Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,395 questions
TargetUser Value for Add-MailboxPermission is Object/User ID instead of User name
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 11%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
David
0
Reputation points
Hi, When pulling audit events using the 365 REST API, the Target user value (in bold in the log below) shown in the log is the ObjectID instead of the actual username.
{
"AppAccessContext": {
"IssuedAtTime": "2024-07-17T05:44:57",
"UniqueTokenId": "oZs6oblynUiWSutUGtwEAA"
},
"CreationTime": "2024-07-17T05:52:00",
"Id": "5f7d4442-9e22-4f60-a9f0-08dca6249357",
"Operation": "Add-MailboxPermission",
"OrganizationId": "",
"RecordType": 1,
"ResultStatus": "True",
"UserKey": "user@example.com",
"UserType": 2,
"Version": 1,
"Workload": "Exchange",
"ClientIP": "",
"ObjectId": "Requisitions",
"UserId": "user@example.com",
"AppId": "----",
"AppPoolName": "MSExchangeAdminApiNetCore",
"ClientAppId": "",
"CorrelationID": "",
"ExternalAccess": false,
"OrganizationName": "example.onmicrosoft.com",
"OriginatingServer": "",
"Parameters": [
{
"Name": "Identity",
"Value": "e9ecdrb9-6f6d-474f-ba48-6453156255a7"
},
{
"Name": "User",
"Value": "bd146749-0cf7-4fa1-8309-93458cbf3889"
},
{
"Name": "AccessRights",
"Value": "FullAccess"
},
{
"Name": "InheritanceType",
"Value": "All"
}
],
"RequestId": "",
"SessionId": ""
}
This makes it hard for us to investigate actions and alerts. Is this expected behavior? And is it possible to apply any changes that would show the value as the actual username? Thanks