Unable to Retrieve Members Not Synced from On-Premises Using Microsoft Graph API.

Question

I have a requirement to find all users in EntraID that are UserType "member" and are NOT Synced from on-premises. It doesn't appear that I can find users with null values. or not equals to true.

I've tried

https://graph.microsoft.com/v1.0/users?$filter=usertype eq 'Member' and onPremisesSyncEnabled+ne+true&$count=true

*fails with an error

    "error": {
        "code": "Request_UnsupportedQuery",
        "message": "Filter operator 'NotEqualsMatch' is not supported.",
  

if I try checking for null using the query below, it throws a different error

https://graph.microsoft.com/v1.0/users?$filter=usertype eq 'Member' and onPremisesSyncEnabled+eq+null&$count=true

.

  "error": {

        "code": "Request_UnsupportedQuery",
        "message": "Unsupported or invalid query filter clause specified for property 'onPremisesSyncEnabled' of resource 'User'.",

Is there something I'm missing?

Answer 1

This is an "advanced" query, so when running it make sure to include the consistencyLevel=eventual header as detailed in the official documentation: https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http

Once you add the header, it works just fine.