Post /GetAllSearchAdvanced

Send a POST request to the GetAllSearchAdvanced() method on the GroupView object to return information about one or more groups. The information included in the response depends on the range of group properties and parameter values included in the request.

A valid OAuth 2.0 Bearer token is required.

URL

Code Block
POST https://<FQDN_Of_Your_EmpowerID_Web_Server>/api/webui/v1/GroupView/GetAllSearchAdvanced

Header Key/Value Pairs

Key	Value
Authorization	Bearer <access_token>
X-EmpowerID-API-Key	The API key from the registered OAuth application
Content-Type	application/json

Request Body

The body of the request must include all parameters required by the method and the IncludedProperties object with at least one group property.

Included Properties

Use IncludedProperties to return one or more group properties.

Body Parameters

The GetAllSearchAdvanced() method includes a number of parameters that must be included in the body or the request. Use parameters to filter the number of accounts groups returned by the endpoint.

Expand

title	View Parameters

AccountStoreID

int

Return all groups with a matching account store ID
Set to null to ignore
Required

SecurityBoundaryID

int

Set to the ID of the Security Boundary to return groups with a matching Security Boundary ID
Set to null to ignore
Required

SecurityBoundaryTypeID

int

Set to the ID of the Security Boundary Type to return groups with a matching Security Boundary Type ID
Set to null to ignore
Required

Expand

title	View Security Boundary Type IDs

Insert excerpt

	IL:Security Boundary Types
	IL:Security Boundary Types
nopanel	true

GroupTypeID

int

Return all groups with a matching Group Type ID
Set to null to ignore
Required

GroupUsageTypeID

int

Return groups with a matching Group Usage Type ID
Set to null to ignore
Required

ResourceTypeID

int

Return groups with a matching Resource Type ID
Set to null to ignore
Required

IsEmpty

Boolean

Return empty groups
Set to null to ignore
Required

IsMailEnabled

Boolean

Return mail-enabled groups
Set to null to ignore
Required

IsHighSecurityGroup

Boolean

Return groups marked as high security
Set to null to ignore
Required

HideInEmpowerID

Boolean

Return groups hidden in EmpowerID
Set to null to ingore
Required

OrgZoneID

int

Return groups with a matching OrgZone ID
Set to null to ignore
Required

AccountStoreUsageTypeID

int

Return groups with a matching Account Store Usage Type ID
Set to null to ignore
Required

ITEnvironmentTypeID

Boolean

Return groups with a matching IT Environment Type ID
Set to null to ignore
Required

EligibilityAssigneeID

GUID

Return groups with a matching Eligibillity Assignee ID
Set to null to ignore
Required

EligibilityTypeID

int

Return groups with a matching Eligibility Type ID
Set to null to ignore
Required

RbacAssignedToAssigneeID

GUID

Return groups with a matching Rbac Assigned to Assignee ID
Set to null to ignore
Required

TCode

Set to null to ignore
Required

IsAssignable

Boolean

Return groups marked as assignable
Set to null to ignore
Required

ReferencePersonID

GUID

Return groups where the person identified by the ReferencePersonID is a member
Set to null to ignore
Required

OwnerPersonGUID

GUID

Return groups where the person identified by the GUID is the owner
Set to null to ignore
Required

AzGlobalFunctions

String

Return groups with the referenced global functions
Set to null to ignore
Required

ProtectedApplicationResourceID

GUID

Return groups with the referenced Protected Application Resource ID
Set to null to ignore
Required

