【Azure Developer】AAD API如何获取用户“Block sign in”信息(accountEnabled)

问题描述

使用API获取所有Azure AD中的用户列表,API所参考的文档:https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http,如果想过滤出“Block sign in”为no的人,如何获取?

 

解决办法

在对Azure AD User的属性进行分析后, Block Sign In就是accountEnabled属性。所以是可以通过$filter参数来进行筛选。

accountEnabled Boolean true if the account is enabled; otherwise, false. This property is required when a user is created. Supports $filter.

 

 

如果单独使用accountEnabled属性作为过滤条件的完整URL为:https://microsoftgraph.chinacloudapi.cn/beta/users?$filter=accountEnabled eq false

通常,在使用$filter时,都是需要多个条件,如accountEnabled和userPrincipalName的endsWith条件结合使用,当启用到endsWith等filter函数时,需要注意以下两点:

  1. 和$count=true搭配使用
  2. 在Request Header中添加ConsistencyLevel:eventual

 

 

Python的示例代码如:

import http.client

conn = http.client.HTTPSConnection("microsoftgraph.chinacloudapi.cn")
payload = ''
headers = {
  'ConsistencyLevel': 'eventual',
  'Authorization': 'Bearer '
}
conn.request("GET", "/v1.0/users?$filter=endswith(userPrincipalName,'n')%20and%20accountEnabled%20eq%20false&$count=true", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

 

参考资料

Get a user account using a sign-in namehttps://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http#example-2-get-a-user-account-using-a-sign-in-name

User resource propertieshttps://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties

Unable to filter with endswith: https://github.com/microsoftgraph/microsoft-graph-docs/issues/4331

posted @ 2021-04-07 22:15  路边两盏灯  阅读(206)  评论(1编辑  收藏  举报