Querying extensionAttributes in Microsoft Graph API - microsoft-graph-api

I have some extensionAttributes (1-4) synced from on-prem to Azure AD using Azure AD Connect, and I want to query these using the Microsoft Graph API, but the data returned is null
As below, the Azure AD Connect tool syncs extensionAttribute1 as extension_guid_extensionAttribute1 etc..
In this example I've changed the GUID randomly
Get-AzureADUser -ObjectId test.user#mydomain.com | Select -ExpandProperty ExtensionProperty
Key Value
--- -----
odata.metadata https://graph.windows.net/ec28dcc...
odata.type Microsoft.DirectoryServices.User
createdDateTime
employeeId
onPremisesDistinguishedName CN=Test User,OU=Users - Active,DC=internal,DC=...
thumbnailPhoto#odata.mediaContentType image/Jpeg
userIdentities []
extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute4 7119
extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute3 0834717194
extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute1 \\fileserver\scan\folder\Test.User
What I can find in the documentation is these attributes should be called onPremisesExtensionAttributes when queried via the API, but they're all null:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(displayName,onPremisesExtensionAttributes)/$entity",
"displayName": "Test User",
"onPremisesExtensionAttributes": {
"extensionAttribute1": null,
"extensionAttribute2": null,
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
}
}
Likewise, if I query the attribute name directly:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(displayName,extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute1)/$entity",
"displayName": "Test User"
}
I hope to be able to get the values of these extension attributes via the Microsoft Graph API, but they're blank. I know the data is in there because I can see it via the PowerShell get-AzureADUser cmdlet so I must be missing something.
This is all through the Graph Explorer, I haven't written any code yet to try and query this outside of the Graph Explorer.
Any help would be greatly appreciated

In order to see all the attributes for users other than yourself, you must be granted the User.Read.All permission.
In Graph Explorer, click on "modify permissions" underneath the signin button to add permissions (you may need an admin to grant them for you).
Permissions reference: https://learn.microsoft.com/en-us/graph/permissions-reference

I just ran into the same issue when using the MSGraph Powershell SDK
(Get-MgUser -UserId "[UserObjectID]").OnPremisesExtensionAttributes did return empty values
Only when connecting to the beta endpoint it returned values.
Select-MgProfile -Name "beta"
Connect-MgGraph -CertificateThumbprint "[CertThumbPrint]" -ClientId "[ClientIDAppRegistration]" -TenantId "[TenentID]"

Turns out this was only an issue in the graph explorer. Using the API is fine. Spent ages stressing over this, should have just tested it in a real environment!

Thank you Mister Iks! You are right!
(Get-MgUser -UserId "[UserObjectID]").OnPremisesExtensionAttributes did return empty values
After run: Select-MgProfile -Name "beta"
(Get-MgUser -UserId "[UserObjectID]").OnPremisesExtensionAttributes did return the values.

