question

SamWheat-7447 avatar image
0 Votes"
SamWheat-7447 asked SamWheat-7447 commented

How to look up a user by personal email address?

I asked this queston on Stackoverflow and also here and I have not yet received an answer. I hope this is the right place to ask:

This question was also posted on StackOverflow.

I actually have two questions which may possibly be related:

Question 1: Why does user personal email address appear in Azure portal as User Principal Name?

Question 2: How do I look up a user by their personal email address?

The email address I will be looking for is the one used as a sign in name so I expect that it should appear in a property like signInNames as is mentioned below.

Steps to reproduce:

Log into Azure portal, Look at a random user and observe their User Principal Name.
Note it appears in the format of a personal email address (joe@somedomain.com). Copy the users Object ID.

In code, create a new GraphServiceClient and retrive the user by object ID using the Object ID copied in the step above.

 GraphServiceClient client = GetGraphServiceClient();
 User user = await client.Users[userID].Request().GetAsync();

In the User object that is returned, note the value of UserPrincipalName is not what is shown in Azure portal as noted in the first step. It is instead an assigned identifier: cpim_96fe-48b5-88a2-9ac960a6bdab@mydomain.onmicrosoft.com.


Attempt to find a user using personal email address See also:


 GraphServiceClient client = GetGraphServiceClient();
 IGraphServiceUsersCollectionPage users = await client.Users.Request().Filter("userPrincipalName eq 'joe@somedomain.com'").GetAsync(); // Count = 0
 IGraphServiceUsersCollectionPage users = await client.Users.Request().Filter("mail eq 'joe@somedomain.com'").GetAsync(); // Count = 0



As recommended by this answer, this does not work either:


 IGraphServiceUsersCollectionPage users3 = await client.Users.Request().Filter("signInNames/any(x:x/value eq 'joe@somedomain.com')").GetAsync(); // error Filter not supported.

My Azure Application has User.ReadWrite.All permission. Personal email address does not appear as any property value for any object I retrieve.


azure-active-directoryazure-ad-b2c
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered SamWheat-7447 commented

Hello @SamWheat-7447

For some Identity providers, personal email address is populated as Sign-in name and for some IDPs personal email is populated in otherMails attribute. For example:

  • Users signed up for local account in B2C have their email address populated as Sign-in name.

  • Users signed up via Facebook account in B2C have their email address populated as Alternate Email (otherMails attribute) and not as Sign-in name.

17346-image.png

Below are the Graph Calls that you can use to find a user by using his/her email address in both cases:

  • To search users when email address is populated as Alternate Email:
    17310-image.png

  • To search users when email address is populated as Sign-in Name:
    17286-image.png

Note: When filtering on the Sign-in name (identities property), you must supply both issuer and issuerAssignedId.

Apologies for sharing the graph calls as images. Due to some syntax I was being blocked from posting this answer.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



image.png (8.1 KiB)
image.png (3.6 KiB)
image.png (5.4 KiB)
· 5
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SamWheat-7447 avatar image SamWheat-7447 ·

Thank you very much for your detailed response. I tried to implement your answer exactly as specified and received the errors shown here: I will add more later - site does not allow me to comment.

     // Exact call to graph:
     https://graph.microsoft.com/beta/users?$filter=otherMails/any(id:id%20eq%20'my.name@outlook.com')
        
     Error message:
        
     System.NotSupportedException : The collection type 'Microsoft.Graph.IUserAppRoleAssignmentsCollectionPage' on 'Microsoft.Graph.User.AppRoleAssignments' is not supported.
        
     [Question regarding above error](https://stackoverflow.com/questions/62776361/how-to-use-graph-explorer-sdk)
        
     [Instruction to use GraphClient](https://docs.microsoft.com/en-us/graph/sdks/create-client?tabs=CS)
0 Votes 0 ·
amanpreetsingh-msft avatar image amanpreetsingh-msft SamWheat-7447 ·

@SamWheat-7447 To narrow down the issue, could you please try these Graph Calls using Graph Explorer after signing-in with Global Administrator or User Administrator account by clicking on Sign in to Graph Explorer button on the left pane. Also make sure the user account that you are using is a member account in your B2C tenant (created via Azure Portal > Azure Active Directory > Users > New User > Create User option) and is not a guest or signed-up user.



0 Votes 0 ·
SamWheat-7447 avatar image SamWheat-7447 amanpreetsingh-msft ·

Please reply on this ticket on stackoverflow https://stackoverflow.com/questions/63274996/microsoft-graph-how-to-look-up-a-user-by-personal-email-address/63281875#63281875

Please post your answer as an answer to that ticket and I will show most recent code I have tried in response to your answer.

This forum does not allow sufficient space to post my code. If we continue to use it, it will take months to resolve this issue.


0 Votes 0 ·
Show more comments
SamWheat-7447 avatar image SamWheat-7447 SamWheat-7447 ·

Thank you for your help :)

0 Votes 0 ·