question

HarshaKuppa-1503 avatar image
0 Votes"
HarshaKuppa-1503 asked CarlZhao-MSFT edited

How to user details based on just his OID using graph API(User can be part of any tenant in AD)?

Hello,
We are migrating users in our existing system which was using OID as unique identifier to identify a set of users to a new authorization system which requires some extra data of the user as well. So we were planning to use graph API to fetch the details, however since these users are spread across multiple tenants and we do not have the TID of the user. Is there a way/process to get the details of the user through graph API by just using OID or emailID?

microsoft-graph-usersmicrosoft-graph-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarlZhao-MSFT avatar image
0 Votes"
CarlZhao-MSFT answered

Of course can not, you must have the user’s TID. In your scenario, these users are distributed in different tenants, even if you have the user’s OID, you cannot obtain user information from other tenants without authorization. And getting the user's TID is only the first step to solve the problem, and then you need to create a multi-tenant application in your tenant and grant User.Read.All application permissions to the application.

Then you need to add the multi-tenant application as an enterprise application to the tenant where the user is located, this requires you to run the admin consent url in your browser and log in with the administrator of the tenant where the user is located and consent. https://login.microsoftonline.com/{target tenant-id}/adminconsent?client_id={client-id}.

After you add the multi-tenant application to the tenant where the user is located, you can use the client credential flow to obtain the token, and then use the token to call the /users/{OID} endpoint to obtain the user information.

134217-image.png



If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in [our documentation][4] to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (27.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HarshaKuppa-1503 avatar image
0 Votes"
HarshaKuppa-1503 answered CarlZhao-MSFT edited

Thanks for the detailed answer. Is there a way I can get the TID of the user given his emailID(domain name) or using any other properties?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HarshaKuppa-1503 Hi, would you please provide us with an update on the status of your issue?

1 Vote 1 ·

Obviously, this is impossible. You definitely have no way to obtain the user's TID through the user's email ID (domain name), because these will involve privacy policies and security management. But as I said in the answer, even if you get the user's TID, this is only the first step to solve the problem. If you want to get the user information of other tenants, you obviously have to go through more challenges. So I think the easiest way is to send emails directly to these users, because you already have the mailboxes of these users.

0 Votes 0 ·