我正在开发一个 Python 脚本,该脚本从 AD 和图形 API (v1.0) 中提取用户数据,以对遇到帐户问题(邮箱问题、预配等)的用户执行"运行状况检查"。
我目前正在寻找PowerShell命令的图形等效项:
Get-MsolUser -UserPrincipalName MAIL_ADDRESS@domain.com).errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription
我花了一些时间搜索 GraphAPI 文档,甚至浏览了响应对象本身的模板,但除了高级面值属性(如 UPN、电话号码等)之外,找不到任何返回的用户对象属性。 扩展属性是我能找到的唯一远程深入属性,甚至那些也不是非常详细)。
有谁知道这个Powershell命令的Graph等效项,或者即使可能有其他方法可以从Exchange服务器中提取一些更深层次的用户对象数据,那就太好了!
以下链接可以找到可在 Azure AD 上执行的操作列表
Azure AD Graph API
要获取用户详细信息,您可以从Powershell调用以下api:
GET https://graph.windows.net/myorganization/users/{user_id}?api-version
要从 powershell 调用它,您可以按照以下代码片段进行操作,只需将以下 api url 替换为用户特定的 url。
$response = Invoke-WebRequest -Uri "https://main.b2cadmin.ext.azure.com/api/trustframework?tenantId=$AzureSubscriptionTenantId&overwriteIfExists=$overwriteIfExists" -Method POST -Body $strBody -ContentType "application/xml" -Headers $htHeaders -UseBasicParsing -ErrorAction SilentlyContinue
它可以返回具有以下详细信息的 json 对象:
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element",
"odata.type": "Microsoft.DirectoryServices.User",
"objectType": "User",
"objectId": "13addec1-c5ae-47f5-a1fe-202be14b1570",
"deletionTimestamp": null,
"accountEnabled": true,
"signInNames": [],
"assignedLicenses": [
{
"disabledPlans": [],
"skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
}
],
"assignedPlans": [
{
"assignedTimestamp": "2014-10-14T02:54:04Z",
"capabilityStatus": "Enabled",
"service": "exchange",
"servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
},
{
"assignedTimestamp": "2014-10-14T02:54:04Z",
"capabilityStatus": "Enabled",
"service": "SharePoint",
"servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
},
{
"assignedTimestamp": "2014-10-14T02:54:04Z",
"capabilityStatus": "Enabled",
"service": "SharePoint",
"servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
},
{
"assignedTimestamp": "2014-10-14T02:54:04Z",
"capabilityStatus": "Enabled",
"service": "MicrosoftCommunicationsOnline",
"servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
},
{
"assignedTimestamp": "2014-10-14T02:54:04Z",
"capabilityStatus": "Enabled",
"service": "MicrosoftOffice",
"servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
},
{
"assignedTimestamp": "2014-10-14T02:54:04Z",
"capabilityStatus": "Enabled",
"service": "RMSOnline",
"servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
}
],
"city": "Tulsa",
"country": "United States",
"creationType": null,
"department": "Sales & Marketing",
"dirSyncEnabled": null,
"displayName": "Garth Fort",
"facsimileTelephoneNumber": null,
"givenName": "Garth",
"immutableId": null,
"jobTitle": "Web Marketing Manager",
"lastDirSyncTime": null,
"mail": "garthf@a830edad9050849NDA1.onmicrosoft.com",
"mailNickname": "garthf",
"mobile": null,
"onPremisesSecurityIdentifier": null,
"otherMails": [],
"passwordPolicies": "None",
"passwordProfile": null,
"physicalDeliveryOfficeName": "20/1101",
"postalCode": "74133",
"preferredLanguage": "en-US",
"provisionedPlans": [
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "exchange"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "MicrosoftCommunicationsOnline"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "SharePoint"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "SharePoint"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "MicrosoftOffice"
}
],
"provisioningErrors": [],
"proxyAddresses": [
"SMTP:garthf@a830edad9050849NDA1.onmicrosoft.com"
],
"sipProxyAddress": "garthf@a830edad9050849NDA1.onmicrosoft.com",
"state": "OK",
"streetAddress": "7633 E. 63rd Place, Suite 300",
"surname": "Fort",
"telephoneNumber": "+1 918 555 0101",
"usageLocation": "US",
"userPrincipalName": "garthf@a830edad9050849NDA1.onmicrosoft.com",
"userType": "Member"
}
以下是用于调用同一 API 的 python 等效代码:
########### Python 2.7 #############
import httplib, urllib, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = httplib.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/users/{user_id}?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.parse.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = http.client.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/users/{user_id}?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
希望这能帮助您找到所需的内容。如果您想从powershell调用它,请告诉我,我可以帮助您执行命令。