I was trying to get all users in my Azure Active Directory filtered by companyName filtering.
The call I used was
/v1.0/users?$select=id,mail,displayName,department&$filter=companyName%20eq%myComapny
but it is returning an error BadRequest .
Am I doing something wrong here?
As Dan said, for now filtering on companyname is not supported.
As a workaround, we can use Azure AD v2 powershell to filter it, like this:
Get-AzureADUser | ?{ $_.CompanyName -eq 'company' }
Hope this helps.
Filtering on companyName is not supported. Can you indicate the scenario for why you need to filter on companyName, please?
As per the recent update from microsoft docs here
We can filter on CompanyName and possibly others too by passing additional header information.
We need to pass :
Header ConsistencyLevel = eventual
Related
I am trying to filter out employees from a specific OU via LDAP.
The problem is that the OU contains spaces.
By itself, with \20 between the respective words, this OU should be resolved and be able to be found.
Furthermore, there is no CN in the respective OU.
What I have tried so far is the following:
(&(objectCategory=person)(objectClass=user)(ou=test\20user\20accounts,dc=lab,dc=local))
Unfortunately I only get an empty output.
The searchbase is missing and i dont know how to implement it in the ldap query.
With Powershell i dont have any issues to get what i want:
Get-ADObject -LDAPFilter "(ObjectClass=user)" -SearchBase "ou=test\20user\20accounts,dc=lab,dc=local" -Properties * |`
? {$_.ObjectCategory -like "cn=Person*" }| select name,objectclass,ObjectCategory | fl
I appreciate any advice :)
Thanks in advance
To search for users in an OU, set the search root of your query (sometimes called Base DN) to the OU. It cannot be done in the filter.
The memberOf attribute is used for groups, not OU's.
You do not supply enough information to make an accurate assessment.
What are you looking for within OU=Test,User,Accounts,DC=Lab,DC=local?
"I wanna get all the members of the OU Test User Accounts"
This should get all "Users" (sAMAccountType=805306368) in the container "OU=Test,User,Accounts,DC=Lab,DC=local" (With some tweaking to fit your server and credentials)
ldapsearch -D "cn=exampleuser,example.com" -w secret -h server.example.com -b "OU=Test,User,Accounts,DC=Lab,DC=local" -s sub "(sAMAccountType=805306368)"
I'm trying to create a custom query in ADUaC to help me index administrators in my system. I've narrowed down security groups that I need to list the members of, but I'm misusing the 'memberOf' attribute in some way which breaks the query.
(objectClass=user)(objectCategory=user)(memberOf=*)
The above query works fine to return all users, but the when I change the wildcard to anything else (ex. (memberOf=*Administrators*)), the query returns no objects.
I have confirmed that there is a relevant Security Group for this query to get users from. I am aware that it does not work for Primary Groups or nested users, and I am simply trying to get it working on a basic level right now. Anyone know how to have the code return users that are a member of the security group?
Unfortunately, you cannot use the wildcard * character to filter distinguishedName attributes. The reason for this is the X.500 Standard.
http://www.ldapexplorer.com/en/manual/109010000-ldap-filter-syntax.htm
Perhaps Powershell can be handy. Something like this could do the trick:
#for just one group
get-adgroupmember -Recursive -Identity "domain admins"
#for a batch of groups
$adminsgroups = "Enterprise Admins","Domain admins"
foreach ($admingroup in $adminsgroups)
{
#with the recursive switch you get nested group members
get-adgroupmember -Recursive -Identity $admingroup
}
For retrieve a specific group by id , I use this request:
https://graph.microsoft.com/v1.0/groups?$filter=id eq 'xxxxx'
Now I am interested in getting many groups, but it looks like the filter does not support multiple elements. When I tried this:
https://graph.microsoft.com/v1.0/groups?$filter=id eq 'xxxxx' or id eq 'yyyy'
It returns this error:
Unsupported or invalid query filter clause specified for property 'id' of resource 'Group'.
Someone can confirm me this?
As the error states the expression groups?$filter=id eq '--group-id-1--' or id eq '--group-id-1--' is not supported but the good news you could utilize /directoryObjects/getByIds endpoint instead to retrieve the list of groups by their ids
Note: the method is available in both v1 and beta versions
Example
POST https://graph.microsoft.com/v1.0/directoryObjects/getByIds
Content-type: application/json
{
"ids":["--group-id-1--","--group-id-2--"],
"types":["group"]
}
Yes, you are right. I can reproduce your issue on my side, not sure why but it should be designed to be like this.
The format of the query is complete right, if we filter by another property except the id, like displayName, it works fine.
https://graph.microsoft.com/v1.0/groups?$filter=displayName eq 'xxxx' or displayName eq 'xxxx'
Currently I can do this in powershell via this script:
Search-ADAccount –LockedOut -SearchBase 'OU=location,OU=country,DC=company,DC=com' | ft Name, SamAccountName, LastLogonDate
I would rather have it in a LDAP saved query, I found this one to display all locked out accounts in the company:
(&(&(ObjectCategory=Person)(ObjectClass=User)(LockoutTime>=1)))
I have tried a number of combinations, but I can't seem to get it right. Here is one of them:
(&(&(ObjectCategory=Person)(ObjectClass=User)(memberof=OU=location,OU=country,DC=company,DC=com)(LockoutTime>=1)))
What am I doing wrong?
As information, when you create a new query, you have the option of specifying the "query root"... by drilling down with that, I was able to achieve the desired goal. I didn't have to modify the query string at all.
I try to get all the members of my domain - using
dsget group "CN=Domain Users,CN=Users,DC=cms,DC=local" -members -expand
But it returns an empty result. How can this be? If I look up the Domain Users in the AD GUI and view its members, I get the full list without problems.
Why is the command not working?
It's just explained by the fact that the member attribute of Domain Users does not contain any user. This group looks like a dynamic group based on a query.