So it turns out you can’t use the Graph API to filter on empty properties! Aaaaaaaaaaaargh.
Thought that would be a basic thing when I set out to use Graph API to try and filter out users in our environment that had a null extension attribute. But nope, not possible. Loads of Google results on the same. Finally had to resort to the AzureAD cmdlets.
Another thing I wanted to do today was find the AzureAD equivalent of on-prem extension attributes (check out this SO post). Couldn’t figure out a way of finding all these Azure AD extension attributes via Graph. Finally I had to use Get-AzureADExtensionProperty and armed with that info I could use Graph API.
|
1 |
Get-MgUser -UserId $_.Id -Property extension_xxxx_msDS_cloudExtensionAttribute13).AdditionalProperties.extension_xxxx_msDS_cloudExtensionAttribute13 |
Sigh.