How to delete gmail guest account using MS Graph API

1
votes

We are trying to remove a guest user from AD using graph api. For that we use the following as describe from the documentation :

https://graph.microsoft.com/v1.0/users/{userPrincipalName}

If the user is a user with an AD domaine that works correctly but for external user with a GMAIL account for instance, the userPrincipalName is formated as below sample :

ex : serge.cal_gmail.com#EXT#@xxxx.onmicrosoft.com

When I try to get the ID of that user by fetching first its id using :

https://graph.microsoft.com/v1.0/users/serge.cal_gmail.com#EXT#@xxxx.onmicrosoft.com

It returns an error as below :

{ "error": { "code": "Request_ResourceNotFound", "message": "Resource 'serge.cal_gmail.com' does not exist or one of its queried reference-property objects are not present.", "innerError": { "request-id": "da8bdcda-6304-4c3c-93b2-6454433dcba2", "date": "2020-05-15T14:51:46" } } }

Updated : Based on your comment as a test I have encode manually the userprincipal and test it under POSTMAN, that return the correct user details.

But the issue, is that as I do not know in advance the user ID that will be generated, I am using the userPricipal name of user to fetch the user ID. In Azure AD account, userPrincipal is most of the time the email address, this is what I use the the API call to get user info.

Now for cases of GUEST account which are not based on an external AD, the problem is that the only way I have to fetch the user is by userPrincipal of guest account and when I check my user AD profile, my GUEST userPricipal info is the email address as seen in picture below :

Guest user Principal info

So by using this information to API return the error of resource not found, and this is because if I fetch the user by its ID ( which I do not know except going into the AD manually which is not the goal ) I get user principal formed as below :

enter image description here

So in Azure AD screen the real userPrincipal form of a GUEST user is hidden in a way.

So how can I fetch it correctly ?

1 - use the API normaly as any other by using the email 2 - Then catch the error message 3 in case of error reformat the userPrincipal using the wierd syntax ?

Or Does the API offer the possibilities to fetch Guest Account, then from the guest response list of users I then search for the email adress user I need and gets it ID ?

Thanks for advise

regards

1
azure-active-directorymicrosoft-graph-api

1 Answers

0
votes

You need to encode the userPrincipalName and then put it in the graph api(I test it in graph explorer). You can go to this page and input the userPrincipalName to encode it and then copy the result to your graph api, the encoded userPrincipalName will be as below:

xxxxxx.com%23EXT%23%40xxxxx.onmicrosoft.com

Hope it helps~