I am using Azure Graph APIs to retrieve Information such as Mail, ProxyAddresses for User and Group.
Though there are #removed Annotations to indicate the Deleted users,
Is there any Annotation to specifically indicate an Update done to a User.
Is there a way to get the Updates for a User or a User in a group.
The Below are the URL that i am trying to get information on :
https://graph.microsoft.com/v1.0/users/delta/?$select=id,mail,proxyaddresses
https://graph.microsoft.com/v1.0/groups/delta/?&$select=id,mailEnabled,mail,proxyAddresses,members
There is no way to identify an Update to the Mail or ProxyAddress for a Particular User in Groups or User.
Group members only inidicate the user id which doesnt specify its an Addition or an Update to the User.
/users/delta can trace the update of Mail and ProxyAddresses of a user.
But /groups/delta can't trace the update of Mail and ProxyAddresses of a user in group. /groups/delta is only for getting incremental changes for groups, not for its members.
You can test /users/delta like this:
Call GET
https://graph.microsoft.com/v1.0/users/delta/?$select=id,mail,proxyaddresses.
There is a property "#odata.nextLink" in the response. Call the
nextLink URL in Microsoft Graph Explorer for one or more times until
there is "#odata.deltaLink" in the response.
Add or delete an alias in O365 admin center. Reference here.
Call the deltaLink URL to see there is a change of proxyAddresses in
the response.
Related
With a git commit, I have access to the author and committer's email and I wish to map that to a user in Azure DevOps. I've done some due diligence in searching this up but I cannot find anything concrete. I've basically reached the same state as the following post: Getting user/users details based on user name/alias as parameter in azure devops
I can see on the Graph API page (https://learn.microsoft.com/en-au/rest/api/azure/devops/graph/?view=azure-devops-rest-5.1) that this is not yet officially supported. The problem is as follows: is there a way to get back a user descriptor from simply an email?
Searching by UPN or Display Name
COMING SOON!
Often, identities are represented simply as display names such as
Jamal Hartnett or UPNs such as jamal#contoso.com. These are not
unique at any scope. Search is an resource that will take a text
string and run a search across an account or project to find all
potential matches. The more distinct the input, the better chance the
resource will return a single result. The search resource will accept
display names, aliases, UPNs, and email style strings such as Jamal
Hartnett jamal#contoso.com.
If the commit author email matches the pushed by email, I can use the IdentityRef object from that. But for other cases where this does not apply, I'm at a loss on how to map to a descriptor.
The problem is as follows: is there a way to get back a user descriptor from simply an email?
As far as I know, the official Rest API doesn't support obtaining descriptors by email.
But based on my test, it seems that this requirement is available.
You could get this Rest API in Browser Console tab when you filter the user in Organization Settings -> Users.
Rest API sample:
https://vsaex.dev.azure.com/Organization name/_apis/UserEntitlements?%24filter=name%20eq%20%27user#domain.com%27&%24&api-version=5.1-preview.3
Then you could get the user descriptor in the API result.
In addition , the official Rest API supports to list all user Graph. You could get the user descriptor in the result too.
Hope this helps.
I'm quite new to SharePoint/Azure/PowerShell, so apologies if what I'm asking is a stupid question!
We currently have client SharePoint sites hosted on our O365 tenant, with access to each site to be rolled out to each of our respective clients shortly. Initially, only the senior management of each client will have access to the sites, however as time goes on it's likely we'll be adding everyone else too; To streamline the new user process and save us from having to add each individual staff member, we've been considering using a Flow to automate user access instead, with the goal of adding authenticated external users without much real input from administrators other than a simple approval/rejection process.
The overall plan is as follows:
Visio Outline<
Each Client site has a SharePoint Custom List, titled "Employee Access List". Said list will have the following columns: Request ID (Text), First Name (Text), Last Name (Text), Job Title (Text), Company (Text), Contact Number (Text), E-Mail (Text), SharePoint Access (Yes/No Boolean).
