从 Microsoft graph 获取所有用户属性

Question

We have an application which has used a local AD to fetch user info. Some customers want to move to the cloud and are using Azure AD. We extended the app to sign users in via owin and now we're fetching users via Microsoft Graph.

However from Microsoft Graph we do not get full user profiles. We want to fetch all properties on users, not just the basic ones.

var client = new RestClient(string.Format("https://graph.microsoft.com/v1.0/users/{0}", userEmail));
request = new RestRequest();
request.Method = Method.GET;
request.AddHeader("Authorization", _token.Token);
var reponse = client.Execute(request);

This only gives me some information though, for example I don't get 'Department' from this. Is it possible to configure in azure what should be returned here, if so then where? Or do I need something other than /users/ ?

Different customers might have different special properties that need to be fetched. So the best solution would be to have an endpoint to call and get everything, including special properties not standard in azure ad. After that I can parse it on my side. Is this possible?

The app has permission to read both basic and full profiles. Do I need something more?

Answer 1

That's the normal behaviour of Graph API, see documentation here and this extract:

By default, only a limited set of properties are returned ( businessPhones , displayName , givenName , id , jobTitle , mail , mobilePhone , officeLocation , preferredLanguage , surname , userPrincipalName ).

To return an alternative property set, you must specify the desired set of user properties using the OData $select query parameter. For example, to return displayName, givenName, and postalCode, you would use the add the following to your query $select=displayName,givenName,postalCode

You have to specify all fields in the select, as $select=* will only output the key fields in Graph API implementation.

So you will not be able to get what you ask (variable custom fields).

More info on the fields of User can be found here

Answer 2

User user = await graphServiceClient
    .Users[emailId]
    .Request()
    .Select(aadUser => new
    {
        aadUser.Id,
        aadUser.UserPrincipalName,
        aadUser.DisplayName,
        aadUser.GivenName,
        aadUser.Surname,
        aadUser.City,
        aadUser.MailNickname,
        aadUser.UserType
    })
    .GetAsync()
    .ConfigureAwait(false);

Answer 3

As already stated by NicolasR, you must list all the fields you want to retrieve by using the "$select" parameter; if you want, instead, to retrieve the custom fields, you can either add them to the previous parameter (if you know their names) or you can use "$expand=extensions"

Answer 4

function getGraphDataAdvanced($authToken, $urlGraph){
    $url = $urlGraph + '&$count=true'

    $data = (Invoke-RestMethod -Headers @{
        Authorization = "Bearer $($authToken)"
        ConsistencyLevel = "eventual"
    } -Uri $url -Method Get)

    $dataList = @()
    $dataList += $data.value

    $url = $data.'@Odata.NextLink'

    while ($null -ne $url){
        Write-Warning 'Retreiving Next Page'

        $data = (Invoke-RestMethod -Headers @{
            Authorization = "Bearer $($authToken)"
            ConsistencyLevel = "eventual"
        } -Uri $url -Method Get)

        $dataList += $data.value
        $url = $data.'@Odata.NextLink'
    }
    return $dataList
}

getGraphDataAdvanced $authToken 'https://graph.microsoft.com/beta/users? $expand=extensions'

Answer 5

Using the Microsoft Graph Explorer , I've been able to find all available properties for a user:

1. Go to "Groups"
2. Select "list all groups in my organization"
3. Change the query to filter by a group you know and expand members : https://graph.microsoft.com/v1.0/groups?$filter=mail eq 'aGroup@company.com'&$expand=members

Now you'll see all the available properties for the users.

Answer 6

I've been trying to find a way to get all Azure AD properties of objects via Powershell MSGraph cmdlets without it truncating at the right edge of the console.

I've discovered that Format-Custom triggers vomiting of (apparently) all properties of an object in a huge, alphabetical, indented, and bracketed list.

Get-MgUser -filter "startswith(userprincipalname, 'username')" | format-custom

The formatted properties of a newly created and unused user account in Azure AD is 13217 lines long.