microsoftgraph
get-mguser with -Filter returns empty attributes
I am getting user entity information from O365 Azure AD using PS:
(Get-Host).Version
Major: 7 Minor: 1 Build: 5 Revision: -1
Using -Filter switch to get a user record by name does not populate certain attributes:
(Get-MgUser -Filter "displayName eq 'John Doe'") | Select AdditionalProperties
Returns Empty: AdditionalProperties:{}
Using -UserId switch to get a user record populates all attributes:
(Get-MgUser -UserId '8888b0fd-1e96-4fc2-b525a-32f77a52ee0f') | Select AdditionalProperties
Returns: AdditionalProperties: {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#users/$entity]}
Is this by design and if so is there a way to overcome the behavior and force -Filter to also populate all properties on return?
Thanks!
@exwhyz, which properties of the user entity are you looking for? Please note that .AdditionalProperties on the user response object only holds "additional" properties not currently available in the user entity.
In this case, the -Filter should work as expected, and all user properties will be returned in the response user object Get-MgUser -Filter "displayName eq 'John Doe'" | fl *. See the examples in https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.users/get-mguser?view=graph-powershell-beta#examples.
@peombwa I need to extract odata which is stored in the AdditionalProperties attribute of the user entity.
I understand AdditionalProperties holds "additional" properties, if they are populated - which I can positively confirm since I can get to them with the -UserId GUID but not with -Filter DisplayName.
As I mention in my ticket, when I use get-mguser with -UserId, it returns the AdditionalProperties correctly populated with the @odata value but when I use get-mguser with -Filter on DisplayName for the same user, AdditionalProperties are empty {}
So my question is: why does get-mguser with -Filter on DisplayName return empty value for AdditionalProperties when that attribute is not empty?
And yes I have looked at the examples and included the cmdlet exactly as I am running it. Why was this issue closed? Are there any errors in the cmdlet I have posted above, that indicate I did not look at the usage and examples before I opened this issue?
@exwhyz, Got it! This is by design. @odata.context is a service annotation that holds the context URL and is not a property of a user entity. This means that annotation will be outside the value property of the HTTP response object when the response is a collection, i.e.,
-
Get-MgUser -UserId: response is a single entity:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"displayName": "John Doe",
...
}
-
Get-MgUser -Filter: response is a collection:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
# For collections, we deserialize objects inside the value property and ignore everything outside it.
"value": [
{
"displayName": "John Doe"
}
]
}
You can verify this by running the above commands with -Debug and inspecting the HTTP response body.
Why do you need access to @odata.context in this case? The command should automatically deserialize all the properties of a user entity to the return object.
@peombwa I have extended properties stored in the AdditionalProperties attribute that I am trying to access.
Interestingly enough, when I expand the user's Manager attribute to access AdditionalProperties, it returns all extended properties for the Manager:
(Get-MgUser -UserId '8888b0fd-1e96-4fc2-b525a-32f77a52ee0f' -ExpandProperty Manager).Manager.AdditionalProperties
Output:
Key Value
--- -----
@odata.type #microsoft.graph.user
createdDateTime 2018-09-18T05:00:45Z
employeeId xxx
...
...
So my question is: how do I get the AdditionalProperties for the User entity directly? Obviously I can get these for their Manager, but not for the User. My attempt to use the following cmdlet returns empty except for the odata.context URL:
(Get-MgUser -UserId '8888b0fd-1e96-4fc2-b525a-32f77a52ee0f').AdditionalProperties
Output:
Key Value
--- -----
@odata.context https://graph.microsoft.com/v1.0/$metadata#users/$entity
Also I have tried using Get-MgUserExtension without any success.
By the way, using Azure AD Graph I can get the extension properties directly for a given user:
Get-AzureADUser -Filter "startswith(DisplayName,'John Doe')" | Select -ExpandProperty ExtensionProperty
Output:
Key Value
--- -----
odata.type Microsoft.DirectoryServices.User
createdDateTime 10/19/2013 12:19:28 PM
employeeId xxx
...
...
With the announcement from Microsoft about all future developments around Microsoft Graph and deprecation of AzureAD Graph, there needs to be equivalent means to access extended properties.
Have you try to invoke this command in beta api? @exwhyz
In Beta call object is returned with all additional properties
Get-MgUser -UserId $USER_ID | Select -ExpandProperty AdditionalProperties
Key Value
--- -----
@odata.context https://graph.microsoft.com/beta/$metadata#users/$entity
securityIdentifier XXXXXXXXXXXXXXXXXXXX
extension_XXXXX XXXXXXXXXXXXXXXXXXXX
extension_XXXXX XXXXXXXXXXXXXXXXXXXX
extension_XXXXX XXXXXXXXXXXXXXXXXXXX
extension_XXXXX XXXXXXXXXXXXXXXXXXXX
extension_XXXXX XXXXXXXXXXXXXXXXXXXX
extension_XXXXX XXXXXXXXXXXXXXXXXXXX
@mendepa ~~yes I have tried with the beta API and it returns a few additional extension_ prefixed properties but it still does not return the AdditionalProperties for the User.~~
~~Same issue persists - AdditionalProperties are returned when I get them for a User's manager:~~
~~(Get-MgUser -UserId '8888b0fd-1e96-4fc2-b525a-32f77a52ee0f' -ExpandProperty Manager).Manager.AdditionalProperties~~
~~but they are not returned when I get them for the User:~~
~~(Get-MgUser -UserId '8888b0fd-1e96-4fc2-b525a-32f77a52ee0f').AdditionalProperties~~
Update
@mendepa I spoke too soon regarding the Beta API - after further examining the outputs I do see that additional properties are now returned as part of the main object instead of being embedded in the "AdditionalProperties" property.
I was looking at the contents of AdditionalProperties when I posted the message above since that is where the discrepancy was between AD Graph and MG Graph.
However, once I examined the full list of properties I do see custom properties like employeeId which would return blank with v1.0 profile are now populated when using beta profile.
In summary when using Get-MgUser -UserId '8888b0fd-1e96-4fc2-b525a-32f77a52ee0f' | Select *
With v1.0 API I get empty values for custom fields:
Key Value
--- -----
@odata.type #microsoft.graph.user
createdDateTime 2018-09-18T05:00:45Z
employeeId
...
...
With Select-MgProfile -Name beta I see values getting populated for custom fields:
Key Value
--- -----
@odata.type #microsoft.graph.user
createdDateTime 2018-09-18T05:00:45Z
employeeId xxx
...
...
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.
Let me begin with, I can confirm everything that was written but it still doesn't solve my problem. I can see all attributes when using Get-MgUser -UserId $USER_ID | Select -ExpandProperty AdditionalProperties but when using -Filter it returns the AdditionalProperties as {} (as written in this thread).
My problem isn't solved, as extensionAttributes remain under AdditionalProperties and are not returned when using -Filter. I get all users with a license with the following neat command:
Get-MgUser -Filter 'assignedLicenses/$count ne 0' -ConsistencyLevel eventual -CountVariable unlicensedUserCount -All -Property "id, assignedLicenses, givenName, surname, userPrincipalName, AdditionalProperties"
But I need a value stored in the extensionAttributes for further filtering, but this doesn't work conveniently as the extensionAttributes are just not returned. I can work around this by starting a new Get-MgUser -UserId request for each user, which then returns the needed extensionAttribute value, but increases the time the script takes massively (from under 10 minutes to multiple hours). I would appreciate any help on this. Thanks!
