Azure AD: User Identities

whgibbo 0 Reputation points
2023-03-01T17:15:43.3333333+00:00

Hi,
I have an app that needs to work with OnPremise AD and Azure AD.. Currently we are obtaining the logged in user via a windows API. Same value can be seen when using command line tools:

  • whoami
  • dsregcmd /status

Now when the user is a pure Azure AD user (I.E. machine is not joined to onpremise AD and user only exists in Azure AD) we see the following:

  • whoami - azuread**surnameforename or azuread**forenamesurname
  • dsregcmd / status (Executing Account Name) - azuread**surnameforename or azuread**forenamesurname and the usersemailaddress.

So here is the questions/issues:

  1. I've checked https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0 and output of graph requests and can't see an attribute for this... Am I missing something?
  2. The value here seems to match the displayname with any non samaccountname characters removed. However the display name is not unique. When you have 2 users with the same value you see the second user has the following suffixed added _x1as1of

Any thoughts on this, as it seems a little odd

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Zehui Yao_MSFT 5,826 Reputation points
    2023-03-02T02:25:00+00:00

    Hi @whgibbo , for Microsoft graph,

    you can use the GET /users/{id | userPrincipalName} endpoint to get information about users in your AD tenant. And use $select to get the other properties and relationships for the user object. Hope this help you. Best Wishes.


  2. whgibbo 0 Reputation points
    2023-03-06T16:07:22.6466667+00:00

    Did some digging seems that Microsoft opted to used the displayname and has been like that for 12 years!

    So can't see it changing.. :(

    0 comments No comments