Why does the Graph API OData metadata only contain directoryObjects collection and not the more specific users, groups, roles, etc. collections? RRS feed

  • Question

  • I'm using the AAD Graph API and I noticed that when I import the OData metadata from the API and generated proxies, the high level service only has a directoryObjects collection and not the other more specific collections that the API provides like users, groups, roles, etc. 

    I'm using Java with Olingo so I can't use the Azure Active Directory Client Library. I also tried using the metadata with WCF Data Services 5.6 in Visual Studio and also saw that it only generates the directoryObject collection too.

    Is there a reason why the metadata doesn't expose these other collections even though they are clearly accessible as per the Graph API documentation?

    Wednesday, September 3, 2014 10:19 PM

All replies

  • Hi Mark,

    We are discussing this with the Active Directory team and would require some time to get backto you with an appropriate answer.
    We appreciate your patience and regret the inconvenience caused.


    Thursday, September 4, 2014 11:18 AM
  • This is even more problematic than I thought as directoryObjects does not support doing a GET to get all items e.g. using Graph Explorer I tried to get the objects using the URL https://graph.windows.net/GraphDir1.OnMicrosoft.com/directoryObjects and got returned the following message:

    { "Status Code" : "BadRequest", "Description" : "The remote server returned an error: (400) Bad Request.", "Response" : "{"odata.error":{"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"Searches against this resource are not supported. Only specific instances can be queried."}}}" }

    Filtering by a specific type also produces a failure e.g. using the URL https://graph.windows.net/GraphDir1.OnMicrosoft.com/directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.User got the following error message:

       "Status Code" : "BadRequest",
       "Description" : "The remote server returned an error: (400) Bad Request.",
       "Response" : "{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid object identifier 'Microsoft.WindowsAzure.ActiveDirectory.User'."}}}"

    According to the metadata, Microsoft.WindowsAzure.ActiveDirectory is the correct name space for all the objects in the Graph API:

    <Schema xmlns="http://schemas.microsoft.com/ado/2009/11/edm" Namespace="Microsoft.WindowsAzure.ActiveDirectory">

    and it works when I access a specific object in directoryObjects.

    As far as I can tell there is no way with the current metadata to get all the users, groups, etc. without having the above failures.

    All of these would be solved if the other collections were exposed in the metadata as they should be.

    Friday, September 5, 2014 6:45 PM
  • Any answer from the product team on this yet?
    Tuesday, September 9, 2014 4:56 PM
  • It's been well over a month and reply still. What did the product team say about this?
    Monday, October 20, 2014 6:59 PM
  • Not sure if it helps in this instance but I was confused by the "Searches against this resource are not supported. Only specific instances can be queried." error.  Ensuring that the deltaLink GET parameter is provided (even if empty) worked for me.
    Wednesday, December 10, 2014 7:04 AM
  • Any updates? I have same problem
    Thursday, December 18, 2014 10:21 AM
  • Can you show your request url? Thanks
    Thursday, December 18, 2014 10:36 AM
  • Still an issue in API version 1.6 as of today with Client code generated by "OData Connected Service" v0.3.0 in Visual Studio 2017
    Friday, July 13, 2018 7:54 PM
  • I would suggest you create new MSDN forum thread with more details about your issue/query.
    Friday, July 27, 2018 2:56 AM