2

I've asked my IT Admin to add an attribute called EmployeeId in the form of a directory extension to azure active directory which syncs with our onsite AD. I'm trying to retrieve this value for a given user when they sign into my android app.

I've followed this guide which has allowed me to retrieve data from the URL graph.microsoft.com with the currently logged in user i.e. givenname, surname etc.

The issue is that when I run the get request for schema extensions (https://graph.microsoft.com/beta/schemaExtensions) to try to retrieve the value of EmployeeId it just returns some metadata about the attribute, not the attribute it'self:

{
        "id": "exti1rcdc4h_Employee",
        "description": "Baker is testing extension",
        "targetTypes": [
            "user"
        ],
        "status": "Available",
        "owner": "XXXXXXXXXXXXXXXXXX",
        "properties": [
            {
                "name": "EmployeeId",
                "type": "Integer"
            }
        ]
    }

After doing some research I've found that i can use this graph explorer to easily retrieve the value (by using the get request https://graph.windows.net/mydomain.com/users/[email protected]).

The issue is however that the URL graph.explorer.net doesn't seem to be compatible with the guide mentioned above.

Is there a better way to approach this issue?

--EDIT--

Just to clarify I was only able to retrive the value for extension_980f32feca7d475f9e1b90a410dbee63_employeeID successfully using the Azure AD Graph explorer the value is not returned when i access the /users endpoint on Microsoft graph explorer

Data returned for each user in GET https://graph.microsoft.com/v1.0/users request:

"id": "d0be2ebd-0c7b-4c10-aebe-9db4c90a9594",
        "businessPhones": [],
        "displayName": "username",
        "givenName": "Jhon",
        "jobTitle": null,
        "mail": "[email protected]",
        "mobilePhone": null,
        "officeLocation": null,
        "preferredLanguage": null,
        "surname": "Smith",
        "userPrincipalName": "[email protected]"
Improve this question

2 Answers 2

Reset to default
3

You're confusion here stems from there being two different Graph APIs at the moment; Microsoft Graph API and Azure Active Directory Graph API.

Prior to Microsoft Graph rolling out there were dozens of APIs, published separately be each product group. Microsoft Graph API was created to coalesce these into a single endpoint. Obviously this is a non-trivial effort so Microsoft Graph has been absorbing APIs over the past few years. One of these absorbed APIs was the Azure Active Directory Graph API.

The API you're looking for is the Microsoft Graph API. In particular I you're looking for these Schema Extensions.

As for accessing the API from Android, you'll most likely want to use the Microsoft Graph SDK for Android. There are also a handful of Android Samples available.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for clearing that up, however, I still have the issue that Microsoft Graph API doesn't provide the actual value of the schema extension for the signed in user, only the properties of the schema extension definition. What I'm looking to retrieve is this line extension_980f32feca7d475f9e1b90a410dbee63_employeeID: S09655 is this possible in Microsoft Graph API or will I require some other method of extracting it?
1

Yes this is possible. You should be able to run a couple of different queries like:

  1. Find the user with a specific employeeId:

GET https://graph.microsoft.com/v1.0/users?$filter=extension_980f32feca7d475f9e1b90a410dbee63_employeeID eq 'S09655'

  1. Get all users AND their employeeId (need to use $select)

GET https://graph.microsoft.com/v1.0/users?$select=id,displayName,extension_980f32feca7d475f9e1b90a410dbee63_employeeID

Additionally (in the backlog, but actively in progress) we are working to expose on-premises employeeId natively as a first-class property on the user entity in Microsoft Graph. I don't have an ETA for this yet though.

Hope this helps,

Improve this answer

6 Comments

Thanks - I've attempted to run the above requests, however, I get "Unsupported Query.". Is the value for extension_980f32feca7d475f9e1b90a410dbee63_employeeID supposed to appear when I run the GET https://graph.microsoft.com/v1.0/users request as it doesn't when i run the request? I've updated my original post with what is returned when I run that request. If it is supposed to appear could it be a permissions issue I need to sort out with the IT Admin?
Interesting. Both of those work in my tenant. You'll need User.Read (for querying /me) and User.Read.All for querying all users. That should do it. NOTE: Microsoft Graph v1.0 only returns a handful of user properties by default. You need to use $select (like the second example) to see any user properties outside of the default set, including extension properties - so for the first query you would also need to add the $select statement (like the second query).
See developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/… for more about default properties and $select.
I think it may have been a permissions issue after all as I definitely have User.Read but not User.Read.All. I ran the query on the /me endpoint instead (https://graph.microsoft.com/v1.0/me?$select=extension_980f32feca7d475f9e1b90a410dbee63_employeeID) and that returned the correct value successfully. Thank you - much appreciated!
@DanKershaw-MSFT Is there any update on an ETA for employeeId becoming a part of the user entity in Microsoft Graph? If not, what do I have to do to make employeeId available in AAD when running in a hybrid one-way sync from on prem AD?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.