If a member of staff requires access to the SharePoint site, then their respective manager will add the staff member to the list and fill in all the above fields, setting the "SharePoint Access" item value to "Yes".
This will trigger the flow and an approval email to be sent to myself and another administrator, with said email detailing the user to be created, and who has submitted the request.
Script insertion somehow - This would then run if the request was approved, and set the user up with access.
Email notification is automatically then sent to the creator of SharePoint list item, notifying them that the user now has access.
Step 4 is where I'm a little stuck in regards to what to do if the request is approved - I've written a little PowerShell script below which nearly achieves what I'm going for, in that it creates an external user PnP Group and PnP Role Definition (If there isn't one already), pulls what's in the "E-mail" fields on the "Employee Access" list and runs Add-PnPUsertoGroup to pull the users to the PnP group, which then sends the users an email with a link to the SharePoint site, allowing them to access it. However:
The script I've written targets everyone on the SharePoint List, whereas ideally I would just want the script to target the sole user that's been newly added to the list/is listed in the approval email, and only them. I'm assuming that I'd have to pipe information from the Flow into a script, which I'm not even sure is possible, and if it is, I haven't got a clue how to do it.
I know that that Azure Functions and Azure Automation can be used to insert scripts into Flows, but I don't have experience of either so I'm not sure which is the more suitable option. Is there any guidance on how to insert PowerShell scripts with them, and how to pipe what's in a flow into said scripts?
PowerShell Script as follows:
Hope this all makes sense - Any guidance would be appreciated.
Thank you!
EDIT:
Just as a bit of extra information, here is the Flow as it currently is:
Flow Part 1
Flow Part 2
Flow Part 3
Have since found an answer to the above - whilst Azure Functions/Automation are an option, you don't necessarily need them or PowerShell scripts running from Flow, in this case my goal scenario was achieved using an MS Graph Invitation API, App Permissions and a HTTP SharePoint call instead.
See attached screenshots:
Flow Answer 1
Flow Answer 2
Flow Answer 3
Step 1: Set up an App with permissions to make calls to MS Graph - use this guide for help on how to do so - http://blogopaxio.azurewebsites.net/accessing-graph-api-from-microsoft-flow-using-application-permissions-2/
Step 2: Add HTTP to MS Graph and set parameters as in screenshot 1 of this post - this action will create guest user and invitation URL the user would need to sign in to the site.
Step 3: At this point, run the flow so that we can get the 'inviteRedeemURL' from the body of the Output for the HTTP step - you will need this particular URL to send separately in your email to the end user.
Step 4: Throw in a pause for a minute or 2 just to make sure that the information from the previous actions 'sticks' - provided it all works, at this point, the user will actually have their guest account created and you'll be able to see them under Users in your O365 admin centre, however they won't be aware of their account access yet (We'll notify them of this in our email at the end).
Step 5: Add the user to SharePoint security group with a "Send HTTP Request to SharePoint" action. Please note that the "sitegroups(19)" in the URI of this action refers to the ID number of the PnP group you're putting them in, so in my case the group ID was 19. If you're unsure of the ID of your group, connect to your SharePoint Site through PowerShell with PnP commands, then run Get-PnPGroup.
Step 6: Send the email to the invited user with the Outlook Send Email action - FYI -the "SharePoint Site" variable in my screenshot is actually the "inviteRedeemURL".
Hope this helps anyone else that's unsure of how to do this. If anyone has a better solution that achieves this by all means post it!
Thanks!
We have a Powershell script that creates some guest users using the New-AzureADMSInvitation cmdlet, and its return value has a handy-dandy InviteRedeemUrl property that we include in a nice welcome email to the user to get them started with setting their account up and using our application. This works fine when inviting individual or small numbers of users.
However, we'll need to do this for many users, and carefully control when the emails go out, and I can't see any other way of retrieving this URL after-the-fact... the only option seems to be the "Resend invitation" button on the guest user in AD, which sends a Microsoft-branded email from "Microsoft Invitations" with the redeem URL, which is kind of a problem... For marketing reasons we need to put the invite redeem URL in our own welcome email, so we don't want Microsoft sending out those emails.
