How to get users list from office 365 admin?

1
votes

Recently I successfully fetched the users added to https://admin.google.com/ using the google Directory API and did a server to server authentication for the task.

Now, I need same things to be done in Office 365. Where do I start it ? Like https://admin.google.com/ what does it have in office 365.

**Is it a Azure Active Directory subscription what I need **

where and How to start with office 365 API? Though I found this https://msdn.microsoft.com/en-us/office/office365/api/api-catalog looks like it is more associated with outlook but not the users from office 365 admin

Can I get something like google-python-api-client for office 365 as I am working from python. It's not officially available here https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries

Does it have server to server authentication service like for google api where we can make the authorization with p12 or json file. Why I need this is because I am working in console application

Thanks

1
python-2.7authenticationauthorizationoffice365office365api
Something like the Powershell command Get-MsolUser? docs.microsoft.com/en-us/powershell/module/msonline/…Matt
Do you think this work in my case. Because I am working in python in ubuntu platform. Yes there is a module called subprocess through which I am running the terminal command.But as its what runs in command prompt .How do I make it run from ubuntu terminal ,that might help to solve the issueTara Prasad Gurung
I doubt you can run that script on ubuntu as it depends on PowerShell and also a lot other C# assembliesMatt

1 Answers

1
votes

Here is a console application that gets the list of users in an Office 365/Azure Active Directory:

from azure.graphrbac import GraphRbacManagementClient
from azure.graphrbac.models import UserCreateParameters, PasswordProfile
from azure.common.credentials import UserPassCredentials

# e.g. [email protected]
admin_user_name = '<admin email account>'
admin_password = '<admin password>'
# e.g. yourcompany.onmicrosoft.com
tenant_id = "<office 365 company url>"

credentials = UserPassCredentials(
            admin_user_name,      # Your user
            admin_password,          # Your password
            resource="https://graph.windows.net"
    )

graphrbac_client = GraphRbacManagementClient(
    credentials,
    tenant_id
)
users = graphrbac_client.users.list();
for user in users :
    print(user)

This script works with Office 365 accounts (which are backed by Azure AD), and also with Azure AD instances created manually within Azure.

There is a confusing array of libraries for working with Azure, but I would suggest you start here: Azure Active Directory Graph Rbac API

Regarding your question about "server to server" authentication: You could just use the (somewhat insecure) username and password as my code does above. Alternatively, you could create an "Application Principal" in Azure AD, and grant it access to your Graph API, but in my experience, this gets hard and complicated pretty fast -- I'm not sure that the Python libraries would even have all the API calls you would need.