Query users - Azure Active Directory. Error with On Premise Sam Account Name

Question

I am getting an error when using the “On Premise Sam Account Name” field in conditions.
Error is : Unsupported or invalid query filter clause specified for property 'onPremisesSamAccountName' of resource 'User'.

When testing this in Postman (or MS Graph explorer) I am able to get it to work but it needs some modification from a basic command or it gets the same Error. What needs to happen in the GET command is “$count=true” needs to be added and and in request headers key “ConsistencyLevel” with value “eventual” must be added.

So my questions:

can the default Azure Active Directory Query Users activity be use the “On Premise Sam Account Name” field in conditions? Maybe I am missing something.
Should I try to just use “Call a Web Service” and customize it to GET from AAD?

This is how it is setup now.

cecilia-penha · Accepted Answer

Hi @Scottg,You’re not missing anything. The Microsoft Graph API just don’t work the same with On-Premise properties conditions parameters.I will not recommend to use the action “Call a web service” as it is not secure.I recommend to use Nintex Xtensions to get the API requestas an action which is more secure as then the connection authentication will beencrypted.1- Create the Xtensions : Below the swagger file I created specifically for that API request “/users?$count=true&$filter=onPremisesSamAccountName eq '{onPremisesSamAccountName}'”. {    "swagger": "2.0",    "info": {        "version": "1.0.0",        "title": "MS Graph API - Get Users By On Premise SAM AC",        "description": "MS Graph API - Get Users By On Premise SAM AC",        "contact": {            "email": "cecilia.penha@nintex.com"        }    },    "host": "graph.microsoft.com",    "basePath": "/v1.0/",    "schemes": [        "https"    ],    "x-ntx-render-version" : 2,    "securityDefinitions": {        "oauth2": {            "type": "oauth2",            "flow": "accessCode",            "authorizationUrl": "https://login.microsoftonline.com/{{tenant}}/oauth2/v2.0/authorize",            "tokenUrl": "https://login.microsoftonline.com/{{tenant}}/oauth2/v2.0/token",            "scopes": {"https://graph.microsoft.com/.default": "all the application permissions you have configured for your app"            },            "x-ntx-connection-properties": {"type": "object","properties": {"tenant": {"type": "string","title": "Directory tenant","description": "This can be GUID or friendly name user"}},"required": ["tenant"]}        }     },    "security": [        {            "oauth2": [                "https://graph.microsoft.com/.default"            ]        }    ],    "paths": {        "/users?$count=true&$filter=onPremisesSamAccountName eq '{onPremisesSamAccountName}'": {            "get": {                "summary": "Get Users By On Premise SAM Account Name",                "description": "Get Users By On Premise SAM Account Name",                "operationId": "getUsersByOnPremiseSAMAccountName",                "parameters": [                    {                        "$ref": "#/parameters/OnPremiseSAMAccountName"                    },                    {                        "$ref": "#/parameters/ConsistencyLevel"                    }                                                        ],                "responses": {                    "200": {                        "description": "OK",                        "schema": {                            "$ref": "#/definitions/users"                        }                    }                }            }        }    },    "parameters": {        "OnPremiseSAMAccountName": {            "name": "onPremisesSamAccountName",            "x-ntx-summary": "On Premises SAM Account Name",            "type": "string",            "in": "path",            "required": true        },        "ConsistencyLevel": {            "name": "ConsistencyLevel",            "x-ntx-summary": "Consistency Level",            "type": "string",            "in": "header",            "x-ntx-visibility": "internal",            "x-ntx-initial": true,            "default": "Eventual",            "required": true        }    },    "definitions": {        "users": {            "x-ntx-summary": "Users",            "additionalProperties": false,            "type": "object",            "properties": {                "@odata.context":{                    "x-ntx-summary": "OData Context",                    "type": "string"                                   },                "@odata.nextLink":{                    "x-ntx-summary": "OData Next Link",                    "type": "string"                                   },                "value": {                    "x-ntx-summary": "Users",                    "additionalProperties": false,                    "type": "array",                    "items": {                      "$ref": "#/definitions/user"                    }                }            }        },        "user": {            "type": "object",            "additionalProperties": false,            "x-ntx-summary": "",            "properties": {                "id": {                    "type": "string",                    "x-ntx-summary": "Id",                    "description": "User ID"                },                "displayName": {                    "type": "string",                    "x-ntx-summary": "Display Name"                },                "givenName": {                    "type": "string",                    "x-ntx-summary": "Last Name"                },                "surname": {                    "type": "string",                    "x-ntx-summary": "First Name"                },                "jobTitle": {                    "type": "string",                    "x-ntx-summary": "Job Title"                },                "mail": {                    "type": "string",                    "x-ntx-summary": "Email"                },                "userPrincipalName": {                    "type": "string",                    "x-ntx-summary": "User Principal Name"                },                "mobilePhone": {                    "type": "string",                    "x-ntx-summary": "Mobile Phone"                },                "officeLocation": {                    "type": "string",                    "x-ntx-summary": "Office Location"                },                "businessPhones": {                    "type": "array",                    "x-ntx-summary": "Business Phone",                    "items": {                        "$ref": "#/definitions/phone"                    }                }            }        },        "phone": {            "type": "object",            "additionalProperties": false,            "x-ntx-summary": "",            "properties": {                "phone": {                    "type": "string",                    "x-ntx-summary": "Phone",                    "description": "Phone"                }            }        },        "groups": {            "x-ntx-summary": "Groups",            "additionalProperties": false,            "type": "array",            "items": {              "$ref": "#/definitions/group"            }        },        "group": {            "type": "object",            "additionalProperties": false,            "x-ntx-summary": "",            "properties": {                "id": {                    "type": "string",                    "x-ntx-summary": "Id",                    "description": "Group ID"                },                "created": {                    "type": "string",                    "x-ntx-summary": "Created"                },                "displayName": {                    "type": "string",                    "x-ntx-summary": "Display Name"                },                "description": {                    "type": "string",                    "x-ntx-summary": "Description"                },                "mailEnabled": {                    "type": "boolean",                    "x-ntx-summary": "Email Enabled"                },                "mail": {                    "type": "string",                    "x-ntx-summary": "Email"                },                "visibility": {                    "type": "string",                    "x-ntx-summary": "Visibility",                    "enum": ["Public","Private"]                },                "mobilePhone": {                    "type": "string",                    "x-ntx-summary": "Mobile Phone"                },                "officeLocation": {                    "type": "string",                    "x-ntx-summary": "Office Location"                },                "businessPhones": {                    "type": "array",                    "x-ntx-summary": "Business Phone",                    "items": {                        "$ref": "#/definitions/phone"                    }                }            }        }    }}On Nintex Automation Cloud, add an Xtension and upload the OpenAPI specification file :Then specifiy the client ID and client Secret (as it rely on Azure AD App registration with the right permissions to Users API) :Then specify connector details :2- Create the connectionand specify the AzureAD Tenant ID and publish. This will start the OAuth authorization.Once the connection is created you can implement the action within any workflows as shown below :I have 2 users with “james.bond” SAM Account name but only 1 on-premise as retrieved above.I useNintex Xtensions quite often to extend the native connectors and for any external OpenAPI.Hope that helps !