Related

Planner Plan URL or creating a Planner Tab in Teams

I've been trying to create a plan using the Graph REST API for .Net and Microsoft Planner. Following the provided documentation, I was able to create a plan. However, I've seen that after creating it, no URL in order to access that plan is provided.
I was wondering if there was a way of getting or constructing this URL having the planId.
Following this, I also want to link the created Plan to a Tab in Microsoft Plan, but could not find anything useful in the documentation. Is there even a way to create a Planner Tab in Ms Teams using the Graph API?
These are the documentation pages for adding tabs:
https://learn.microsoft.com/en-us/graph/api/channel-post-tabs?view=graph-rest-1.0
https://learn.microsoft.com/en-us/graph/teams-configuring-builtin-tabs
The URL for the Planner Tab page is as follows. You'll need to put your plan id there, but other variables in curly braces are part of the URL as variables, and get filled in by Teams when someone is viewing the tab. https://tasks.teams.microsoft.com/teamsui/{tid}/Home/PlannerFrame?page=7&auth_pvr=OrgId&auth_upn={userPrincipalName}&groupId={groupId}&planId=<YourPlanId>&channelId={channelId}&entityId={entityId}&tid={tid}&userObjectId={userObjectId}&subEntityId={subEntityId}&sessionId={sessionId}&theme={theme}&mkt={locale}&ringId={ringId}&PlannerRouteHint={tid}&tabVersion=20200228.1_s
The full request looks like:
{
"displayName": "<Name of the tab>",
"teamsApp#odata.bind" : "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/com.microsoft.teamspace.tab.planner",
"configuration":{
"entityId": "<combined channel and plan id>",
"contentUrl": "https://tasks.teams.microsoft.com/teamsui/{tid}/Home/PlannerFrame?page=7&auth_pvr=OrgId&auth_upn={userPrincipalName}&groupId={groupId}&planId=<Your plan Id>&channelId={channelId}&entityId={entityId}&tid={tid}&userObjectId={userObjectId}&subEntityId={subEntityId}&sessionId={sessionId}&theme={theme}&mkt={locale}&ringId={ringId}&PlannerRouteHint={tid}&tabVersion=20200228.1_s"
}
}
3 values need to be replaced there, the display name, the entity id and the plan id in the URL.
The entity id value looks like tt.c_<channel id>_p_<plan id> For example for Channel ID = ABC, and Plan ID = 123, you'd get literal string tt.c_ABC_p_123
The plans can be accessed to through this API:https://developer.microsoft.com/graph/graph-explorer?request=groups/%7Bid%7D/planner/plans&version=v1.0
Please refer this document:Top Planner API tasks
You should only need the Planner Id and Channel Id to create a Planner tab in Teams.
Here is my complete request body:
{
"displayName": "<Name of the tab>",
"teamsApp#odata.bind" : "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/com.microsoft.teamspace.tab.planner",
"configuration":{
"entityId": "tt.c_<Channel Id>_p_<Plan Id>",
"contentUrl": "https://tasks.teams.microsoft.com/teamsui/{tid}/Home/PlannerFrame?page=7&auth_pvr=OrgId&auth_upn={userPrincipalName}&groupId={groupId}&planId=<Plan Id>&channelId={channelId}&entityId={entityId}&tid={tid}&userObjectId={userObjectId}&subEntityId={subEntityId}&sessionId={sessionId}&theme={theme}&mkt={locale}&ringId={ringId}&PlannerRouteHint={tid}&tabVersion=20200228.1_s",
"removeUrl": "https://tasks.teams.microsoft.com/teamsui/{tid}/Home/PlannerFrame?page=13&auth_pvr=OrgId&auth_upn={userPrincipalName}&groupId={groupId}&planId=<Plan Id>&channelId={channelId}&entityId={entityId}&tid={tid}&userObjectId={userObjectId}&subEntityId={subEntityId}&sessionId={sessionId}&theme={theme}&mkt={locale}&ringId={ringId}&PlannerRouteHint={tid}&tabVersion=20200228.1_s",
"websiteUrl": "https://tasks.office.com/d3ee719b-9e5c-478b-87c9-c4ffbfd27c96/Home/PlanViews/<Plan Id>?Type=PlanLink&Channel=TeamsTab"
}
}
The following attributes need values replaced:
displayName: Tab Title
entityId: Channel Id & Plan Id
contentUrl: Plan Id
removeUrl: Plan Id
websiteUrl: Plan Id

