How to user details based on just his OID using graph API(User can be part of any tenant in AD)?

Harsha Kuppa 21 Reputation points Microsoft Employee

We are migrating users in our existing system which was using OID as unique identifier to identify a set of users to a new authorization system which requires some extra data of the user as well. So we were planning to use graph API to fetch the details, however since these users are spread across multiple tenants and we do not have the TID of the user. Is there a way/process to get the details of the user through graph API by just using OID or emailID?

Microsoft Graph Users API
Microsoft Graph Users API
A Microsoft API that allows you to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
731 questions
Microsoft Graph Identity API
Microsoft Graph Identity API
A Microsoft API to access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization, and, if you are a Cloud Solution Provider (CSP), managing your customer's data.
285 questions
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 23,436 Reputation points

    Of course can not, you must have the user’s TID. In your scenario, these users are distributed in different tenants, even if you have the user’s OID, you cannot obtain user information from other tenants without authorization. And getting the user's TID is only the first step to solve the problem, and then you need to create a multi-tenant application in your tenant and grant User.Read.All application permissions to the application.

    Then you need to add the multi-tenant application as an enterprise application to the tenant where the user is located, this requires you to run the admin consent url in your browser and log in with the administrator of the tenant where the user is located and consent.{target tenant-id}/adminconsent?client_id={client-id}.

    After you add the multi-tenant application to the tenant where the user is located, you can use the client credential flow to obtain the token, and then use the token to call the /users/{OID} endpoint to obtain the user information.


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in [our documentation][4] to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Harsha Kuppa 21 Reputation points Microsoft Employee

    Thanks for the detailed answer. Is there a way I can get the TID of the user given his emailID(domain name) or using any other properties?