[英]Azure AD Graph API cannot access Microsoft Account
I have 2 users in Azure AD 我在Azure AD中有2个用户
User 2 always works in Graph API calls but not the user 1. 用户2始终在Graph API调用中工作,但在用户1中不起作用。
https://graph.windows.net/tenantid/users/testmail@hotmail.com?api-version=2013-04-05 https://graph.windows.net/tenantid/users/testmail@hotmail.com?api-version=2013-04-05
(Email actually is url encoded as testmail%40hotmail.com). (电子邮件实际上是url编码为testmail%40hotmail.com)。 This gives the following error "{\\"odata.error\\":{\\"code\\":\\"Request_ResourceNotFound\\",\\"message\\":{\\"lang\\":\\"en\\",\\"value\\":\\"Resource 'testmail@hotmail.com' does not exist or one of its queried reference-property objects are not present.\\"}}}"
这给出了以下错误“ {\\“ odata.error \\”:{\\“ code \\”:\\“ Request_ResourceNotFound \\”,\\“ message \\”:{\\“ lang \\”:\\“ en \\”,\\“ value \\“:\\”资源'testmail@hotmail.com'不存在,或其查询的参考属性对象之一不存在。\\“}}}”
Does anyone know how to fix this? 有谁知道如何解决这一问题?
Edited: Things I figured out trying to fix this. 编辑:我想解决此问题。 I am using UserPrincipal name in the query above(..users/testmail@hotmail.com?..).
我在上面的查询中使用UserPrincipal名称(..users / testmail @ hotmail.com?..)。 For built-in domain accounts userPricipal name is testmail@domain.com(this works) but for a Microsoft account userPrincipal name is testmail_hotmail.com#EXT#@domain.com.
对于内置域帐户,用户主名称为testmail@domain.com(此方法有效),但对于Microsoft帐户用户,主名称为testmail_hotmail.com#EXT#@domain.com。 This was given in the all users list ( https://graph.windows.net/tenantid/users?api-version=2013-04-05 ).
这在所有用户列表中给出( https://graph.windows.net/tenantid/users?api-version=2013-04-05 )。 But even when I changed the query to '..users/testmail_hotmail.com#EXT#@domain.com?..' ofcourse after url encoding(testmail_hotmail.com%23EXT%23%40domain.com), still it does not work.
但是即使在URL编码后将查询更改为“ ..users / testmail_hotmail.com#EXT#@ domain.com?..”,(testmail_hotmail.com%23EXT%23%40domain.com),它仍然无法正常工作。 Objectid always works though for all accounts(..users/objectId?..) .
尽管对于所有帐户(..users / objectId?..),Objectid始终有效。
Also tried otherMails. 还尝试了其他邮件。 May be the api is wrong as otherMails is an array.
可能是api错误,因为otherMails是一个数组。 " https://graph.windows.net/tenantId/Users ?$filter=otherMails eq 'testmail%40hotmail.com'&api-version=2013-04-05"
“ https://graph.windows.net/tenantId/Users?$ filter = otherMails eq'testmail%40hotmail.com'&api-version = 2013-04-05“
So the question still remains. 因此问题仍然存在。 if only email is available for an MS account(not objectid) when making the call, how to get user details?
如果拨打电话时只有电子邮件可用于MS帐户(而不是objectid),则如何获取用户详细信息?
You are missing your domain in the URL you posted. 您在发布的网址中缺少域。 It should be
它应该是
https://graph.windows.net/[your Azure AD domain]/users
To get the email address for a user you need to add the object Id of the user in the request URL. 要获取用户的电子邮件地址,您需要在请求URL中添加该用户的对象ID。 So, for example, to get an Azure AD user it would be like this:
因此,例如,要获得一个Azure AD用户,它将是这样的:
https://graph.windows.net/[your Azure AD domain]/users/[object ID of user]/mail
For users in the directory sourced from a Microsoft Account , the mail property is null. 对于源于Microsoft帐户的目录中的用户,mail属性为null。 So, you will have to look in the otherMails property like this:
因此,您将必须像下面这样查看otherMails属性:
https://graph.windows.net/[your Azure AD domain]/users/[object ID of user]/otherMails
If you want to access the full user account using a user's UPN, you can do that for users sourced from Azure AD. 如果要使用用户的UPN访问完整用户帐户,则可以对来自Azure AD的用户执行此操作。 For example, for a tenant domain contoso.com and a user with a UPN johndoe@contoso.com, the query would look like this:
例如,对于租户域contoso.com和具有UPN johndoe@contoso.com的用户,查询如下所示:
https://graph.windows.net/contoso.com/users/johndoe@contoso.com
This doesn't work for users sourced from Microsoft Accounts. 这不适用于来自Microsoft帐户的用户。 For these accounts, the UPN contains characters (#, . for example) that break the query.
对于这些帐户,UPN包含破坏查询的字符(例如,#、.)。 You can filter by the UPN though using the naming convention that is used for users sourced from Microsoft Accounts.
您可以使用从Microsoft帐户派生的用户使用的命名约定,通过UPN进行筛选。 Suppose you have a user whose email is jayhamlin@yahoo.com in your directory.
假设您的目录中有一个电子邮件地址为jayhamlin@yahoo.com的用户。 The UPN would be something like jayhamlin_yahoo.com#EXT#@contoso.com .
UPN可能类似于jayhamlin_yahoo.com#EXT#@contoso.com 。 So, you could use a filter and look for the first part of the UPN like this:
因此,您可以使用过滤器来查找UPN的第一部分,如下所示:
https://graph.windows.net/contoso.com/users?api-version=2013-11-08&$filter=startswith(userPrincipalName, 'jayhamlin_yahoo')
You can easily explore the Graph API and object properties for your directory using https://graphexplorer.cloudapp.net . 您可以使用https://graphexplorer.cloudapp.net轻松浏览目录的Graph API和对象属性。
That filter can work, but you could also filter on otherMails. 该过滤器可以工作,但您也可以过滤其他邮件。 Your original query didn't work because otherMails is a multi-valued property- so you need to use "any":
您的原始查询无效,因为otherMails是多值属性-因此您需要使用“ any”:
https://graph.windows.net/tenantId/users?api-version=1.5& $filter=otherMails/any(x:startswith(x,'testmail@hotmail.com')) https://graph.windows.net/tenantId/users?api-version=1.5& $ filter = otherMails / any(x:startswith(x,'testmail @ hotmail.com'))
When are you using this lookup? 您何时使用此查询? Is it once the user has signed in or for some people picking scenario?
是用户登录后还是有人采摘场景?
Cheers, 干杯,
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.