Microsoft Graph translateExchangeIds not returning the same id as EWS

I am working with both EWS and the Graph API.
I would like to create events (online meetings with skype/teams) in an calendar that is already available via EWS.
To match the calendar to the one available via Graph API i try to use https://learn.microsoft.com/en-us/graph/api/user-translateexchangeids
The calendar i created has this id when returned by the FindFolder call:
<t:FolderId Id="AAMkAGNiY2YxMjY3LTUxYjgtNGI1Yy1hOTM2LTU4MTM5OTZiNjdjYgAuAAAAAABW2gY0kRG1SqggDTNZN6i8AQAPJkKZ1XJkQ6huFmcVa6XaAAGixNZ3AAA=" ChangeKey="..."/>
<t:DisplayName>Test</t:DisplayName>
I create a request to the graph api:
{
"inputIds": [
"AAMkAGNiY2YxMjY3LTUxYjgtNGI1Yy1hOTM2LTU4MTM5OTZiNjdjYgAuAAAAAABW2gY0kRG1SqggDTNZN6i8AQAPJkKZ1XJkQ6huFmcVa6XaAAGixNZ3AAA="
],
"sourceIdType": "ewsId",
"targetIdType": "restId"}
and get the result
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(microsoft.graph.convertIdResult)",
"value": [
{
"sourceId": "AAMkAGNiY2YxMjY3LTUxYjgtNGI1Yy1hOTM2LTU4MTM5OTZiNjdjYgAuAAAAAABW2gY0kRG1SqggDTNZN6i8AQAPJkKZ1XJkQ6huFmcVa6XaAAGixNZ3AAA=",
"targetId": "AAMkAGNiY2YxMjY3LTUxYjgtNGI1Yy1hOTM2LTU4MTM5OTZiNjdjYgAuAAAAAABW2gY0kRG1SqggDTNZN6i8AQAPJkKZ1XJkQ6huFmcVa6XaAAGixNZ3AAA="
}
]
}
However, if i call https://graph.microsoft.com/v1.0/me/calendars i get a different id
"id": "AAMkAGNiY2YxMjY3LTUxYjgtNGI1Yy1hOTM2LTU4MTM5OTZiNjdjYgBGAAAAAABW2gY0kRG1SqggDTNZN6i8BwBIq5JjIBY-RqWQllrF0GSkAAAAB353AAAPJkKZ1XJkQ6huFmcVa6XaAAGixNowAAA=",
"name": "Test",
Is there a way to match the (ews) calendar i already have to the one returned by the Graph API?
This is a shot in the dark, because I've never dug this deeply into the weeds on the Graph Ids, but you might try calling Graph with the header that selects "immutable ids." I tried to find some details on what this actually means without much luck.
The header is:
request.Header("Prefer", "IdType=\"ImmutableId\"");
HTH, and if not, sorry for guessing.

How can I get extended attributes with the Graph API?

I synchronized with Azure using AD Connect,
Extension attribute extension_ {ID} _ {attribute_name} is
This is available, but
https://graph.windows.net/myorganization/users
I can not do this.
https://graph.microsoft.com/beta/users
For MS reference, from now on, graph.microsoft.com is recommended for this use.
I would like to use Graph API.
By the way, I tried $ select = extension_ {ID} _ {attribute_name}, but
I can not get it.
Because it does not correspond in the first place
Thanks.
I am glad to inform you that the problem is now solved.
It was a problem of permission.
Add Directory.ReadWrite.All
https://graph.microsoft.com/v1.0/users/xxxxxx#sample.com?$select=id,extension_xxxxxxx_msDS_PhoneticLastName
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,extension_xxxxxxx_msDS_PhoneticLastName)/$entity",
"id": "xxxxxxxx",
"extension_xxxxxxxxx_msDS_PhoneticLastName": "furi_hoge"
}

The Microsoft graph endpoints failed with 5xx error randomly. why?

