I am trying to find out who is invited to an event via Microsoft Graph API v1.0. The event gives me a list of invitees, which can also contain distribution lists. This is fine, but I really want to know the mail addresses of each and every person invited to that meeting (directly or via DL).
In the case an invitee is a distribution list, the event gives me the following information: "name": "DL Foo", "address": "DL_1234567890#global.corp.foo"
My first idea was to get the id of the DL with https://graph.microsoft.com/v1.0/groups/?$filter=startswith(displayName,'DL Foo') then list all of the members with https://graph.microsoft.com/v1.0/groups/{id}/members and do recursive calls in case any member is a nested DL.
I got an Insufficient privileges as an answer, so I can't try this for now.
Would this have been the preferred approach (then I'll lobby my organisation to change privileges)?
Is there a more elegant way to retrieve all invitees of an event via Graph API?
It appears what are you after is List group transitive members endpoint which:
Get a list of the group's members. A group can have users, devices,
organizational contacts, and other groups as members. This operation
is transitive and returns a flat list of all nested members.
So, GET /groups/{id}/transitiveMembers should return a flat list of all nested members (including members of Distribution list group)
Related
I'm trying to retrieve a list of Microsoft 365 Groups that have guest members via Graph.
I can get a full list of groups and then filter client-side, but the documentation says that the "members" property is queryable in the $filter clause, so I thought I'd be able to do something like this:
/beta/groups?$filter=members/any(x:x/userType eq 'Guest')
However, this is returning the following error:
Property 'members' does not exist as a declared property or extension property
Has anyone managed to pull this off? Or can someone confirm that it's not possible to filter a list of groups based on its members? Is there any way to do this without filtering client side?
Thanks!
Answering my own question, as I've heard from the PM in charge of this part of Graph.
https://twitter.com/merill/status/1550312453111955456?s=20&t=i9RNt7-E2fXNCSoDxESO4w
Unfortunately member is not available as a filter option for the group object so you will need to manually query each group.
Hopefully this gets added at some point, but for now I'm going to have to get the full list of groups and filter client-side.
In the beta (and v1.0) endpoints of the Microsoft graph, for "education", is there a way to add multiple teachers and members (educationUser references) to an "educationClass"?
POST /education/classes/{id}/members/$ref
{
"#odata.id":"https://graph.microsoft.com/v1.0/education/users/XXXXX"
}
Right now, it seems that one by one is added instead of batch applying this in the same fashion as when adding members and owners to teams.
Something like this? (fictive request)
"teachers#odata.bind": [
"https://graph.microsoft.com/v1.0/education/users/AAAAA",
"https://graph.microsoft.com/v1.0/education/users/BBBBB"
],
"members#odata.bind": [
"https://graph.microsoft.com/v1.0/education/users/CCCCC",
"https://graph.microsoft.com/v1.0/education/users/DDDDD"
]
Either in a separate $ref operation or directly on the educationClass creation request object.
Is this something I've just been missing when looking in the doc? If not, is this something the Microsoft Graph Education team might consider in a future version of the beta endpoint?
Currently, the group resource (and by extension educationClass) only supports adding one Owner/Member at a time. You may want to look into the JSON Batching functionality. Batching allows you to queue up to 20 Graph calls in a single request.
For managing Teacher, Student, and Class assignment at scale, I'd suggest looking at School Data Sync (SDS). SDS allows you to automatically keep your AAD in sync with a Student Information System.
I have an enterprise application in our Azure AD tenant, and I would like to check if a specific group is assigned to this application or not.
To list all appRoleAssignments for the application I can do this:
GET /beta/servicePrincipals/{id}/appRoleAssignments
where {id} is the ID of the enterprise application. This returns a list of appRoleAssignment objects. I would like to filter this list on a specific group as the list can potentially be quite large. I have tried to use the $filter query parameter, but I can't seem to get that working. I have tried the following:
$filter=principalId eq '{groupId}'
which does not work. I'm getting this error message:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "<id>",
"date": "<date>"
}
}
}
Is there any way to filter the list?
I can potentially do this the other way around, by fetching all appRoleAssignments the group is assigned to, by doing the following request:
GET /beta/groups/{groupId}/appRoleAssignments
but I seem to be having the same issue here, there is no way to use $filter to filter on the specific enterprise application I want to check for.
If filtering does not work, is there any other endpoint I can use so I won't have to do pagination in the client?
Yes, this is possible.
The confusion here is caused by the fact that in Microsoft Graph beta, the principalId and resourceId properties of an AppRoleAssignment entity are declared as Edm.Guid, rather than the more familiar Edm.String.
