Simple… I am trying to get the SAM account name field out of Azure using a call to Graph. I’ve already received the access token, and so I then make a call to graph using the "me" URL — https://graph.microsoft.com/v1.0/me, but what comes back never contains the specified field, and I’ve tried multiple spelling variations.
I’ve also decoded the access token, and it’s not in there either. This is the code I’m using:
<cfset apiUrl = "https://graph.microsoft.com/v1.0/me">
<cfscript>
graphqlQuery = '{
me {
displayName
mail
userPrincipalName
SAMAccountName
onpremisessamaccountname
}
}';
requestBody = {
query = graphqlQuery
};
</cfscript>
<cfhttp url="#apiUrl#" method="get" result="apiResponse" charset="utf-8" timeout="60">
<cfhttpparam type="header" name="Authorization" value="Bearer #cookie.at#">
<cfhttpparam type="header" name="Content-Type" value="application/json">
<cfhttpparam type="body" value="#serializeJSON(requestBody)#">
</cfhttp>
Any idea what I’m doing wrong? Thank you for your help.
2
Answers
Thanks to others at my company who have worked with Azure, we figured it out. Here's the code I used to get it.
Note that cookie.at is the access token retrieved previously.
The
samAccountName
attribute is part of the standard on-prem Active Directory Schema. By default, Azure AD schema does not contain this attribute.The only way this will exist in Azure is if you have configured Azure AD Connect to synchronise your users from on-premises to Azure.
The attribute you may be looking for is
userPrincipalName
. This is what a user would log in to Azure with; they would never user their samAccountName.