info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Azure AD CRUD operations via TDI
78 views
Skip to first unread message
Jared Roberts
Mar 22, 2021, 2:00:58 AM3/22/21
to
Hey gang. Has anyone attempted to create, read, update, delete users and/or groups from Azure AD via REST ?
I am specifically interested in synching Domino groups to Azure AD via TDI/SDI.
I think (in theory) it could be done via REST api.
https://docs.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http
but alas I am not a developer so I am stuck for validating my theory. cheers. Jared
I am specifically interested in synching Domino groups to Azure AD via TDI/SDI.
I think (in theory) it could be done via REST api.
https://docs.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http
but alas I am not a developer so I am stuck for validating my theory. cheers. Jared
Eddie Hartman
Mar 22, 2021, 1:18:09 PM3/22/21
to
If there is a REST API available to do this, then yes it is possible. If you'd like to experiment with this together, please let me know and we can do a screen share. You can reach me at eddie (at) agilitar.com
/Eddie
Jared Roberts
Mar 22, 2021, 11:03:34 PM3/22/21
to
That sounds great mate thank you.... I'll hit you up via the website!
Franzw
Mar 23, 2021, 2:46:57 AM3/23/21
to
On Tuesday, March 23, 2021 at 4:03:34 AM UTC+1, jazzar...@gmail.com wrote:
> That sounds great mate thank you.... I'll hit you up via the website!
Just a warning of the general concept of syncing groups - this always sounds easy - but membership is not standardized across registries/ldap server as this is not covered by the standards. So there may be some few borderline cases that requires some extra complex work to function...
> That sounds great mate thank you.... I'll hit you up via the website!
But if you get help from Eddie you should be safe - he is the best :-)
Regards
Franz Wolfhagen
Jared Roberts
Mar 23, 2021, 7:28:35 PM3/23/21
to
Excellent advice - thank you.
I do have a pretty complex AL that synchronises Domino groups to AD at the moment.
TDI handles a lot of the business rules, translation, validation etc.
it works great for AD.
Looking to send the same “package” of group creation/membership/owners etc to Azure.
For many reasons the customer is not synching the AD groups on premise to Azure AD - so I gotta try and do it this way.
Basically ingest the Domino groups... apply all of our logic and translation and feed the result to AD and Azure AD :-)
I do have a pretty complex AL that synchronises Domino groups to AD at the moment.
TDI handles a lot of the business rules, translation, validation etc.
it works great for AD.
Looking to send the same “package” of group creation/membership/owners etc to Azure.
For many reasons the customer is not synching the AD groups on premise to Azure AD - so I gotta try and do it this way.
Basically ingest the Domino groups... apply all of our logic and translation and feed the result to AD and Azure AD :-)
Jared Roberts
Apr 28, 2021, 10:19:41 PM4/28/21
to
I've got further with this with my customer...
They figured out how to use the REST API for M365 groups, they used PostMan to test CRUD operations...
https://docs.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0
We then translated this into SDI using HTTP Connectors.
First Connector does auth (that was the most difficult part to work out) then we construct a json package to be sent to M365 with a HTTP POST.
At the moment I have to re-work some logic to deal with nested groups in Domino as they aint supported in M365 (for non-security groups), these nested groups from Domino are being synched to AD on-prem just fine.
I'm doing this by using an LDAP Group Members connector, then using an Attribute Loop to retrieve the UUID of members from M365 using email address.
....more to come!... be happy to share my solution once I've figured it out.
They figured out how to use the REST API for M365 groups, they used PostMan to test CRUD operations...
https://docs.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0
We then translated this into SDI using HTTP Connectors.
First Connector does auth (that was the most difficult part to work out) then we construct a json package to be sent to M365 with a HTTP POST.
At the moment I have to re-work some logic to deal with nested groups in Domino as they aint supported in M365 (for non-security groups), these nested groups from Domino are being synched to AD on-prem just fine.
I'm doing this by using an LDAP Group Members connector, then using an Attribute Loop to retrieve the UUID of members from M365 using email address.
....more to come!... be happy to share my solution once I've figured it out.
Franzw
Apr 29, 2021, 9:31:37 AM4/29/21
to
Regards
Franz Wolfhagen
Eddie Hartman
Apr 30, 2021, 11:03:41 AM4/30/21
to
Let me know if you want to have a conversation about this. I can show you how to move the collection of HTTP Client connectors into a single scripted Connector - to make your ALs simpler :9
/e
/e
0 new messages