Using Microsoft Graph beta
To retrieve all app role assignments for a given group, to a given resource app, using Microsoft Graph API (with newlines for legibility):
GET https://graph.microsoft.com/beta/groups/{group-id}/appRoleAssignments
?$filter=resourceId eq {resource-id}
Where:
{group-id} is the group's object ID
{resource-id} is the service principal object ID of the resource app
Important: Note the absence of single quotes (') surrounding {resource-id}. This is required when the attribute being filtered on is of type Edm.Guid.
With sample values, this query look like this:
GET https://graph.microsoft.com/beta/groups/75c647eb-8ff0-478d-b131-6c1bd4071841/appRoleAssignments
?$filter=resourceId eq ddd57b26-e13e-4db4-93d3-996f382251df
I'd also like to take the opportunity to clarify a possible confusion I noticed in the question. Using Microsoft Graph beta:
The appRoleAssignments navigation on users, groups and service principals will return the app role assignments which the user, group or service principal has been granted (i.e. where the user/group/service principal is the principalId of the returned AppRoleAssignment).
The appRoleAssignedTo navigation on a service principal will return the app role assignments where the service principal in question is the resource app exposing the app role (i.e. where the service principal is the resourceId of the returnd AppRoleAssignment).
Using Azure AD Graph 1.6
Note: In general, the recommendation is to use Microsoft Graph. Only use Azure AD Graph if the capability is not available on Microsoft Graph v1.0 and you require a production-ready API. You should plan to move to Microsoft Graph as soon as the capability is made available in v1.0.
To retrieve all app role assignments for a given group, to a given resource app, using Azure AD Graph API (with newlines for legibility):
GET https://graph.windows.net/{tenant-id}/groups/{group-id}/appRoleAssignments
?$filter=resourceId eq guid'{resource-sp-id}'
&api-version=1.6
Where:
{tenant-id} is the tenant ID or a verified domain name
{group-id} is the group's object ID
{resource-sp-id} is the service principal object ID of the resource app
principalId does not support $filter.
Reference here.
I'm looking for a way to retrieve the list of people in a distribution list (contact list) in Outlook.com using the Microsoft Graph API.
So far I was able to retrieve the distribution group name etc.. using
https://graph.microsoft.com/v1.0/me/people?$search=DL_NAME
I'm certain that it's what I'm looking for because the result from API includes the following
"personType": {
"class": "Group",
"subclass": "PersonalDistributionList"
}
This is weird anyways, because it shows up using people endpoint and not the contacts.
What I need from this point on is to be able to retrieve the list of people in the distribution list. I've tried querying using the id in the result but it didn't work. Any ideas?
Couple of things...
DLs are actually represented by the group entity in Microsoft Graph, so in your case you should be able to use the id returned from your people search in the following to get the group/DLs members
GET https://graph.microsoft.com/v1.0/groups/{id}/members
You could just search for your DL by filtering on the group entity:
GET https://graph.microsoft.com/v1.0/groups?$filter=displayName eq 'DL_NAME'
The people API (see this topic) is really about people that you communicate with most often - and it includes users, groups and contacts.
Hope this helps,
As an instructor user, what Valence Learning Framework API calls must I make to fetch back a list of all the students (only) enrolled in one of my courses?
There are two principal ways to get a list of the people enrolled in a D2L LE class org unit; the right call you should use depends most upon the back-end LMS's configuration that you're working with:
GET /d2l/api/le/{ver}/{orgUnitId}/classlist/
This will retrieve all the users enrolled in the org unit that the system has configured to appear in the class; in some organizations, this might consist of students only, but it's most likely that this call will mix in instructors, tutors, and the like as well as students. So this might, or might not, be appropriate for your needs.
One thing you can try in combination with this route to distinguish students from others in the course is to focus on those who are gradeable; make the classlist call, and then for each user in the classlist, request a grade value for a known grade item. If the user is a student or other role that is participating in the course and being graded, you will know from that second call; non-gradeable users will not have grade values associated with their enrollment. This will help you focus on the aspects of the person's enrollment in the course without necessarily focussing on the details of their enrolled role (some organizations treat role information as sensitive).
GET /d2l/api/lp/{ver}/enrollments/orgUnits/{orgUnitId}/users/?roleId={roleId}
This call will retrieve all the users enrolled in the org unit, and you can filter the retrieved list by role ID (so you can list only "student" users, by their role Id). If the organization has more than one kind of student role, then you will need to know that so you can fetch all the possible student roles. Or, you can simply make the call without the roleId query parameter and filter the results after fetching based on the embedded role information you get back.
However, your instructor user may not have the right permissions to make this call; some organizations limit the access to the enrollment information calls like this to administrative users only.
Note that using the grade object method to determine if user is a student will, by default, only returns 20 items. You can override by specifying pageSize parameter with the call, but you may run in to the same permissions issue if you do not have the appropriate permissions.
http://docs.valence.desire2learn.com/res/grade.html#get--d2l-api-le-(version)-(orgUnitId)-grades-(gradeObjectId)-values-