AccountMemberID

GUID

Return groups where the specified ID is a member
Set to null to ignore
Required

IsAccountIDMember

Boolean

Return groups where the specified ID is a member
Set to null to ignore
Required

columnsToSearch

string

Specifies one or more search conditions. Formatted as follows:
"%[[][[]%<Conditions><Condition PropertyName="\Name of the property to search\" SearchValue="\Value of the property\" Operator=\"Equality\" QuerySuffix=\" Suffix Value \"StartGroupString=\"\" EndGroupString=\"\" /></Conditions>"
Required

pageLength

int

Specifies the number of groups to return in the list of groups
Required

resourceTags

String

Return groups with a matching resource tag
Required

start

int

Specifies the first group in the list of groups returned by the API; set to 0 to return the first accountgroup
Required

textToSearch

string

Set to AdvancedSearch
Required

totalCount

int

This is an output parameters that returns the number of groups matching the search conditions and parameter values.
Required

columnsToSearch

The columnsToSearch body parameter is used to return accounts groups meeting one or more conditions. Each condition specifies a property with a specific value to search. For example, to return a list of accounts with belonging to the “DevDomain1” domain that are currently locked outgroups where the FriendlyName field contains "NH30" and the Notes field contains "For Internal Audit Use", the value for columnsToSearch would be set to that shown below.

"%[[][[]%<Conditions><Condition PropertyName=\"NetBiosNameFriendlyName\" SearchValue=\"Docs-trackingNH30\" Operator=\"EqualTo\" QuerySuffix=\" AND \" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/><Condition PropertyName=\"LockedOutNotes\" SearchValue=\"trueFor Internal Audit Use\" Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"1\" SearchType=\"BooleanString\"/></Conditions>"

Remarks

In the above example, columnsToSearch contains two search conditions. The API returns accounts matching both conditions. Each condition includes the PropertyName to search, the SearchValue to search for, an Equality Operator, a QuerySuffix and a SearchType for the relevant data type. Each of these must be set correctly or an error will occur.

Search Examples

The below examples demonstrate how to use IncludedProperties, parameters, and conditions in columnsToSearch to query the API for a list of groups matching the search conditions. Attributes returned for each record are set by the properties specified in IncludedProperties.

1️⃣ Get all high security groups that a specific person belongs to

Set the ReferencePersonID parameter to the GUID of an EmpowerID Person and the IsHighSecurityGroup parameter to 1 to return a list of high security groups where the reference person has a linked user account.

Code Block

language	json

{
    "IncludedProperties": [        
        "LogonName",
        "NetBiosName",
        "FriendlyName",      
        "AllowJoinRequests",
        "IsHighSecurityGroup",
        "RiskFactorTotal", 
        "DistinguishedName",
        "ResourceID",
        "GroupID",
        "ResourceGUID",
        "ValidUntil",     
    ],
    "Parameters": {
        "AccountStoreID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,
        "GroupTypeID": null,
        "GroupUsageTypeID": null,
        "ResourceTypeID": null,
        "IsEmpty": null,        
        "IsMailEnabled": null,
        "IsHighSecurityGroup": 1,
        "HideInEmpowerID": null,
        "OrgZoneID": null,
        "AccountStoreUsageTypeID": null,
        "ITEnvironmentTypeID": null, 
        "EligibilityAssigneeID": null,
        "EligibilityTypeID": null, 
        "RbacAssignedToAssigneeID": null,
        "TCode": null, 
        "IsAssignable": null,
        "ReferencePersonID": "4e98a3bd-ac98-401a-ac73-042332d73bd9",
        "OwnerPersonGUID": null,
        "AzGlobalFunctions": null,
        "ProtectedApplicationResourceID": null,
        "AccountMemberID": null,
        "IsAccountIDMember": null,
        "textToSearch": null,
        "columnsToSearch": "%[[][[]%<Conditions/>",
        "pageLength": 10,
        "resourceTags": null,
        "start": 0,
        "totalCount": null
    }
}

2️⃣ Get all groups belonging to a specified account store

Set the AccountStoreID parameter to the ID of an account store to return groups belonging to that account store.

Code Block

"Parameters{
    "IncludedProperties": {[        
"AccountStoreID": 2096,         "SecurityBoundaryIDLogonName": null,
        "SecurityBoundaryTypeIDNetBiosName": null,
        "GroupTypeID": null,FriendlyName",      
        "GroupUsageTypeIDAllowJoinRequests": null,
        "ResourceTypeIDIsHighSecurityGroup": null,
        "IsEmptyRiskFactorTotal":, 
null,        "DistinguishedName",
        "IsMailEnabledResourceID": null,
        "IsHighSecurityGroupGroupID": null,
        "HideInEmpowerIDResourceGUID": null,
        "OrgZoneIDValidUntil":,  null,   
    ],
"AccountStoreUsageTypeIDParameters": null,{
        "ITEnvironmentTypeIDAccountStoreID": null2096,
         "EligibilityAssigneeIDSecurityBoundaryID": null,
        "EligibilityTypeIDSecurityBoundaryTypeID": null,
         "RbacAssignedToAssigneeIDGroupTypeID": null,
        "TCodeGroupUsageTypeID": null, 
        "IsAssignableResourceTypeID": null,
        "ReferencePersonIDIsEmpty": null,        
"OwnerPersonGUID        "IsMailEnabled": null,
        "AzGlobalFunctionsIsHighSecurityGroup": null,
        "ProtectedApplicationResourceIDHideInEmpowerID": null,
        "AccountMemberIDOrgZoneID": null,
        "IsAccountIDMemberAccountStoreUsageTypeID": null,
        "textToSearchITEnvironmentTypeID": "AdvancedSearch"null, 
        "columnsToSearchEligibilityAssigneeID": "%[[][[]%<Conditions />"null,
        "pageLengthEligibilityTypeID": 25null, 
        "resourceTagsRbacAssignedToAssigneeID": null,
        "startTCode": 0null, 
        "totalCountIsAssignable": null,
    } }

3️⃣ Use columnsToSearch to return mail-enabled groups. Note the PropertyName for the search condition is set to IsMailEnabled, SearchValue is set to True, the Operator is set to EqualTo and the SearchType is Boolean.

Code Block

{
    "IncludedPropertiesReferencePersonID": [null,
        "OwnerPersonGUID": null,
        "LogonNameAzGlobalFunctions": null,
        "NetBiosNameProtectedApplicationResourceID": null,
        "FriendlyNameAccountMemberID": null,
        "IsAccountIDMember": null,
    "AccountOrganizationStatusFriendlyName",
        "AccountUsageTypeFriendlyName",       
        "ResourceIDtextToSearch": "AdvancedSearch",
        "AccountIDcolumnsToSearch",
        "Name": "%[[][[]%<Conditions />",
        "DescriptionpageLength": 25,
        "CreatedDateresourceTags": null,
        "ExpiresOnstart",       
        "AccountStoreFriendlyName",    : 0,
       ],     "ParameterstotalCount": {         "AccountStoreID": null,
        "SecurityBoundaryID": null,}
}

3️⃣ Get all mail-enabled groups

Use columnsToSearch to return mail-enabled groups. Note the PropertyName for the search condition is set to IsMailEnabled, SearchValue is set to True, the Operator is set to EqualTo and the SearchType is Boolean.

Code Block

{
    "IncludedProperties": [         "SecurityBoundaryTypeID": null,         
        "AccountTypeIDLogonName": null,
        "ShowSystemAccountsOnlyNetBiosName": null,
        "ShowSystemBuiltInAccountsOnlyFriendlyName": null,      
  "AccountUsageTypeID": null,
        "IsOrphanAccountOrganizationStatusFriendlyName": null,
        "DisabledAccountUsageTypeFriendlyName": null,       
         "LockedOutResourceID": null,
        "NeverLoggedInOnlyAccountID": null,
         "HideInEmpowerIDName": null,
        "OrgZoneIDDescription": null,
        "PersonIDCreatedDate": null,
        "ManagerPersonID": null,ExpiresOn",       
        "MemberOfGroupID": null,AccountStoreFriendlyName",       
    ],
    "textToSearchParameters": {
        "AdvancedSearchAccountStoreID": null,
        "pageLengthSecurityBoundaryID": 50null,
        "resourceTagsSecurityBoundaryTypeID": null,         
        "startAccountTypeID": 0null,
        "totalCountShowSystemAccountsOnly": null,
        "columnsToSearch": "%[[][[]%<Conditions><Condition PropertyName="IsMailEnabled" SearchValue="true" Operator="EqualTo" QuerySuffix=""    "ShowSystemBuiltInAccountsOnly": null,
               "AccountUsageTypeID": null,
        StartGroupString="IsOrphan" EndGroupString="" Index="0" SearchType="Boolean"/></Conditions>"
    }
}

4️⃣ Set the AccountMemberID parameter to the GUID of a specific user account and the IsAccountIDMember parameter to true to return groups where that account is a member.

Code Block

{: null,
        "IncludedPropertiesDisabled": [null,        
        "LogonNameLockedOut": null,
        "NetBiosNameNeverLoggedInOnly": null, 
        "FriendlyNameHideInEmpowerID": null, 
             "AccountOrganizationStatusFriendlyNameOrgZoneID": null,
        "AccountUsageTypeFriendlyNamePersonID": null,
               "ResourceID""ManagerPersonID": null,
        "AccountIDMemberOfGroupID": null,
        "textToSearch":"NameAdvancedSearch",
        "DescriptionpageLength": 50,
        "CreatedDateresourceTags": null,
        "ExpiresOnstart": 0,
        "totalCount": null,
        "columnsToSearch": "%[[][[]%<Conditions><Condition PropertyName="IsMailEnabled" SearchValue="true"   "AccountStoreFriendlyName",Operator="EqualTo" QuerySuffix="" 
          ],      "Parameters": {         "AccountStoreID": null,     StartGroupString=""    "SecurityBoundaryID": null,
 EndGroupString="" Index="0" SearchType="Boolean"/></Conditions>"
    }
}

4️⃣ Get all group memberships for a specific user account

Set the AccountMemberID parameter to the GUID of a specific user account and the IsAccountIDMember parameter to true to return groups where that account is a member.

Code Block

{
      "SecurityBoundaryTypeIDIncludedProperties": null,
[        "GroupTypeID": null,
        "GroupUsageTypeIDLogonName": null,
        "ResourceTypeIDNetBiosName": null,
        "IsEmptyFriendlyName": null,       
         "IsMailEnabledAccountOrganizationStatusFriendlyName": null,
        "IsHighSecurityGroup": null,AccountUsageTypeFriendlyName",       
        "HideInEmpowerIDResourceID": null,
        "OrgZoneIDAccountID": null,
        "AccountStoreUsageTypeIDName": null,
        "ITEnvironmentTypeIDDescription": null, 
        "EligibilityAssigneeIDCreatedDate": null,
        "EligibilityTypeID": null,ExpiresOn",       
        "RbacAssignedToAssigneeID": null,AccountStoreFriendlyName",       
    ],
     "TCodeParameters": null, {
        "IsAssignableAccountStoreID": null,
        "ReferencePersonIDSecurityBoundaryID": null,
        "OwnerPersonGUIDSecurityBoundaryTypeID": null,
        "AzGlobalFunctionsGroupTypeID": null,
        "ProtectedApplicationResourceIDGroupUsageTypeID": null,
        "AccountMemberIDResourceTypeID": "0EC3DE4D-DDD7-4B2E-A104-52C1ECE422F8"null,
        "IsAccountIDMemberIsEmpty": truenull,        
"textToSearch": "AdvancedSearch",
        "columnsToSearchIsMailEnabled": "%[[][[]%<Conditions />"null,
        "pageLengthIsHighSecurityGroup": 25null,
        "resourceTagsHideInEmpowerID": null,
        "startOrgZoneID": 0null,
        "totalCountAccountStoreUsageTypeID": null,
        }
}

SearchTerms

Each identity object in the EmpowerID Identity Warehouse has a SearchTerms property with a specific set of search values that can used to return all objects matching those values. For groups, SearchTerms encompass the Name, FriendlyName, Email, EmpowerIDName, EmpowerIDFriendlyName, LogonName, NetBiosName, FQN, DistinguishedName, and Description properties. When used, the API returns all groups where the specified search value finds a match in any of those properties. For example, if the search value is set to “Doc”, the API would return all the following groups

Any group with a match in the name

Any group with a match in the friendly name

Any group with a match in the email address

Any group with a match in the EmpowerID name

"ITEnvironmentTypeID": null, 
        "EligibilityAssigneeID": null,
        "EligibilityTypeID": null, 
        "RbacAssignedToAssigneeID": null,
        "TCode": null, 
        "IsAssignable": null,
        "ReferencePersonID": null,
        "OwnerPersonGUID": null,
        "AzGlobalFunctions": null,
        "ProtectedApplicationResourceID": null,
        "AccountMemberID": "0EC3DE4D-DDD7-4B2E-A104-52C1ECE422F8",
        "IsAccountIDMember": true,
        "textToSearch": "AdvancedSearch",
        "columnsToSearch": "%[[][[]%<Conditions />",
        "pageLength": 25,
        "resourceTags": null,
        "start": 0,
        "totalCount": null
    }
}

SearchTerms

Each identity object in the EmpowerID Identity Warehouse has a SearchTerms property with a specific set of search values that can used to return all objects matching those values. For groups, SearchTerms encompass the Name, FriendlyName, Email, EmpowerIDName, EmpowerIDFriendlyName, LogonName, NetBiosName, FQN, DistinguishedName, and Description properties. When used, the API returns all groups where the specified search value finds a match in any of those properties. For example, if the search value is set to “Doc”, the API would return all the following groups

Any group with a match in the EmpowerID friendly name
Any group with a match in the logon friendly name
Any group with a match in the Net BIOS nameemail address
Any group with a match in the FQNEmpowerID name
Any group with a match in the Distinguished NameEmpowerID friendly name
Any group with a match in the descriptionlogon name
Any group with a match in the Net BIOS name
Any group with a match in the FQN
Any group with a match in the Distinguished Name
Any group with a match in the description

The following examples illustrate how to use SearchTerms to return a subset of groups:

1️⃣

Use SearchTerms to return the logon name, Net BIOS name, friendly name, description, group type name, distinguished name, and group ID for groups where the search value is set to "SAP"

Get all groups with a SearchTerm of “SAP”

Code Block

{    
    "IncludedProperties": [
        "LogonName",
        "NetBiosName",
        "FriendlyName",
        "Description",
        "GroupTypeName",
        "DistinguishedName",
        "GroupID"      
    ],
     "Parameters": {
        "AccountStoreID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,
        "GroupTypeID": null,
        "GroupUsageTypeID": null,
        "ResourceTypeID": null,
        "IsEmpty": null,        
        "IsMailEnabled": null,
        "IsHighSecurityGroup": null,
        "HideInEmpowerID": null,
        "OrgZoneID": null,
        "AccountStoreUsageTypeID": null,
        "ITEnvironmentTypeID": null, 
        "EligibilityAssigneeID": null,
        "EligibilityTypeID": null, 
        "RbacAssignedToAssigneeID": null,
        "TCode": null, 
        "IsAssignable": null,
        "ReferencePersonID": null,
        "OwnerPersonGUID": null,
        "AzGlobalFunctions": null,
        "ProtectedApplicationResourceID": null,
        "AccountMemberID": null,
        "IsAccountIDMember": null,
        "textToSearch": "AdvancedSearch",
        "columnsToSearch":"%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"SAP\" Operator=\"EqualTo\" 
                          QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>"
    }
"AdvancedSearch",
        "columnsToSearch":"%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"SAP\" Operator=\"EqualTo\" 
                          QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>"
    }
}

2️⃣ Get all groups where the `SearchValue` of the `SearchTerm` is an email address containing "onmicrosoft"

