We are using Office 365 in our company. How can I get a list of all users and resources with their details in our subscription?
Before, when we had Exchange and Active Directory installed in-house, I was getting all this data directly from our AD, now, when all users are in the cloud how can I do it?
Oleg,
For starters, there is no way to browse the GAL using EWS or EWS Managed API but you can search the GAL. The current methods that have access to the GAL with Exchange 2013 or Office 365 are ResolveNames, ExpandDL, FindPeople, and GetUserPhoto. The best option is to use the FindPeople operation in EWS (There is no method in EWS Managed API for this operation at this time) because it will allow you to do an IndexedPageItemView to view a block at a time.
Here is where it gets interesting. FindPeople has an element called DistinguishedFolderId that allows you to specify where to look. You can set the value to directory to search the GAL, but this only works for on-premises versions of Exchange. If you want to search the GAL on Office 365 you need to specify the AddressListId for the GAL, however there are no operations in EWS to get this Id. If you have the proper permissions you can use the PowerShell cmdlet Get-AddressList.
Here is a little more information about getting to the GUID:
Office365’s Global Address List Guid
Once you have the GUID you can set the ParentFolderId in FindPeople and you will be able to search the GAL.
I hope this information helps. If this does resolve your problem, please mark the post as answered.
--- Bob ---
Related
I am using Microsoft Graph API to read emails (/users/{id | userPrincipalName}/messages) in the mailboxes of the users in my Azure active directory. I have noticed that for some users, I get this error:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: REST API is not yet supported for this mailbox.
Upon investigation, I found out that these users do not have a valid license and also don't have a mailbox attached to them. Ideally, I would like to only fetch the users that have a mailbox enabled. I tried checking the assignedLicenses property of each user and only fetch emails for those users that have a valid license assigned to them but, I'm not sure if this is a reliable method as users might have some other license and still not have a mailbox enabled.
Can someone please suggest a straightforward way to only fetch the users that have mailboxes attached? Any help or hint shall be highly appreciated.
I don't see much options from Microsoft Graph perspective. Definitely checking the license is one good way, but you may not have much options with that. Being said that i see the following options,
you may need to use mailboxsettings API call of the user. This way you can get and update the mailbox settings of the user.
Also you can use Get-mailbox Exchange Powershell cmdlet to validate the same as well.
I work for a company where we started to share the PowerBI license for users without the Office plan. They started asking us to give them access to the Outlook to be in touch with newsletters and other reports from PowerBI. Our organization is not allowing to supply an Office license to PowerBI users.
I have a few questions :
Is there a chance to forward emails to their private mailboxes without converting them to SharedMailbox?
if I add a PowerBI license with Office plan and convert it to shared the PowerBI will be disabled on that account? If not is it possible to take it off or do I need to convert it to the regular mailbox to take it off?
I know about Mail Flow rules, are they safe to use? They are global rules either way.
I am excluding here a Contact user with one reason PowerBI license cannot be added to a Contact user.
Thanks for any suggestions
Found an answer,
Create AD account synch it with O365 move it to correct OU,
go to the user created earlier -> Attribute Editor -> Attribute: targetAddress add: SMTP:youraddress#something.com
Wait to synch and test. All emails should be redirected to the target address without having the license.
I can see its possible to set expiration on groups via PowerShell. However I haven’t found any IP on adding specific groups to an expiration policy from c#. Any ideas how this can be performed? Ultimately through the graph API would be great.
Add retention to groups
New-AzureADMSGroupLifecyclePolicy -GroupLifetimeInDays 365 -ManagedGroupTypes All -AlternateNotificationEmails emailaddress#contoso.com
According the Group API documentation, the Graph API currently (as of Jan-2019) does support setting group lifecycle info.
If your requirement is purely about being able to do the above via C#, why now PowerShell.Invoke the above command from your c# app?
I'm having a problem with Microsoft Graph API... Currently I have a web application that has an openid integration with Microsoft/Azure using the common v2 endpoint.
We are trying to get the signed in user company name and job information. The official docs say that we need to make a request to the MS Graph API.
We are testing it on Microft Graph Explorer but it doesn't seem to work.
We've selected the 'User.Read' as a permission in our app, then tried these endpoints:
https://graph.microsoft.com/v1.0/me/
https://graph.microsoft.com/v1.0/me?$select=companyName,jobTitle
https://graph.microsoft.com/v1.0/users/?$select=companyName,jobTitle
In MS offical doc (https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference) on User/Remarks sections, it clearly says that
"On reads, only a limited number of properties are returned by default. To read properties that are not in the default set, use $select"
Is this doc outdated?
I've tried to reach MS support for developers, but they answered saying that I should ask this on Stack Overflow...
So probably there are no official support for developers?
Is it really possible to get the company name and job title from a MS account?
Thanks in advance!
edit. Update question with MS graph explorer screenshots
edit.2. Update screenshot with proper encoding.
Also, it's a MS account not an Azure account, since our web app accepts both of them on the common v2 endpoint.
Update
My goal was trying to get the Work Info section from a MSA account.
The documentation is correct, by default we only return a subset of user properties:
id
userPrincipalName
displayName
givenName
surname
jobTitle
mail
mobilePhone
businessPhones
officeLocation
preferredLanguage
If you want a different set of properties, you can request them using the $select query parameter. The queries you provided in your question should work fine. For example, when I execute https://graph.microsoft.com/v1.0/me?$select=companyName in Graph Explorer (after logging in with my credentials) I get the following:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(companyName)/$entity",
"companyName": "MICROSOFT"
}
Update Regarding MSA
When using Microsoft Graph against a Microsoft Account (MSA) there are several differences in what properties get surfaced. As an MSA is by definition a personal/individual account, organizational properties such as Job Title and Office Location are simply not applicable.
I have some clients that I'd like to put into Microsoft CRM (3.0 Dynamics). These people are already in a small Active Directory group for access to a couple of internal applications.
Is there a way to add these people to CRM and pull/push the contact data from Active Directory, so I'm not creating a second repository of information that conflict?
Unfortunately there's no out-of-the-box way to dot his. You'd have to write a custom app in order to query AD and pull in the data. Unless you're looking at over 100 customers you probably won't make up the time it would take you to manually input this data.