Skip to content

🪲 Get-EntraUserExtension isn't on par with old Get-AzureADUserExtension equivalent #1435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
NuAlex opened this issue Apr 2, 2025 · 2 comments · May be fixed by #1451
Open

🪲 Get-EntraUserExtension isn't on par with old Get-AzureADUserExtension equivalent #1435

NuAlex opened this issue Apr 2, 2025 · 2 comments · May be fixed by #1451
Assignees
@SteveMutungi254
Labels
bug Something isn't working enhancement New feature or request
Milestone
EntraPowerShell-M...

Comments

@NuAlex
Copy link

NuAlex commented Apr 2, 2025

Summary

The Get-EntraUserExtension cmdlet isn't as user friendly as the old Get-AzureADUserExtension was.

Description

With Get-EntraUserExtension I need to force the output of the extension by explicitly calling the attribute name, which requires me to know the attribute name first.
It behaves the same way as the Get-EntraUser without any value added.

Reproduce

Steps to reproduce the behavior:

  1. Call Get-EntraUserExtension for a user:
$u1 = 'cabb1187-6885-45ee-879b-d87ff47213e9' 
Get-EntraUserExtension -UserId $u1 | fl *

Result - No extension attribute is returned:

identities                  : {@{signInType=userPrincipalName; issuerAssignedId=SyncedUserCloudMbx1@Contoso.com; issuer=Contoso.onmicrosoft.com}}
onPremisesDistinguishedName : CN=SyncedUserCloudMbx1,OU=AADC01,OU=Sync,DC=Contoso,DC=com
employeeId                  : 
@odata.context              : https://graph.microsoft.com/v1.0/$metadata#users(identities,onPremisesDistinguishedName,employeeId,createdDateTime)/$entity
createdDateTime             : 5/19/2022 21:21:09
userIdentities              : {@{signInType=userPrincipalName; issuerAssignedId=SyncedUserCloudMbx1@Contoso.com; issuer=Contoso.onmicrosoft.com}}
  1. Call Get-EntraUserExtension for a user, but specifying an extension attribute:
Get-EntraUserExtension -UserId $u1 -Property extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber | fl *

Result - Extension attribute is returned:

@odata.context                                       : https://graph.microsoft.com/v1.0/$metadata#users(extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber)/$entity
extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber : 1234
userIdentities
  1. The normal Get-EntraUser cmdlet can produce the same output, which defeats the purpose of having a Get-EntraUserExtension in first place:
Get-EntraUser -ObjectId $u1 -Property extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber | fl extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber

Result - Extension attribute is returned:

extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber : 1234
  1. What if I don't know the Extension attribute name? - Here's what I need to do with some creativity (not sure if this is the best way though):
$userID = 'cabb1187-6885-45ee-879b-d87ff47213e9'
[string] $extensions = "Id,UserPrincipalName,"
$extensions += (Get-MgDirectoryObjectAvailableExtensionProperty | Where-Object {$_.IsSyncedFromOnPremises -eq $true} | Select-Object -ExpandProperty Name) -join ','
[string] $baseUri = 'https://graph.microsoft.com/v1.0/users/'
[string] $uri = $baseUri + $userID + '?$select=' + $extensions
Invoke-MgGraphRequest -Method GET -Uri $uri | ft Name,Value

Result

Name                                                 Value
----                                                 -----
userPrincipalName                                    SyncedUserCloudMbx1@Contoso.com
id                                                   cabb1187-6885-45ee-879b-d87ff47213e9
extension_2a9d32bee4ce4b8a8152c9f73c96924d_gidNumber 1234
@odata.context                                       https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,extension_2a9d32bee4ce4b8a8152c9f73c96924d_nuAlexStringTest,extension_2a9d32bee4ce4b8a8152c9f73c96924d_nuAlexStringMultiValued,e…

Expected behavior

The cmdlet should output the extension properties the object have, by default and having to specify the attribute name.

