Forum Discussion
Queries that work in Graph Explorer don't seem to using PowerShell equivalent
Is it me or can someone explain why a query using MS Graph Explorer like the following returns AzureAD / EntraID user extension properties without issue but the analogous PS cmdlet Get-MgUser cannot retrieve the same?
Microsoft Graph Explorer:
https://graph.microsoft.com/v1.0/users?$select=displayName,givenName,surname,userPrincipalName,accountEnabled,onPremisesSyncEnabled,jobTitle,employeeID,extension_<appId>_AcademicCredentials,extension_<appId>_PhoneExtension,extension_<appId>_Site&$Count=true
ConsistencyLevel: eventual
PowerShell:
Get-MgUser -ConsistencyLevel eventual -Count userCount -Property displayName,givenName,surname,userPrincipalName,accountEnabled,onPremisesSyncEnabled,jobTitle,EmployeeID,extension_<appId>_AcademicCredentials,extension_<appId>_Site,extension_<appId>_PhoneExtension -All | Select displayName,givenName,surname,userPrincipalName,accountEnabled,onPremisesSyncEnabled,jobTitle,EmployeeID,extension_<appId>_AcademicCredentials,extension_<appId>_Site,extension_<appId>_PhoneExtension
Both methods are using the same MS Graph v1.0 API. This is fairly simple and straightforward to accomplish using the soon to be deprecated AzureAD PS module!
1 Reply
I'm hoping you've managed to find a solution to your problem. If so, perhaps this might help someone else, who may stumble upon this discussion, in the future. However, if you haven't found a solutions yet, I'm happy to offer a few suggestions.
Since you didn't really mention anything regarding an App Registration in Azure/Entra, I will have to make a few assumptions. Please, don't be offended, as it is not my intention to insult your intelligence.
With that said, it needs to be noted that any Authentication or Consent given through the Microsoft Graph API Explorer App, is specific to that App/Session. I personally use the Explorer App for Testing HTTP Requests/Responses to specific Endpoints, etc. However, I use my App Registration ID & Client Secret, to Authenticate from PowerShell.
Therefore, if you haven't done so, you will need to Setup your App Registration, in Azure/Entra. If this is already completed, you may want to check it over again, to ensure that it is configured correctly and that you have the required permissions set, etc.
If you plan on using a Client Secret or Certificate to Authenticate (as opposed to your O365/Azure Login Credentials), you are going to want to utilize "Application Permissions". This is usually the method I use for Automated Scripts, etc.
On the other hand, if you want to use O365/Azure Credentials, you'll want to utilize the "Delegated Permissions". I might use this method in an App that I'm expecting my fellow IT coworkers or the End-Users will use.
Once you have this Step Completed, you will need to Authenticate using the Microsoft Graph PowerShell Module.
Once you are successfully Authenticated, should be able to utilize the Microsoft Graph API PowerShell Module to Connect and Run your Cmdlet (Get-Mguser).
It is possible to perform each one of these steps, using PowerShell, but I recommend that you familiarized yourself with the Azure/Entra App Registration process, via the Web UI/Portal, beforehand.
https://learn.microsoft.com/en-us/powershell/microsoftgraph/app-only?view=graph-powershell-1.0
I will include one more additional Resource, which goes over the entire process, from beginning to end, while also going over the process for generating and using a Certificate for Authentication.
https://www.alitajran.com/connect-to-microsoft-graph-powershell/
Let me know if you have any questions.
I hope this helps.
