How to get and set Manager Attribute for a Windows Azure AD User using Graph API

August 28, 2013
By admin

Windows Azure AD Graph provides programmatic access to Windows Azure Active Directory (AD) through REST API endpoints. Using Windows Azure AD Graph API developers can execute create, read, update, and delete (CRUD) operations on Windows Azure AD objects such as users and groups.

REST API endpoints.

Windows Azure AD Graph exposes REST endpoints so that developers can consume it in their applications. Windows Azure AD Graph conforms to OData v3 protocol, which makes it possible to consume from any modern development platform and application architecture, ranging from mobile devices to Office 365 extensions.

Windows Azure AD Authentication.

In order to execute any of the operations available through Windows Azure Graph, the client needs to be authenticated first. Windows Azure AD Graph relies on Windows Azure AD for authentication. Windows Azure AD federates with Windows Azure Active Directory and serves as a Security Token Service (STS) for client requests.

You can downlaod sample MVC .NET application that demonstrates how to access directory tenant data from Windows Azure AD using the Graph API.

MVC Sample Application for Windows Azure AD Graph API

To open this application, you need to have Microsoft Visual Studio 2012, This is already configured with demo company Graph API access endpoint. To create Graph API access endpoint for your Office365 tenant or Azure AD tenant. You can follow my earlier post “Windows Azure Active Directory: Using the Graph API with an Office 365 Tenant” to create the access endpoint. See the sample Graph API access endpoint below that you can create using Powershell CmdLets or Windows Azure Management Portal. ┬áTo get the access of Windows Azure Management Portal, you have to get the Azure Subscription. Those who has Azure subscription can use Windows Azure Management Portal to create access endpoint and those who has Office365 tenant subscription can use Powershell CmdLets to create access point.

Setting Graph API access endpoint in Web.config

<add key=”TenantDomainNamevalue=”yourdomainname.onmicrosoft.com“/>

<add key=”AppPrincipalIdvalue=”7829c758-2bef-43df-a655-718089474545“/>

<add key=”Passwordvalue=”FStnXT1QON84B5o38aEmFdlNhEnYtzJ91Gg/JH/Jxiw=“/>

To create above details using Powershell, you can follow my earlier blog post. Using Graph API sample application, you can perform the CRUD (Create, Read, Update and Delete) on Azure AD Users and Groups. But few functionality is not available, you have to implement those functionality. Here one of the very useful functionality like setting and getting User Manager is not implemented in Sample application.

Now let us have a look, how to Set and Get User Manager

//Set Manager Attribute of an User

        public void SetUserManager(User user, User manager)
        {
            try
            {
                DirectoryService.SetLink(user, "manager", manager);
                DirectoryService.SaveChanges();
            }
            catch (Exception)
            {
                throw;
            }
        }
        //Get User Manager by loading Manager attribute of an User
        public User GetUserManager(string strUserDisplayName)
        {
            User user = new User();
            User manager = new User();

            DirectoryObject directoryObject;

            try
            {
                user = DirectoryService.users.Where(it =&gt; (it.displayName ==
                       strUserDisplayName)).SingleOrDefault();

                DirectoryService.LoadProperty(user, "manager");
                directoryObject = user.manager;

                manager = DirectoryService.users.Where(it =&gt; (it.objectId ==
                          directoryObject.objectId)).SingleOrDefault();
            }
            catch (Exception)
            {
                throw;
            }

            return manager;
        }

Leave a Reply