Debug Output

Get-EntraUserExtension -UserId $u1 -debug
DEBUG: ============================ TRANSFORMATIONS ============================
DEBUG: Uri : https://graph.microsoft.com/v1.0/users/cabb1187-6885-45ee-879b-d87ff47213e9/?$select=Identities,OnPremisesDistinguishedName,EmployeeId,CreatedDateTime
DEBUG: =========================================================================

DEBUG: GET /v1.0/users/cabb1187-6885-45ee-879b-d87ff47213e9/?$select=Identities,OnPremisesDistinguishedName,EmployeeId,CreatedDateTime HTTP/1.1
HTTP: graph.microsoft.com
User-Agent: PowerShell/7.5.0 EntraPowershell/1.0.5 Get-EntraUserExtension


DEBUG: GET https://graph.microsoft.com/v1.0/users/cabb1187-6885-45ee-879b-d87ff47213e9/?$select=Identities,OnPremisesDistinguishedName,EmployeeId,CreatedDateTime
HTTP/2.0 200 OK
Cache-Control: no-cache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 19f7dbfe-14df-4c3c-ade7-f13c1eb794b7
client-request-id: 7a671d38-c4a5-4a5d-b893-413ee4a74145
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US 2","Slice":"E","Ring":"4","ScaleUnit":"001","RoleInstance":"MW2PEPF00011F88"}}
x-ms-resource-unit: 1
odata-version: 4.0
Date: Wed, 02 Apr 2025 02:05:42 GMT
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
Content-Encoding: gzip

{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users(identities,onPremisesDistinguishedName,employeeId,createdDateTime)/$entity","onPremisesDistinguishedName":"CN=SyncedUserCloudMbx1,OU=AADC01,OU=Sync,DC=Contoso,DC=com","employeeId":null,"createdDateTime":"2022-05-19T21:21:09Z","identities":[{"signInType":"userPrincipalName","issuer":"Contoso.onmicrosoft.com","issuerAssignedId":"SyncedUserCloudMbx1@Contoso.com"}]}

identities                  : {@{signInType=userPrincipalName; issuerAssignedId=SyncedUserCloudMbx1@Contoso.com; issuer=NuAContosolex.onmicrosoft.com}}
onPremisesDistinguishedName : CN=SyncedUserCloudMbx1,OU=AADC01,OU=Sync,DC=Contoso,DC=com
employeeId                  : 
@odata.context              : https://graph.microsoft.com/v1.0/$metadata#users(identities,onPremisesDistinguishedName,employeeId,createdDateTime)/$entity
createdDateTime             : 5/19/2022 21:21:09
userIdentities              : {@{signInType=userPrincipalName; issuerAssignedId=SyncedUserCloudMbx1@Contoso.com; issuer=Contoso.onmicrosoft.com}}
Debug Output

Module Version

get-module Microsoft.Entra -ListAvailable

    Directory: D:\Users\NuAlex\Documents\PowerShell\Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Script     1.0.5                 Microsoft.Entra                     Core,Desk Enable-EntraAzureADAlias
Manifest   1.0.1                 Microsoft.Entra                     Core,Desk

Environment Data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.5.0
PSEdition                      Core
GitCommitId                    7.5.0
OS                             Microsoft Windows 10.0.26100
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Screenshots

Additional context
@SteveMutungi254 SteveMutungi254 linked a pull request Apr 23, 2025 that will close this issue
[Bug fix 1435] Get-EntraUserExtension #1451
Open
@SteveMutungi254 SteveMutungi254 added bug Something isn't working enhancement New feature or request and removed ToTriage labels Apr 23, 2025
@SteveMutungi254 SteveMutungi254 self-assigned this Apr 23, 2025
@SteveMutungi254
Copy link
Contributor

Thank you, @NuAlex, for bringing this up. I’ve started addressing it in this PR - #1451

@SteveMutungi254
Copy link
Contributor

SteveMutungi254 commented Apr 24, 2025
edited
Loading

Adding additional context as part of repro exercise:

`PS C:\Users\USER> Get-AzureADUserExtension -ObjectId ec5813fb-xxx-4a33-a014-b55ffee3662b

Key Value

odata.metadata https://graph.windows.net/bce79735-xxxx-4f8d-b8dd-74f5dc0c5ed7/$metadata#directoryObjects/@Element
odata.type Microsoft.DirectoryServices.User
createdDateTime 3/7/2024 3:10:31 AM
employeeId EK4002
onPremisesDistinguishedName
userIdentities []
extension_d2ba83696c3f45429fbabb363aexxxx_TestAttributeName Survey.Report`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SteveMutungi254 SteveMutungi254

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
EntraPowerShell-May-2025-Clickstop
Development

Successfully merging a pull request may close this issue.

[Bug fix 1435] Get-EntraUserExtension microsoftgraph/entra-powershell
2 participants
@NuAlex @SteveMutungi254