从Microsoft图形获取域\用户名 [英] Get domain\username from microsoft graph

问题描述

我们有一个应用程序，用于存储用户登录名，格式为domain\username.我们通过Windows进行身份验证，然后通过将我们从用户获得的domain\username与我们的数据库进行匹配，从数据库中获取其他信息.

We have an application where we store users login name in the format domain\username. We authenticate via windows and then get additional info from our database by matching the domain\username we get from the user to our database.

现在，他们想迁移到云端.我们通过Azure AD中的应用对用户进行身份验证.但是，我们返回的user标识符是first.last@domain.com.

Now they want to move to the cloud. We authenticate users via apps in Azure AD. However, the user identifier we get back is first.last@domain.com.

我摆弄了https://graph.microsoft.com/v1.0/users/email和select命令来尝试获得旧"名称.但是，我还没有找到如何获得它的方法.

I have fiddled around with https://graph.microsoft.com/v1.0/users/email and the select command to try and get the 'old' name. Howev,er I have not yet found out how to get it.

它们迁移到云中的原因是它们正在合并两个AD.因此，某些用户将是DomainA和某些DomainB，但位于同一租户中.所以我首先想到的是尝试将邮件转换为其他格式.但是，两个不同的AD具有不同的命名标准.一个具有DOMAINA\fila(名字中的两个首字母和姓氏中的两个首字母)，另一个具有DOMAINB\firlas.尝试以这种方式解决它也很丑陋.

The reason they move to the cloud is that they are merging two ADs. So some users will be DomainA and some DomainB, but in the same tenant. So my first thought was to try and convert the mail to the other format. However, the two different ADs have different naming standards. One has DOMAINA\fila (two first letters from the first name and two first letters from the last name) and the other one has DOMAINB\firlas. Also it feels really ugly to try and solve it that way.

是否可以通过Microsoft Graph获取格式为domain\username的用户登录名?

Is it possible to fetch the users loginname formatted as domain\username via Microsoft Graph?

推荐答案

使用Graph的beta版本，您可以从onPremisesDomainName和onPremisesSamAccountName属性获取用户的域和用户名:

Using the beta edition of Graph, you can obtain the user's domain and username from the onPremisesDomainName and onPremisesSamAccountName properties:

/beta/users?$select=userPrincipalName,onPremisesDomainName,onPremisesSamAccountName

该域存储为FQDN，因此您需要进行一些翻译.例如，domainName.ad.contoso.com可能会转换为domainName\).

The domain is stored as a FQDN so you'll need to do some translation. For example, domainName.ad.contoso.com might translate to domainName\).

这将为您提供一种解决方法，以便您可以将用户与内部数据库进行匹配.但是，这只是一个临时解决方案.长期而言，您确实想使用userPrincipalName进行迁移.这是主要的用户标识符，并保证在给定的租户中唯一.

This will give you a workaround so you can match up users with your internal databases. It is however only a temporary solution. Long-term, you really want to migrate to using the userPrincipalName. This is the primary user identifier and guaranteed to be unique within a given tenant.

Azure AD与旧版Active Directory有所不同.传统AD中的某些概念，例如组织单位(OU)，组策略对象(GPO)，Kerberos身份验证，轻型目录访问协议(LDAP)，多个域之间的域信任以及其他几个概念，在云中根本就不存在.

Azure AD is a little different than the legacy Active Directory. Certain concepts from legacy AD such as Organizational Units (OUs), Group Policy Objects (GPOs), Kerberos Authentication, Lightweight Directory Access Protocol (LDAP), Domain trusts between multiple domains, and several others simply do not exist in the cloud.

这篇关于从Microsoft图形获取域\用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！