Is there any way to retrieve or calculate that invitation URL after the guest user had already been invited? I know I could delete and recreate the invitation itself, but that's still a manual process and I'd like to be able to create guest users in bulk first, and then retrieve those URLs in bulk once we're ready to send out emails. Especially since Azure AD itself seems to be able to fetch the redeem URLs later on via the "Resend invitation" button.
Alternatively , you can think of adding you company branding in the verification and invitation mails in azure AD.
Here is something similar you can find:-
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs#how-do-i-customize-verification-emails-the-content-and-the-from-field-sent-by-azure-ad-b2c
Basically you need to change the company branding in Azure active directory to have your custom logo and text.
Hope it helps.
We ended up modifying the AD invitation script to store the InviteRedeemUrl value in our CRM as a field on the customer record. Then later on when our Marketing team wants to start their email campaigns, they could include a reference to this field in the email template just like they would any other field. This way, we got all our analytics on click/open rates and retained complete control over the emails, including where each batch was being sent from (so customers could reply to the correct support staff member for their segment).
Background
I'm able to query outlook.office365.com/api/v1.0/me/ for the current user that is logged in. But I'm unable to find a query that would give me a list of users. Below are the following queries I've tried without any luck.
outlook.office365.com/api/v1.0/users/
outlook.office365.com/api/v1.0/me/users/
This is the error I receive when I'm doing either of the queries.
https://www.dropbox.com/s/64o0mwj1w3uigk8/Screenshot%202015-07-09%2013.07.22.png?dl=0
Goal
I would like help finding the correct REST API queries for a list of users, mailboxes, and calendars.
Extra Findings
Note that while I was referring to https://msdn.microsoft.com/en-us/office/office365/api/complex-types-for-mail-contacts-calendar#RESTAPIResourcesUser I received the error listed above for the query'../me/users/$count' when trying to count the number of users.
We don't allow enumerating the list of users in a tenant using the outlook endpoint. you can however do this using the AAD graph api. For example:
https://graph.windows.net/contoso.com/users?api-version=2013-04-05
For calendars, you can see all calendars of a given user by enumerating those from ../me/calendars
Thanks for mentioning the $count issue, it was a bug which has been fixed. You should see it rolled out soon worldwide. But note that this will still not allow you to get a count of users as that collection is not enumerable. The $count will help with queries like ../me/messages/$count
I need to find out if a customer (during checkout) is also currently logged in as a Zen Cart administrator. The purpose is for allowing certain actions to be available for an administrator placing an order on behalf of a customer (say, by telephone).
My first idea was to check $_SESSION['admin_id'].
However this does not seem to be set, instead $_SESSION['customer_id'] is.
I think this is because different session names are chosen in the admin and customer areas (zenAdminId vs zenid).
How can I find out if this customer would be logged in as an admin, had they been in the admin area at the same time?
I am working on the checkout step prior to sending off to a hosted payment service provider.
Edit: the merchant is logged in as an admin and is entering the customer's details, which are different to those of the admin account, into the checkout screens. It is a customer-not-present/MOTO setup.
You are correct - $_SESSION['customer_id'] is set. And there's nothing in the customer's table which indicates if this person is an admin. However, if they use the same email address for their customer account and for their admin account, you can look up their email in the customers table with $_SESSION['customer_id'], then match that against the admin_email field in the emails in Use this to look up table "admin."
It is worth noting that if your admin cookie isn't restricted by path SESSION_USE_ROOT_COOKIE_PATH=True that you can simply check for the cookie zenAdminID. You can read the contents of this cookie by querying zen_sessions, the sesskey being the value in zenAdminID.
You have to base64_decode the value from the result to get the session. It gives a serialised object, although unfortunately you are unable to use unserialize on it. You can load it as the current $_SESSION but this would overwrite your current one.
I simply did this to get the admin_id:
preg_match('/admin_id\|s:1:"([0-9]+?)"/', $admin_session, $admin_matches);
$admin_matches[1] giving the admin id value.