stackoom
  简体   繁体   中英

Get User in Office 365 by ImmutableId

 原文  2016-05-17 20:27:38       office365/ azure-active-directory

Question

  1. I am looking to get the Office 365 User details based on his ImmutableId. However there is no direct attribute to supply the ImmutableId and hence only way currently is to supply it in where-object on the Get-MSOLUser. However this would loop through all users and hence is not a good solution. So is there any other way?

  2. I am trying to build a tool that will read the Users in On-Prem AD and do some licensing work on O365. There could be multiple AD's and hence I started looking at ImmutableId to uniquely identify a user. Is using 'ImmutableId' the correct approach?

2 answers

solution1
 1 ACCPTED  2016-05-18 10:11:37

However this would loop through all users and hence is not a good solution. So is there any other way?

The ImmutableId was generated when sync the on-premise AD with Azure AD.

ImmutableId = user.ObjectGUID.toBase64String() 

$guid = [GUID]"{UserObjectId in on-premise AD}"

$bytearray = $guid.tobytearray()

$immutableID = [system.convert]::ToBase64String($bytearray)

The ImmutableId is mainly used for AD sync, we are not able to query user via ImmutableId.

There could be multiple AD's and hence I started looking at ImmutableId to uniquely identify a user. Is using 'ImmutableId' the correct approach?

If you use the Microsoft Azure AD Sync to sync the user, you will find the database file "ADSync.mdf" under dir "C:\\Program Files\\Microsoft Azure AD Sync\\Data". There is table named "mms_metaverse", you can find the mapping here.

SELECT
[object_id],
[userPrincipalName],
[cloudAnchor] AS [CloudUserId],
[cloudSourceAnchor] AS [ImmutableId]
FROM
mms_metaverse

在此处输入图片说明

UPDATE#1:

After some research, I found that the Graph API is able to filter the user by ImmutableId.

https://graph.microsoft.com/v1.0/users?$filter=onPremisesImmutableId+eq+'zYGi36Y8tkCwX4lYBb8bUA=='

solution2
 0  2021-02-17 15:06:13

For those interested in using C# with the Microsoft.Graph library to query MS Graph for a user using ImmutableID here is a snippet on how to do that:

var filter = Uri.EscapeDataString($"onPremisesImmutableId eq '{immutableIdString}'");
var users = await graphClient.Users
    .Request()
    .Filter(filter)
    .Select("id")  // Add in whatever properties you need to extract here
    .GetAsync();

if (users.Count >= 1)
{
    // ... code ...
}
else
{
    Console.WriteLine($"No user with immutable ID {immutableIdString} was found in Azure AD");
}

Note the use of Uri.EscapeDataString to escape special characters in the filter query. I was having trouble with + characters throwing things off.

Note: I used System.DirectoryServices module to perform a search of on premise and extracted the ImmutableID from the AD object's GUID using this:

Guid objectGuid = new Guid(objectGuidString);
var byteArray = objectGuid.ToByteArray();
string immutableId = Convert.ToBase64String(byteArray);

Hope this helps someone out there.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting immutableid of an office365/azure user for the SAML assertion Office365 - How to retrieve UPN using ImmutableId in powershell? Office 365 API get user details Get the signed-in Office 365 user id How to get user's exchange/outlook/office365 photo? PowerShell Office 365 Script to get user and mailbox information together How To Get External/Guest Office 365 User Photo? Office 365 end user authentication Create user in office 365 programatically How to get user data from Office 365 API tools
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM