Trying to get Azure AD onPremisesSamAccountName from Microsoft using oAuth and REST

Question

When I attempt to retrieve the sAMAccountName from Azure AD via Microsoft Graph and oAuth, the attribute is not returned.

I am trying to retrieve the onPremisesSamAccountName through oAuth from Microsoft Graph on my Azure AD tenant. My local domain syncs with Azure, and I have selected the sAMAccountName directory extension for syncing. However, when I make my GET request to the Graph REST URI, I get back the correct user object, but I don't get back the onPremisesSamAccountName.

Here is my request:

https://graph.windows.net/myorganization/users/user@domain.com?api_version=1.6

That request returns the user object with a truckload of properties. When I try the following (in the hopes of "$select"ing the field, Microsoft returns the metadata URL--which actually contains the onPremisesSamAccountName property definition.

https://graph.windows.net/myorganization/users/user@somain.com?api-version=1.6&$select=onPremisesSamAccountName

Am I not formatting my query correctly? In the Azure AD portal, I have the following API permissions specified:

Answer 1

You can use Microsoft Graph API to get onPremisesSamAccountName property. Here is the Microsoft Graph explorer.

https://graph.microsoft.com/v1.0/users/{userObjectId}?$select=onPremisesSamAccountName

By the way, the permissions you granted are Microsoft graph api permissions, not Azure AD graph api permissions. Azure AD graph is different from Microsoft Graph. It is recommended to use Microsoft Graph API.