Microsoft Graph API: admin can't list other users people

1
votes

Logged in as the Office 365 Global Administrator, I want to get the relevant people list for any user in Active Directory.

I can get my calls to return using

https://graph.microsoft.com:443/v1.0/users('[email protected]')/people

and

https://graph.microsoft.com:443/v1.0/users/{the user id}/people

and 

https://graph.microsoft.com:443/v1.0/users('{the user id}')/people

and 

https://graph.microsoft.com:443/v1.0/users/[email protected]/people

but, as an Office 365 admin with People.Read.All consent in the app, the call only returns one person (the target user's profile) for any user but myself. If I call it for my user I get a list of ten people

If I log in as that other person and make the People List API call it returns the expected ten results.

JWT scope: "scp": "Files.ReadWrite Mail.Send People.Read.All User.Read

I have to change the scope to People.Read for the non-admin.

https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_people

2
microsoft-graph-api
You can only fetch people who are in your contacts list.Hey24sheep
Can you elaborate? The API documentation does not mention anything like that. developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/…Sean Anderson
Okay, I misunderstood your question. I though you were trying to get contacts of some other users. Let me post my answer.Hey24sheep
Additional notes: This is a work/school account and I made sure to explicitly add People.Read.All delegated permissions for the app in the Microsoft application registration portal. I am using the Graph Quickstart Xamarin app with updated Microsoft.Graph 1.6.2 nuget package. I get the same results in the Graph Explorer on the website.Sean Anderson
I have updated my answer. I used the explorer and tried there demo account. It seems to work perfectly fine.Hey24sheep

2 Answers

0
votes

the call only returns one person (the target user's profile) for any user but myself.

Answer is in the API Doc. As the document says.

Retrieve a collection of person objects ordered by their relevance to the user, which is determined by the user's communication and collaboration patterns and business relationships.

The following request gets the people most relevant to another person in the signed-in user's organization

https://graph.microsoft.com:443/v1.0/users('[email protected]')/people

It might happen that there is no one relevant to that user.

If you want the list of contacts in other user's contact list then you can refer to this one : https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_contacts

UPDATE

https://developer.microsoft.com/en-us/graph/graph-explorer

I used the demo account on this website. I used this query https://graph.microsoft.com/v1.0/users/08fa38e4-cbfa-4488-94ed-c834da6539df/people It worked.

This query gives the same result

https://graph.microsoft.com/v1.0/users('08fa38e4-cbfa-4488-94ed-c834da6539df')/people

Same result https://graph.microsoft.com/v1.0/users('[email protected]')/people/

Same result https://graph.microsoft.com/v1.0/users/[email protected]/people/

If you still can't get it to work and specially on Graph Explorer Website. Then it means that according to Microsoft there are no relevant people for that particular user.

As you can see there are different ways to use the same thing. Try it all if it works. Let me know.

0
votes

I am not seeing this behavior in the Graph Explorer sample tenant. The behavior seems to indicate that this is auth-related. I would try to sign in with the admin again and make sure that you've consented to any of the admin-only scopes. Additionally, one thing you can do to figure out whether you have the appropriate scope in your token is decoding the JWT and examining the "scp" collection.