they don't generate subqueries the way IN queries do.
Just be aware of per-entity index limits if some of your users have tons of friends.