Code Block

{
    "IncludedProperties": [
        "LogonName",
        "NetBiosName",
        "FriendlyName",
        "Description",
        "Email",
        "GroupTypeName",
        "DistinguishedName",
        "GroupID"      
    ],
   "Parameters": {
        "AccountStoreID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,
        "GroupTypeID": null,
        "GroupUsageTypeID": null,
        "ResourceTypeID": null,
        "IsEmpty": null,        
        "IsMailEnabled": null,
        "IsHighSecurityGroup": null,
        "HideInEmpowerID": null,
        "OrgZoneID": null,
        "AccountStoreUsageTypeID": null,
        "ITEnvironmentTypeID": null, 
        "EligibilityAssigneeID": null,
        "EligibilityTypeID": null, 
        "RbacAssignedToAssigneeID": null,
        "TCode": null, 
        "IsAssignable": null,
        "ReferencePersonID": null,
        "OwnerPersonGUID": null,
        "AzGlobalFunctions": null,
        "ProtectedApplicationResourceID": null,
        "AccountMemberID": null,
        "IsAccountIDMember": null,
        "textToSearch": "AdvancedSearch",
        "columnsToSearch": "%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"Email_*microsoft\" 
          Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>"
    }
}

Easy html macro

theme

{"label":"solarized_dark","value":"solarized_dark"}

contentByMode

{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<link href=\"https://docs.empowerid.com/assets/css/EID-API-DOC.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n \r\n <div class = \"bd-callout bd-callout-info\">\r\n <p>When using <code>SearchTerms</code>, search results can be filtered to specific text within \r\n supported properties. </p> \r\n \r\n <p><code>\"%[[][[]%<Conditions><Condition PropertyName=\\\"SearchTerms\\\" SearchValue=\\\"Email_*microsoft\\\" \r\n Operator=\\\"EqualTo\\\" QuerySuffix=\\\" \\\" StartGroupString=\\\"\\\" EndGroupString=\\\"\\\" Index=\\\"0\\\" \r\n SearchType=\\\"String\\\"/></Conditions>\"</code></p>\r\n \r\n<p class = \"bd-callout bd-callout-success\">For <code>SearchTerms</code>, the syntax for <code>SearchValue</code> is \r\n<code>Property_TextToSearch</code>. Include wildcards to broaden search results. For example, \r\nthe above search condition returns all groups where the <code>Email</code> attribute contains <code>microsoft</code>. If not using \r\nwildcards, the API returns groups where the search value of the property begins with an exact match.</p>\r\n</div>\r\n","javascript":"","css":"code {\r\n padding: 2px 4px;\r\n font-size: 90%;\r\n color: #c7254e;\r\n background-color: #f9f2f4;\r\n border-radius: 4px;\r\n}"}

Sample Responses

Tabs macro

defaultColor	#42526e
activeColor	#0052ccff
width	30
hoverColor	#0065FF
tabType	no-icon
style	style-1
alignment	left

