i try to find a query to check which AAD users are mail enabled.
I think with PowerShell checking the users mailbox will work (attribute ismailenabled), but i cant find something equal in the Microsoft Graph documentation.
Any ideas how i can get a list of mailenabled users in graph explorer?
BR
Thomas
There is no mailenabled property for user in the Microsoft Graph API. For the all properties of user, please read here.
Related
I am using Microsoft Graph API to read emails (/users/{id | userPrincipalName}/messages) in the mailboxes of the users in my Azure active directory. I have noticed that for some users, I get this error:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: REST API is not yet supported for this mailbox.
Upon investigation, I found out that these users do not have a valid license and also don't have a mailbox attached to them. Ideally, I would like to only fetch the users that have a mailbox enabled. I tried checking the assignedLicenses property of each user and only fetch emails for those users that have a valid license assigned to them but, I'm not sure if this is a reliable method as users might have some other license and still not have a mailbox enabled.
Can someone please suggest a straightforward way to only fetch the users that have mailboxes attached? Any help or hint shall be highly appreciated.
I don't see much options from Microsoft Graph perspective. Definitely checking the license is one good way, but you may not have much options with that. Being said that i see the following options,
you may need to use mailboxsettings API call of the user. This way you can get and update the mailbox settings of the user.
Also you can use Get-mailbox Exchange Powershell cmdlet to validate the same as well.
I am new to Azure Active Directory. I have a demand for following functionality: I need to get an objectId of the user who is not invited into my resource group/subscription. Just some Azure user providing an e-mail. Is there any kind of API to do this? I have tried to look into Graph API, but didn't notice a suitable method.
Technology stack is ReactJS. Currently, using ADAL, but it is suitable for authorization and I didn't find a functionality to get information about non-curent users.
Thanks in advance!
You can obtain user's details from Graph API using id or userPrincipalName (which is an email address).
From Microsoft Graph API reference:
GET /users/{id | userPrincipalName}
When I try querying extensionAttribute with Graph API (Hybrid Exchange), I cannot get any value.
E.g., if I try: https://graph.microsoft.com/v1.0/users/<userid or upn>?$select=extensionAttribute2, I cannot see the value even I know it’s there.
Do you know how to get it properly (or a workaround)?
Thank you
Are these values synced to Azure Active Directory? All properties for the AAD User can be found in the Microsoft Graph API docs here : https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
It sounds like these are being synced from an AAD Connect environment, so it's most likely you are trying to get the onPremisesExtensionAttributes.
Per the description:
Contains extensionAttributes 1-15 for the user. Note that the individual extension attributes are neither selectable nor filterable. For an onPremisesSyncEnabled user, this set of properties is mastered on-premises and is read-only. For a cloud-only user (where onPremisesSyncEnabled is false), these properties may be set during creation or update.
I suggest taking a look more thoroughly through the documentation in regards to this. In addition to that, as you mentioned Exchange, note that the custom attributes from exchange are the same as the extension attributes. For more info on this see : https://github.com/microsoftgraph/microsoft-graph-docs/issues/5950
This is a separate sort of "Extension Attribute" but I figured I would include this in the answer as well. There is a different extensibility section for the Microsoft Graph, and the docs on this can be found here : https://learn.microsoft.com/en-us/graph/extensibility-overview
If you see information on these extensions, know that this is separate from the on-prem extensions.
As per the guidelines specified in the Microsoft Azure Docs, I have configured a custom attribute to sync with Azure AD.
When viewing the Tenant Schema Extension App in the Microsoft Graph Explorer
using /beta/applications/Blocked_Tenant_Schema_Extension App_Id/extensionProperties, I can see the extension property has been registered.
The problem is I can't work out how to view this in the Microsoft Graph for a user.
I have tried using Extensions for a user, but can't see it against that.
I have also tried using Directory Object in the Microsoft Graph https://graph.microsoft.com/beta/directoryObjects/Blocked-User-Id?$select=id,extension_Blocked-App-ID_otherTelephone
If you get the user and $select the extension, it should be returned.
E.g.:
https://graph.microsoft.com/v1.0/users/user#company.com?$select=id,extension_b569610d09e44cddbadeb9beaaaaaaaa_ApiRoles
One important thing to note is that the property has the app's id without dashes.
I'm having a problem with Microsoft Graph API... Currently I have a web application that has an openid integration with Microsoft/Azure using the common v2 endpoint.
We are trying to get the signed in user company name and job information. The official docs say that we need to make a request to the MS Graph API.
We are testing it on Microft Graph Explorer but it doesn't seem to work.
We've selected the 'User.Read' as a permission in our app, then tried these endpoints:
https://graph.microsoft.com/v1.0/me/
https://graph.microsoft.com/v1.0/me?$select=companyName,jobTitle
https://graph.microsoft.com/v1.0/users/?$select=companyName,jobTitle
In MS offical doc (https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference) on User/Remarks sections, it clearly says that
"On reads, only a limited number of properties are returned by default. To read properties that are not in the default set, use $select"
Is this doc outdated?
I've tried to reach MS support for developers, but they answered saying that I should ask this on Stack Overflow...
So probably there are no official support for developers?
Is it really possible to get the company name and job title from a MS account?
Thanks in advance!
edit. Update question with MS graph explorer screenshots
edit.2. Update screenshot with proper encoding.
Also, it's a MS account not an Azure account, since our web app accepts both of them on the common v2 endpoint.
Update
My goal was trying to get the Work Info section from a MSA account.
The documentation is correct, by default we only return a subset of user properties:
id
userPrincipalName
displayName
givenName
surname
jobTitle
mail
mobilePhone
businessPhones
officeLocation
preferredLanguage
If you want a different set of properties, you can request them using the $select query parameter. The queries you provided in your question should work fine. For example, when I execute https://graph.microsoft.com/v1.0/me?$select=companyName in Graph Explorer (after logging in with my credentials) I get the following:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(companyName)/$entity",
"companyName": "MICROSOFT"
}
Update Regarding MSA
When using Microsoft Graph against a Microsoft Account (MSA) there are several differences in what properties get surfaced. As an MSA is by definition a personal/individual account, organizational properties such as Job Title and Office Location are simply not applicable.