How to detete an external AD user using MS Graph API

serge calderara (Solatys) 116 Reputation points
2020-05-15T15:02:09.793+00:00

Dear all,

We are trying to remove a guest user from AD using graph api.
For that we use the following as describe from the documentation :

https://graph.microsoft.com/v1.0/users/{userPrincipalName}

If the user is a user with an AD domaine that works correctly but for external user with a GMAIL account for instance, the userPrincipalName is formated as below sample :

ex : serge.cal_gmail.com#EXT#@xxxxxxxxxxxxx .onmicrosoft.com

When I try to get the ID of that user by fetching first its id using :

https://graph.microsoft.com/v1.0/users/serge.cal_gmail.com#EXT#[@](/users/na/?userId=189d14d4-bffd-0003-0000-000000000000).onmicrosoft.com

It returns an error as below :

{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource 'serge.cal_gmail.com' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"request-id": "da8bdcda-6304-4c3c-93b2-6454433dcba2",
"date": "2020-05-15T14:51:46"
}
}
}

What is the way to fetch correctly that type of user using graph api ?

regards

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,453 questions
0 comments No comments
{count} votes

Accepted answer
  1. serge calderara (Solatys) 116 Reputation points
    2020-05-19T07:55:32.187+00:00

    Thanks for your reply, I will give a try..

    by the way it is possible from the filter url to return from the user only the Id atrribute because this is the onlything I need to be able to delete the user afterwards

    Does something like this is possible :
    https://graph.microsoft.com/v1.0/users?$filter=mail**$select=id**

    Thanks for your reply

    regards

    1 person found this answer helpful.

4 additional answers

Sort by: Most helpful
  1. soumi-MSFT 11,761 Reputation points Microsoft Employee
    2020-05-15T15:41:51.843+00:00

    @serge calderara (Solatys) . if you know the value for user's either displayname or mail you can use the following graph api call to fetch the same:

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    2 people found this answer helpful.
    0 comments No comments

  2. serge calderara (Solatys) 116 Reputation points
    2020-05-18T15:55:32.36+00:00

    Thanks for your reply,

    Based on your second sugestion of using the filter to get the user email ..

    Question :
    Can I use this filter approach to fecth user ID for Ad user or it is only for account like Gmail without AD behind ?

    I means does making this filter query will make the same thing as using the userPrincipalName as I was doing initialy with AD user

    Thanks for your clarification

    regards

    1 person found this answer helpful.

  3. soumi-MSFT 11,761 Reputation points Microsoft Employee
    2020-05-19T08:26:05.47+00:00

    @sergecalderaraSolatys-4285, Yes, that is absolutely possible:

    Sample Query: https://graph.microsoft.com/v1.0/users?$filter=mail eq 'user_email_address'&$select=displayName,id

    I used this sample, this sample would only return the displayName and id attribute's values in the output. If you just want id attribute's value, then remove displayName from the $select query parameter.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    1 person found this answer helpful.
    0 comments No comments

  4. serge calderara (Solatys) 116 Reputation points
    2020-05-19T12:21:03.72+00:00

    Thnaks for your reply,

    I have a wierd issue, when I try the filter in POSTMAN, it return the correct record based on the provided email

    but when I use it in groovy script, it return my all users instead of the filter record,

    here is my method below :

    public String getUserIdByEmailQuery(String AuthToken,String userEmail){
    
            String _userId
    
                def http = new HTTPBuilder(graph_base_user_url +"?")
                http.request(GET) {
    
                    requestContentType = ContentType.JSON
                    query:[ $filter:"mail eq '$userEmail'" ]
    
                    headers.'Authorization' = "Bearer " + AuthToken    
    
                    response.success = { resp, json ->
                        //_userId=json["id"].toString()
                        _userId=json
                    }
    
                    // user ID not found : error 404
                    response.'404' = { resp ->       
                        _userId = 'Not Found'
                    }
    
                }
                _userId
            } 
    

    The graph_base_user_url parameter is equal to "https://graph.microsoft.com/v1.0/users"

    Any reason why it returns all users ?

    regards

    1 person found this answer helpful.