Forum Discussion

EntilZha's avatar
EntilZha
Iron Contributor
Jan 10, 2020
Solved

Microsoft Graph Filter by specific Domain Name

  • I have over 20000 users and we have four sub-domain.
  • I'm trying reduce the results when making a Graph call by only calling those users with a specific userPrincipalName sub-domain.

When I execute the query it's return all users that has the main domain and the users that has sub-domain. 

 

Question: How can I execute a graph call and return only users with specific sub-domain along with the other filters.

 

$uri = "https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=appDisplayName eq 'Windows Sign In' AND deviceDetail/operatingSystem eq 'Windows' AND createdDateTime ge $CurrentDate AND endwith(userPrincipalName,'@group.maindomain.net') &$Top=1000"

 

Thank You,

 

-Larry

Azure Active Directory (AAD)
  • VasilMichev's avatar
    VasilMichev
    Jan 10, 2020

    As noted in the documentation, only startswith and eq operators are supported for userPrincipalName. Welcome to the wonderful world of crappy oData filtering...

6 Replies

  • Michael-Schmitz's avatar
    Michael-Schmitz
    Brass Contributor
    Aug 08, 2022

    Sadly the endsWith query-filter ist not supported yet. But there is a way around it, it's not so elegant since we're first getting all the users and then reselect the ones with the specific domain:

    Connect-MgGraph -Scopes "User.Read.All"

$DisabledDomainUsers = Get-MgUser -Filter 'accountEnabled eq false' -All | Where-Object {$_.Mail -like "*@domain.ch"}


    The following Modules are needed to use the commands above:

    Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module Microsoft.Graph.Users -Scope CurrentUser
  • VasilMichev's avatar
    VasilMichev
    MVP
    Jan 10, 2020

    As noted in the documentation, only startswith and eq operators are supported for userPrincipalName. Welcome to the wonderful world of crappy oData filtering...

    • EntilZha's avatar
      EntilZha
      Iron Contributor
      Jan 10, 2020

      Thijs Lecomte  Thank you for responding, I've added the "S" and still not working. Also, I moved the endswith at the beginning of the URL. Sorry to say I can't use the onmicrosoft.com address, it doesn't have the sub-domain attached to the onmicrosoft.com address 

       

      All the other filters is working just that one filter I'm having the issue.

       

      $uri = "https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=endswith(userPrincipalName,'southeast.xxxxxxxxxxxx.org') AND appDisplayName eq 'Windows Sign In' AND deviceDetail/operatingSystem eq 'Windows' AND createdDateTime ge $CurrentDate &$Top=1000"

       

      Thank You,

       

      -Larry

      • Thijs Lecomte's avatar
        Thijs Lecomte
        Bronze Contributor
        Jan 10, 2020
        Could you try it with just the filter on the UPN and check what that gives you?

Resources