I have an enterprise application registered in Azure AD Tenant. It contains certain appRoles which have been assigned to Azure AD Users. Now, I would like to fetch all the users having some specific appRoles.
I have tried this:
GET /servicePrincipals/{id}/appRoleAssignedTo
taken from here:https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignedto?view=graph-rest-beta&tabs=http#optional-query-parameters
It seems like I am able to fetch all the appRoleAssignments successfully using this API, but whenever I put a filter such as: appRoleId eq {app-role-id} I am geting error like:
{
"error": {
"code": "Request_BadRequest",
"message": "Invalid filter clause appRoleId: System.Guid",
"innerError": {
"date": "2021-10-25T16:33:41",
"request-id": "{request-id}",
"client-request-id": "{client-request-id}"
}
}
}
And whenever I put single quotes, like appRoleId eq '{app-role-id}', I get this error:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"date": "2021-10-25T16:34:30",
"request-id": "{request-id}",
"client-request-id": "{client-request-id}"
}
}
}
I tried with both v1 and beta endpoint. So how do I filter on appRoleId?
It seems that Microsoft Graph does not support the $filter on appRoleId yet. They already have an open issue:
https://github.com/microsoftgraph/msgraph-sdk-dotnet/issues/990
There is also a feature request here which we can upvote: https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/application-api-add-support-for-filtering-approleassignment-by/idi-p/2433822
Also in the Doc, $filter is only provided on principalDisplayName and resourceId
[1]: https://i.stack.imgur.com/ZVD8Y.png
Related
As Title, I try to filter my email by domain. But got a error message "ErrorInvalidUrlQueryFilter". How can I do?
API query:
https://graph.microsoft.com/v1.0/me/messages?$filter=endswith(from/emailAddress/address,'#xxx.com')
Response:
{
"error": {
"code": "ErrorInvalidUrlQueryFilter",
"message": "The query filter contains one or more invalid nodes.",
"innerError": {
"date": "2023-02-03T08:59:37",
"request-id": "b3a28220-91d1-40b5-a34a-10cc73069951",
"client-request-id": "74043780-6e6b-dc63-5434-0ac03412b3ca"
}
}
}
endsWith operator is not supported for filtering messages by from/emailAddress/address.
As a workaround you can use contains. It will have the same affect for email address as using endsWith if you will filter by #domain.
GET https://graph.microsoft.com/v1.0/me/messages?$filter=contains(from/emailAddress/address,'#xxx.com')
I am using https://graph.microsoft.com/v1.0/users
endpoint from the Microsoft Graph API to get the users from the organisation. it is giving me a list of all the users but I want just users, those are created after 01-01-2023.
I have tried using above endpoint with https://graph.microsoft.com/v1.0/users?$filter=create/dateTime ge '2023-01-01T00:00' but it is giving me below error.
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Property 'dateTime' does not exist as a declared property or extension property.",
"innerError": {
"date": "2023-01-17T08:19:15",
"request-id": "3129e8a3-0f00-4e14-99fc-2741f50d12d1",
"client-request-id": "28ecaa31-31dd-3c00-7d7c-474173eb1512"
}
}
}
I don't know how to filter in the above endpoint with time. If you could help?
The correct property name is createdDateTime. Do not use quotes around date and time in this case.
https://graph.microsoft.com/v1.0/users?$filter=createdDateTime ge 2023-01-01T00:00:00Z
To filter between two dates:
https://graph.microsoft.com/v1.0/users?$filter=createdDateTime ge 2023-01-01T00:00:00Z and createdDateTime le 2023-01-07T00:00:00Z
i am trying to to get email via graph APi based on the toRecipients . Is that posible or is it still only avail via search and not filter ?
I tried
https://graph.microsoft.com/beta/me/mailFolders('SentItems')/messages?$select=sender,subject,toRecipients&filter=(toRecipients/emailAddress/address) eq 'test#demo.com'
which generates the blow error.
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "25583e87-66da-477b-a1be-0a0fd0371349",
"date": "2020-04-21T20:01:39"
}
}
}
i also tried To instead of toRecipients but that doesnt work eithet.
Can you try the following? Note the $filter query parameter.
https://graph.microsoft.com/beta/me/mailFolders('SentItems')/messages?$select=sender,subject,toRecipients&$filter=(toRecipients/emailAddress/address) eq 'test#demo.com'
I am using the Microsoft Graph API. I was wondering whether or not filtering was supported on the createdDateTime property for the API groups:
https://graph.microsoft.com/v1.0/groups?$filter=CreatedDateTime ge '2019-01-01T21:15:12Z'
Error Message:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "xxxx",
"date": "2019-10-16T15:10:08"
}
}
}
10/18/2019
I have confirmed with Azure support engineer that filter is not supported on the createdDateTime property for the API groups.
I'm using the Graph API beta endpoint to try and delete an AppRoleAssigmnet:
https://graph.microsoft.com/beta/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
109
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Direct queries to this resource type are not supported.",
"innerError": {
"request-id": "aa7c14a3-f700-4368-898e-009f1608ade1",
"date": "2019-04-30T00:29:50"
}
}
}
0
According to the beta documentation, this is allowed:
https://learn.microsoft.com/en-us/graph/api/approleassignment-delete?view=graph-rest-beta
I also verified the correct permissions according to the documentation as well.
I know this is a beta endpoint but any chance this will be fixed soon or do I need to use the Azure AD API instead?
UPDATE
I tried going through the users collection and it also fails:
https://graph.microsoft.com/beta/users/7e73da23-31d7-4eff-9a0b-05fcb15f5c9b/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
fb
{
"error": {
"code": "BadRequest",
"message": "Write requests are only supported on contained entities",
"innerError": {
"request-id": "b6db0eee-dc45-4e10-a56c-9a870fb7315c",
"date": "2019-04-30T23:49:24"
}
}
}
0
I tried going through the service principal collection and it also fails:
https://graph.microsoft.com/beta/servicePrincipals/27e0a182-2008-4b4e-b998-731e0d111041/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
18b
{
"error": {
"code": "BadRequest",
"message": "The type 'microsoft.graph.appRoleAssignment' does not inherit from and is not a base type of 'microsoft.graph.directoryObject'. The type of 'KeySegments' must be related to the Type of the EntitySet.",
"innerError": {
"request-id": "8c981e82-755e-4c25-b448-58d2b71e12c7",
"date": "2019-04-30T23:46:20"
}
}
}
0
I'm afraid this service bug has existed for a very long time. The only thing I can say is to try this with AAD Graph until this is fixed in Microsoft Graph. The schema unfortunately models appRoleAssignments as a standard relationship, whereas in fact it is implemented as a contained entity (i.e. you can only operate on the app role assignment when it is contained as part of another entity - like users, groups or servicePrincipals). The schema definition needs to be updated. The documentation is accurate IMHO.
Hope this helps