1

We are trying to remove a guest user from AD using graph api. For that we use the following as describe from the documentation :

https://graph.microsoft.com/v1.0/users/{userPrincipalName}

If the user is a user with an AD domaine that works correctly but for external user with a GMAIL account for instance, the userPrincipalName is formated as below sample :

ex : serge.cal_gmail.com#EXT#@xxxx.onmicrosoft.com

When I try to get the ID of that user by fetching first its id using :

https://graph.microsoft.com/v1.0/users/serge.cal_gmail.com#EXT#@xxxx.onmicrosoft.com

It returns an error as below :

{ "error": { "code": "Request_ResourceNotFound", "message": "Resource 'serge.cal_gmail.com' does not exist or one of its queried reference-property objects are not present.", "innerError": { "request-id": "da8bdcda-6304-4c3c-93b2-6454433dcba2", "date": "2020-05-15T14:51:46" } } }

Updated : Based on your comment as a test I have encode manually the userprincipal and test it under POSTMAN, that return the correct user details.

But the issue, is that as I do not know in advance the user ID that will be generated, I am using the userPricipal name of user to fetch the user ID. In Azure AD account, userPrincipal is most of the time the email address, this is what I use the the API call to get user info.

Now for cases of GUEST account which are not based on an external AD, the problem is that the only way I have to fetch the user is by userPrincipal of guest account and when I check my user AD profile, my GUEST userPricipal info is the email address as seen in picture below :

Guest user Principal info

So by using this information to API return the error of resource not found, and this is because if I fetch the user by its ID ( which I do not know except going into the AD manually which is not the goal ) I get user principal formed as below :

enter image description here

So in Azure AD screen the real userPrincipal form of a GUEST user is hidden in a way.

So how can I fetch it correctly ?

1 - use the API normaly as any other by using the email 2 - Then catch the error message 3 in case of error reformat the userPrincipal using the wierd syntax ?

Or Does the API offer the possibilities to fetch Guest Account, then from the guest response list of users I then search for the email adress user I need and gets it ID ?

Thanks for advise

regards

SCW
  • 103
  • 2
  • 11

1 Answers1

0

You need to encode the userPrincipalName and then put it in the graph api(I test it in graph explorer). You can go to this page and input the userPrincipalName to encode it and then copy the result to your graph api, the encoded userPrincipalName will be as below:

xxxxxx.com%23EXT%23%40xxxxx.onmicrosoft.com

Hope it helps~

Hury Shen
  • 14,948
  • 1
  • 9
  • 18
  • Thanks for your reply, would it be better to encode all my userPrincipalName or just for Guest account which does not use external AD like gmail ? – SCW May 18 '20 at 08:22
  • I forgot to ask, how can I encode using groovy script ? – SCW May 18 '20 at 08:31
  • @SCW If the user is native account such as "xxx@xxx.onmicrosoft.com", we do not need to use encoded `userPrincipalName`, we just need to use its email(without do encode). You can test it by some native account and some guest account in [graph explorer](https://developer.microsoft.com/en-us/graph/graph-explorer#) first and then do it in your code. – Hury Shen May 18 '20 at 08:35
  • @SCW Sorry I don't know much about groovy. You may refer to this [post](https://stackoverflow.com/questions/10187344/how-to-encode-url-in-groovy) about how to encode in groovy script. – Hury Shen May 18 '20 at 08:37
  • 1
    Hi @SCW You can use this api(`https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Guest'`) to filter the guest accounts. – Hury Shen May 18 '20 at 09:43
  • hi @huryShen, can i combined my guest account email to that filter as well ? that will may be return only the user I am interested in ? – SCW May 18 '20 at 10:09
  • 1
    @SCW No, I test it in my side, it can't implement this specifical requirement. – Hury Shen May 18 '20 at 11:57
  • @SCW If my answer helps your problem, could you please mark it as "accepted". Thanks in advance. – Hury Shen May 18 '20 at 11:58