MS Graph API To pull records

Darren22 · ‎09-08-2020

Good morning,

I am currently on the journey to integrate inTune with ServiceNow. Part of this integration requires me to pull everyones UserID from AAD and import that into our sys_user table. The import matches onPremiseSamAccountName and then updates the users record with the AAD user ID.

The API GET message I am currently using is,

https://graph.microsoft.com/v1.0/users?$top=999&$select=id,onPremisesSamAccountName

When I first used the get message I would only pull back 100 records as this is apparently the default, so a $top=999 was also included to take that to 999 records as this appears to be the max.

We have more than 999 users so has anyone come across this issue before and how did they resolve the issue?

Darren22 · ‎09-28-2020

I have finally managed to get a script working that allows me to pull all records from AAD and bypass the 999 record limit.

Some things I found that really helped me get to the point below

The end points have to be dynamic as it will need to change through every cycle in the WHILE loop. So I decided to set it from within the script instead.

I added message logs so I could keep track on how many cycles through the WHILE loop it did.

Its important that you redefine the nextPage variable in the WHILE loop to nextLink URL or else you'll pull back the same page and forever be in a loop - Yes I did that

I don't know if the below script is the best way to achieve the desired results but it does work. It might give you something to build on because currently I cant find anything out there.

SIDE NOTE: When you import the records it seems to create an import set per record which I havent looked into yet. I don't like that it does that but thats another issue for another day.

try {
var r = new sn_ws.RESTMessageV2('Intune - AAD - Get users details', 'GET');
r.setEndpoint('https://graph.microsoft.com/v1.0/users?$top=999&$select=id,onPremisesSamAccountName');
var response = r.execute();

var jsonString = response.getBody();
var parser = new JSONParser();
var parsed = parser.parse(jsonString);
var nextPage = parsed['@odata.nextLink'];
var count = 0;

gs.log('BEFORE FOR LOOP', 'worflow');

for(i = 0; i < parsed.value.length; i++){
var user = new GlideRecord('u_azure_user_integration');
user.initialize();

user.u_id = parsed.value[i].id;
user.u_onpremisessamaccountname = parsed.value[i].onPremisesSamAccountName;
user.insert();
}

gs.log('BEFORE WHILE', 'worflow');

while(nextPage.indexOf("$skiptoken")){ //This continues the loop until no nextLink is sent with response
var q = new sn_ws.RESTMessageV2('Intune - AAD - Get users details', 'GET');
q.setEndpoint(nextPage);
var response1 = q.execute();

var jsonString1 = response1.getBody();
var parser1 = new JSONParser();
var parsed1 = parser1.parse(jsonString1);

nextPage = parsed1['@odata.nextLink'];
count++;

gs.log('CYCLE 1', 'worflow');

for(i = 0; i < parsed1.value.length; i++){

var user1 = new GlideRecord('u_aad_user_import');
user1.initialize();

user1.u_id = parsed1.value[i].id;
user1.u_onpremisessamaccountname = parsed1.value[i].onPremisesSamAccountName;
user1.insert();

}
}
}
catch(ex) {
var message = ex.message;
}

I hope this helps someone. I also have other information that has really helped me with Graph so if you need a hand let me know...

View solution in original post

Heiko Bllr · ‎10-28-2020

Hi Darren,

nice article. You were mentioning MS Graph but ended up with the REST API instead, right?

I need to import AAD groups and probably also the members to ServiceNow, I guess I could also use the Azure AD REST API. What would be the REST message I need to configure? Would be nice if you could put me in the right direction...

I also need to create guest invitations in Azure AD and add those guest accounts to groups. How could I create such guest accounts if MS Graph (Guest invitation API) cannot be used, any idea?

I'm on Orlando right now.

Thanks in advance,

Heiko

Darren22 · ‎10-28-2020

Hi Heiko,

Thanks for the response. You are correct that when speaking about Graph API I do mean Rest Messages like GET or POST.

Which tables are you looking to have this information reside in?

So to get all groups you would be needing to use a GET message something along the lines of,

GET https://graph.microsoft.com/v1.0/groups

So your endpoint would just be the URL without GET

This is going to get all your default groups from your AAD. I am assuming however that you already have registered your application and that the permissions have been correctly set (LINK TO PERMISSIONS NEEDED) - If you need a hand with that I can help you with that as well.

Once I have a response of 200 and a list of groups I would then be looking to place those group somewhere. Where are you planning on putting the groups? groups table or custom table?

Have you worked with Graph API before or is this your first time?

Remember if you have more than 1000 groups you will need to us a while loop.

Heiko Bllr · ‎10-29-2020

Hi Darren,

thanks a lot for your fast response.

No I never worked with Graph API before. We wanna load the AAD groups into sys_user_group with a new group type such as aadgroup. we already have "adgroup" type for groups we load from onPremise AD.

AAD groups will be a couple 1000 I would say. So much less than from the onPremAD.

We have not registered the application yet, I am gonna setup the connection with AAD early next week. I assume if we just follow the ServiceNow documentation we can manage it.

We would need to filter the groups I want to load, because we dont need all I believe.

For maintaining group memberships and also creating/deleting groups I intend to use the Azure AD spoke of the Integration hub, also my first time 🙂

Best regards,

Heiko

servicenow_live · ‎08-17-2021

Check this Community link to Integrate Microsoft Azure AD – Graph API to ServiceNow

https://community.servicenow.com/community?id=community_article&sys_id=62f47fe9db71fc547d3e02d5ca9619f5