In this vlog series I will show you how you can use the Microsoft Graph API ("Graph API") to manage Azure Active Directory.
In the second episode contains a demonstration of four examples on how-to query users from Azure AD via the Graph API
The AzureAD_GraphSearchUsers script used in the video. Please modify the red parameters to your own values.
# Example file from www.debontonline.com
# Setup Microsoft 365 environment https://developer.microsoft.com/en-us/microsoft-365/dev-program
# Microsoft graph api documentation: https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
# Minimum Required API permission for execution to create a new users
# User.Read.Write.All
# Connection information for Graph API connection
$clientID = "xxxxxxx-xxxx-xxxx-xxxxxxxxx" # App Id MS Graph API Connector App registration
$tenantName = "<<mytenantname>>.onmicrosoft.com" # your tenantname (example: debontonlinedev.onmicrosoft.com)
$clientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Secret MS Graph API Connector App registration
$resource = "https://graph.microsoft.com/"
$ReqTokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
client_Id = $clientID
Client_Secret = $clientSecret
}
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$TokenAccess = $Tokenresponse.access_token
# Example 1: Get all Azure AD Users via Microsoft Graph API
$GetUsersUrl = "https://graph.microsoft.com/v1.0/users"
$Data1 = Invoke-RestMethod -Uri $GetUsersUrl -Headers @{Authorization = "Bearer $($TokenAccess)" } -Method Get
$Result1 = ($Data1 | select-object Value).Value
$Users1 = $Result1 | select DisplayName,UserPrincipalName,Id
# Example 2: Get Azure AD users with UserPrincipalName starting with "l" via graph selection
# How-to use filters with MS Graph API: https://docs.microsoft.com/en-us/graph/query-parameters#filter-using-lambda-operators
$GetUsersUrl2 = 'https://graph.microsoft.com/v1.0/users?`$filter=startswith(userPrincipalName,''l'')&$select=displayName,userPrincipalName,Id'
$Data2 = Invoke-RestMethod -Uri $GetUsersUrl2 -Headers @{Authorization = "Bearer $($TokenAccess)" } -Method Get
$Result2 = ($Data2 | select-object Value).Value
$Users2 = $Result2 | select DisplayName,UserPrincipalName,Id
# Example 3: Get users in the tenant with userPrincipalName starting with "l" via powershell selection
$GetUsersUrl3 = "https://graph.microsoft.com/v1.0/users"
$Data3= (Invoke-RestMethod -Headers @{Authorization = "Bearer $($TokenResponse.access_token)"} -Uri $GetUsersUrl3 -Method Get).value | Select-Object displayName,userPrincipalName,Id| Where-Object {$_.userPrincipalName -like "l*"}
# Example 4: Get all Azure AD users via Microsoft Graph API with more than 999 users.
# @odata.nextLink is used if results greated than 999 results
$GetUsersUrl4 = "https://graph.microsoft.com/v1.0/users"
$uri = $GetUsersUrl4
$Data4 = while (-not [string]::IsNullOrEmpty($uri)) {
$apiCall = try {
Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $uri -Method Get
}
catch {
$errorMessage = $_.ErrorDetails.Message | ConvertFrom-Json
}
$uri = $null
if ($apiCall) {
$uri = $apiCall.'@odata.nextLink'
$apiCall
}
}
$Result4 = ($Data4 | select-object Value).Value
$Users4 = $Result4 | select DisplayName,UserPrincipalName,Id
links:
Have your own Azure AD test environment for free:
Download Visual Studio Code:
How-to use filters with MS Graph API:
Download the script via Github:
Comments
Post a Comment