I want to use Graph API to get Hometown information from members of a specific group.
How can I do it?
I am retrieving Name without problem but not the other fields.
On graph explorer I try this string :
GET GROUP-ID-NUMBER/members?fields=name
But if I use this string, I get only Administrator,ID, Name Field
GET GROUP-ID-NUMBER/members?
I want to make group statistics and I want to known also members hometown.
To get more information members of the group must authorize your app with correct permissions for Hometown. You must also be a member of the same group for that purpose. so you need to have an app and you will get only those members correct information who will authorize your app.
Related
I am trying to use the AWS SSO SCIM API in order to retrieve the AWS SSO groups for a particular user.
Looking at the documentation https://docs.aws.amazon.com/singlesignon/latest/developerguide/listgroups.html
It mentions the following
To see group info for a certain member, call ListGroup with a member filter
If you're using the member filter, you have to use the id filter (refer to supported filter combinations).
It appears that the id filter, is the group ID, because of this note: Note that the use of id as an individual filter, while valid, should be avoided as there is already a getGroup endpoint available.
Also, at https://docs.aws.amazon.com/singlesignon/latest/developerguide/limitations.html next to the members attribute it mentions that it is supported, but cannot be read in a response.
I have been playing with the API but could not get any group info for a user regardless of the combination of the parameters.
Based on the above, I conclude that the API does not support retrieving group data for a user. Would you agree?
I don't have access to an AWS SSO SCIM endpoint, but from looking at the documentation I suspect one of the two approaches may be possible:
GET /users/id and look at the value for "groups" - this one seems questionable as the limitations page says they support the user resource's "groups" attribute, but there's also a note about not supporting multi-valued user attributes. You may need to explicitly add the ?attributes=groups parameter to your GET to ask for that attribute to be returned, if it is in fact supported.
GET /groups?filter=members[value eq "userId"] or some variation of that depending on what syntax they allow. This isn't listed as supported, but if it works, I expect that you would get a list of groups in response that did not contain the "members" attribute - but that each group returned would match the query.
There's some amount of uncertainty with both of these, but with the information available those seem like the two most likely paths to successfully accomplish what you are aiming for. If neither of those work, it may not be possible - but a support case with AWS would probably be helpful to confirm there.
As #ZollnerdMSFT recommended, I raised an AWS support request. AWS support responded that the AWS SSO SCIM API does not support retrieving the groups associated with a user. They have submitted this as a feature request internally, however, cannot provide an estimate as to when it will be implemented.
Is there an API that lets an application send invitations and requests to join a group?
I have checked the Google Directory API at https://developers.google.com/admin-sdk/directory/v1/reference/, but all I can find is the members API that lets an application directly add members.
What I am looking for is :
- to send a request to join a group,
- to list, accept or reject such requests,
- to send an invitation to join a group,
- to list, accept or reject such invitation.
I had no luck checking the reference, a google search and a search on stack overflow also turned out nothing. Does anyone know if such an API even exist, and if so, where can I find the documentation?
Currently there seems to be no ad-hoc API method for that. The currently supported group operations can be found in Directory API: Group Members namely: add member, update group membership, retrieve a group member, retrieve all group member and delete member. You'd have to implement the other functionalities you mentioned.
I have a local group on my computer Grp1 to which I want to check membership of domain users. I have already used NetUserGetLocalGroups for this. But the problem I encounter is when the domain user is not a direct member of the group Grp1. For example, let's say there are two domain groups say DomainGrp1 and DomainGrp2. Now, my user DomainUser1 is part of group DomainGrp2 and the DomainGrp2 is part of DomainGrp1 and the group DomainGrp1 is part of the local group Grp1. If I use this NetUserGetLocalGroups in the aforementioned scenario, the API doesn't enumerate Grp1 for DomainUser1 but in actual the DomainUser1 is part of the Grp1 indirectly.
Also please note that if the DomainUser1 is directly member of DomainGrp1 instead of DomainGrp2 (with the DomainGrp1 be the member of Grp1). The API enumerates the Grp1 perfectly. Could somebody help me with this problem?
I have tried impersonation using LogonUser API. But the problem I have is when the user is marked for changing password at next log on. Then the API returns false and hence I cannot get the impersonation token.
PS: I don't want to use any Directory Services API.
I could find similar problem on MSDN link
I'm designing a REST service which organizes groups and users.
For example:
GET /groups - gets all the groups
GET /groups/1 - gets a specific group
GET /groups/1/users - gets the users in the group
GET /users/1 - the actual user, which may be in multiple groups
POST /groups/1/users - with the post parameters of user_id=1 to add a user to a group
What would be the appropriate way to handle this?
DELETE /groups/1/users/1 seems to be a valid way to do it but then the GET to the same url would return the user record which is a duplicate of the resource /user/1?
or should it be DELETE /groups/1/users?user_id=1?
Wondering which is the most RESTful way to do this.
I think that a good design would make explicit the membership of a user within a particular group - as a separate resource. So, there are groups, users, and the membership of a user within a group.
Therefore, GET /groups/1/users would return a list of membership resource identifiers: /groups/1/users/{member_id} on which you could do a DELETE. Each of these "memberships" is of course associated with a particular user, so you would have to somehow know which member_id is associated with which user_id. The easiest way to do this is to make member_id have the same semantics as user_id, as you suggest in the question (so /groups/1/users/1 means "user 1's membership in group 1"). Following that, if you do a GET on /groups/1/users/{member_id} you could just redirect to /users/{user_id}. Or in a more complex example, this resource would no redirect to a user but link to it and also include some other information, for example the date when the user joined the group, her status in the group, etc.
The other option I can think of would utilize the PATCH method to modify the collection resources (/groups/1/users): see https://www.rfc-editor.org/rfc/rfc5023. But using a DELETE seems more natural.
I am currently working on a project where I need to query Active Directory to determine group membership of a user. I initially was locating the user and retrieving the memberOf attribute. The problem with this is that there is a domain and a child domain. The groups are universal groups so they can be used in both domains and they don't show up in the memberOf attribute. Unfortunately there doesn't seem to be much info around for Active Directory access with C++. Is there anyway to determine group membership in this case in C++?
If you are using managed C++, you can use UserPrincipal.GetAuthorizationGroups.
If you are not using managed C++, to solve this particular problem, you should bind to Global Catalog and do a LDAP search on the member attribute of the group object to find out which Universal Group containing the user. You should limit your search by specifing the groupType, objectCategory and objectClass.
However, like I mentioned in another post , group enumeration in general is very hard to do it right. If you just need to find out all the groups a user belongs to, your best bet is to use S4USelf