msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

Get-MgUser cannot return the list of managers

Open Ramesh-Pachunuri opened this issue 1 year ago • 2 comments

As per the Microsoft doc I am trying to get the list of managers via graph API (in powershell) based on the user alias and it is always returning the user information not for managers info.

[string] $TenantId = "" [string] $ClientID = "" [string] $SecretKey = "***********" $ResourceName = "https://graph.microsoft.com" $LoginURL = "https://login.microsoftonline.com" Write-Host "Logging into AzureAD to obtain access token" $Body = @{grant_type = "client_credentials"; resource = $ResourceName; client_id = $ClientID; client_secret = $SecretKey } $OAuth = Invoke-RestMethod -Method Post -Uri $LoginURL/$TenantId/oauth2/token?api-version=1.0 -Body $Body Write-Host "Obtained access token"

$url = "https://graph.microsoft.com/v1.0/users/useralias?$expand=manager($levels=max;$select=id,displayName)&$select=id,displayName"

#Construct headers $headers = @{} $headers.Add("ConsistencyLevel","eventual") $headers.Add("Authorization", "Bearer $($OAuth.access_token)") $headers.Add("Content-type", "Application/json")

Invoke-RestMethod -Method GET -Headers $headers -Uri $url

With Get-MgUser Even tried with below command via Powershell and it is throwing an error as shown below. I can able to get the single manager info when I remove the CountVariable, ConsistencyLevel parameters.

Get-MgUser -UserId $userId -ExpandProperty "manager($levels=max;$select=id,displayName)" -Property "id,displayName" -CountVariable CountVar -ConsistencyLevel eventual

Error: Get-MgUser : Parameter set cannot be resolved using the specified named parameters. At line:14 char:1

  • Get-MgUser -UserId "[email protected]" -ExpandProperty "manager( ...
  •   + CategoryInfo          : InvalidArgument: (:) [Get-MgUser], ParameterBindingException
  + FullyQualifiedErrorId : AmbiguousParameterSet,Get-MgUser

Ramesh-Pachunuri avatar Jan 02 '24 09:01 Ramesh-Pachunuri

Is it required "User.Read.All" scope to get the list of manager's chain upto root level?

Ramesh-Pachunuri avatar Jan 02 '24 10:01 Ramesh-Pachunuri

@Ramesh-Pachunuri thank you for noticing and reporting this issue. The example in the documentation is indeed misleading. You also need both "User.Read.All" and "Directory.Read.All" scopes to chain up to the root level.

timayabi2020 avatar Jan 08 '24 20:01 timayabi2020