Request URL:https://graph.microsoft.com/v1.0/me/messages
Some times when I try to get messages with this query (top > 10) /v1.0/me/messages?$top=20, it fails and responds 503-UnknownError. But with this one $top=10, it always works.
Another confusing part is that this problem only occurred with a specific personal-outlook(not organizational) email address!!!
There is another similar problem too:
Sometimes, When I try to initiate the graph-client I get this error:
AADSTS70012: A transient error has occurred. Please try again
The other problem:
It's possible to create a new outlook account with valid Gmail-address, then you can log in to your outlook account with a username equal to a valid Gmail-address.
This is what I got from M-Graph-Console:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"displayName": "FirstName LastName",
"surname": "LastName",
"givenName": "FirstName",
"id": "286526a26a78f1a8",
"userPrincipalName": "any-valid-gmail-username#gmail.com",
"businessPhones": [],
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null
}
Check the mail property: it's null !!
You can not fetch randomly-genrated-username#outlook.com from graph-APIs!!
As I know the only way to find the real outlook email address is to fetch sent messages and parse both of from and sender properties.
Now you can send an email to any other valid Gmail address from your outlook dashboard, but it's not possible to reply it or send email to your new outlook account address (any-valid-gmail-username#gmail.com).
I'm not sure this is a bug or feature but it does not seem to be a good idea!
503 is a server side issue. Possibly a bug on the Graph API side. If you are able to reproduce it you should open a support ticket.
You should not be able to add a user (in Office365 Business) for an unverified domain. Obviously you won't be able to verify gmail.com as your domain. Therefore, if you have managed to find a scenario where you are able to create an #gmail.com account in Office365, I suggest you report it to Microsoft as a bug (possibly "security" severity).

ErrorItemNotFound when trying to retrieve room calendar via MS Graph API

Next to retrieving calendar views of a user's calendar (on behalf of the user), we are trying hard to also get the calendar view of rooms via the Graph API using
https://graph.microsoft.com/beta/users/room1#ourdomain.com/calendarView. It's a painful process since we've been running into many problems and are currently stuck with the following 404 response:
https://graph.microsoft.com:443/v1.0/users/room1#ourdomain.com/calendarView?startDateTime=2018-12-04T23:00:00.000Z&endDateTime=2019-02-10T22:59:59.999Z
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "358a003a-57a4-4f0e-91da-edc17c1fa2d8",
"date": "2018-12-12T07:38:33"
}
}
}
The email address of the room has been double checked and the resource exists, since we can create appointments with it and it is even being returned in the response when we retrieve the calendar of the user who has an appointment in that location.
App permissions and OAuth2 scopes are set to: openid email profile offline_access https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Calendars.Read.Shared https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.Read.All, so that should not be an issue, judging by the documentation.
Does anyone know how to solve this?
I've tried all possible ways, but there is no way to get access.
This is what I've tried out the following in the Graph explorer:
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/events -> DelegatedCalendarAccessDenied
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/calendarView?startDateTime=2019-01-14&endDateTime=2019-01-18 -> ErrorItemNotFound
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/calendar/calendarView?startDateTime=2019-01-14&endDateTime=2019-01-18 -> ErrorItemNotFound
All three on both the v1.0 and the beta.
It isn't an issue with rights, because for my testing I granted the Graph Explorer the Directory.ReadWrite.All scope. Resulting in the following scp claim.
The first requests seems the most promising (because of the different error), I also made myself a delegate with full control of the rooms-mailbox. That still didn't help.
A request to https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com gives a result, as in a result describing the meetingroom.
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": [],
"displayName": "Meeting room 1",
"givenName": null,
"jobTitle": null,
"mail": "meetingroom1#domain.com",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"userPrincipalName": "meetingroom1#domain.com",
"id": "3e0a7b7e-xxxx-xxxx-xxxx-xxxxcxxxx120"
}
After doing all these tests, I can only conclude that you cannot access the events in a rooms mailbox. This is either intended (as in only use the scheduling assistant) or a bug.
Maybe some of the Microsoft guys around here could clarify this?
FINALLY! After going through this with countless Microsoft support people, each of whom said this was not their territory and did not know where to forward the question, I got in touch with somebody from the Exchange team. He suggested the one thing that worked for us: the user on behalf of which you are retrieving the room resource calendar needs to be a delegate of that room resource!
In addition, to retrieve the list of room resources which the user can select from, we needed to use the findRooms endpoint but this only works on the beta API. The only drawback of this is that you cannot seem to filter for rooms of which the user is a delegate. So the user will get a list of rooms for which he might or might not be able to retrieve the calendar.
A final drawback of the room resource calendarView response is that the response does not contain the names of the meetings planned in the rooms. The description of each event only contains the name of the meeting organizer.

Resources