[{"label":"200","id":"1","content":{"version":1,"type":"doc","content":[{"type":"codeBlock","attrs":{"language":"json"},"content":[{"type":"text","text":"  {{\r\n    \"Tags\": [],\r\n    \"Data\": [\r\n        {\r\n            \"LogonName\": \"Contractors-Dazure-grp-new(95b06c58-d652-49a9-a9fb-c83985ec6645)\",\r\n            \"NetBiosName\": \"Docs-Tracking-OnlyAzure AD Scim - Contractors\",\r\n            \"FriendlyName\": \"Contractorsazure-grp-Dnew\",\r\n            \"Description\": \"Contractorsazure-grp-Dnew\",\r\n            \"GroupTypeName\": \"GenericOffice 365 Group\",\r\n            \"AllowJoinRequests\": false,\r\n            \"IsHighSecurityGroup\": false,\r\n            \"RiskFactorTotal\": 0,\r\n            \"PreventExternalMembershipChanges\": false,\r\n            \"Email\": null\"azure-grp-new@EmpowerIDContractors.onmicrosoft.com\",\r\n            \"DistinguishedName\": \"CN=e4983fd895b06c55-4253d652-45ca49a9-984fa9fb-5ce8ac165141,DC=Docs-Tracking-Onlyc83989ec6645,38A6D48D-1775-4DE4-B029-9B525A8070E9\",\r\n            \"ResourceID\": 14740235819532,\r\n            \"GroupID\": 750079841935,\r\n            \"ResourceGUID\": null,\r\n            \"ValidUntil\": null,\r\n            \"IsMailEnabled\": falsetrue,\r\n            \"Notes\": null,\r\n            \"RiskFactorLastCalculated\": \"2022-0405-11T2016T18:3552:1826.535\",\r\n            \"ResourceTypeID\": 628,\r\n            \"AuxAssigned\": null,\r\n            \"AuxInherited\": null\r\n        },\r\n        {\r\n            \"LogonName\": \"D-Consultant-BOSeidcontractors_group0111_03(eab6ff75-e947-44a0-9443-5cf3cb2f8234)\",\r\n            \"NetBiosName\": \"Docs TrackingAzure AD Scim - Contractors\",\r\n            \"FriendlyName\": \"D-Consultant-BOSeidcontractors_group0111_03\",\r\n            \"Description\": \"D-Consultant-BOSeidcontractors_group0111_03 test\",\r\n            \"GroupTypeName\": \"GenericOffice 365 Group\",\r\n            \"AllowJoinRequests\": truefalse,\r\n            \"IsHighSecurityGroup\": false,\r\n            \"RiskFactorTotal\": 0,\r\n            \"PreventExternalMembershipChanges\": false,\r\n            \"Email\": null\"eidcontractors_group0111_03@EmpowerIDContractors.onmicrosoft.com\",\r\n            \"DistinguishedName\": \"CN=cb6cc333-f817-4cd8-b7a6-5ebd602bd711,DC=Docs Tracking\" \"DistinguishedName\": null,\r\n            \"ResourceID\": 13970182421412,\r\n            \"GroupID\": 746794824427,\r\n            \"ResourceGUID\": null,\r\n            \"ValidUntil\": null,\r\n            \"IsMailEnabled\": falsetrue,\r\n            \"Notes\": null,\r\n            \"RiskFactorLastCalculated\": \"2022-04-11T20:35:18.5\",\r\n            \"ResourceTypeID\": 628,\r\n            \"AuxAssigned\": null,\r\n            \"AuxInherited\": null\r\n        },\r\n        {\r\n            \"LogonName\": \"Doc Testeidcontractors_group0111_06(e61686ed-f095-441a-88d7-b018dd988ce4)\",\r\n            \"NetBiosName\": \"Docs TrackingAzure AD Scim - Contractors\",\r\n            \"FriendlyName\": \"Doc Testeidcontractors_group0111_06\",\r\n            \"Description\": \"Doc Test for Group Classification..eidcontractors_group0111_06 test\",\r\n            \"GroupTypeName\": \"GenericOffice 365 Group\",\r\n            \"AllowJoinRequests\": truefalse,\r\n            \"IsHighSecurityGroup\": false,\r\n            \"RiskFactorTotal\": 0,\r\n            \"PreventExternalMembershipChanges\": false,\r\n            \"Email\": null\"eidcontractors_group0111_06@EmpowerIDContractors.onmicrosoft.com\",\r\n            \"DistinguishedName\": \"CN=33d32cc1-967a-4ae0-86b6-c31e183b26d2,DC=Docs Tracking\"null,\r\n            \"ResourceID\": 6776362421413,\r\n            \"GroupID\": 745433824431,\r\n            \"ResourceGUID\": null,\r\n            \"ValidUntil\": null,\r\n            \"IsMailEnabled\": falsetrue,\r\n            \"Notes\": null,\r\n            \"RiskFactorLastCalculated\": \"2022-04-11T20:35:18.5\",\r\n            \"ResourceTypeID\": 628,\r\n            \"AuxAssigned\": null,\r\n            \"AuxInherited\": null\r\n        },\r\n        {\r\n            \"LogonName\": \"dggroupeidcontractors_group0111_07(e0d68e73-5752-4590-b72d-b40536225610)\",\r\n            \"NetBiosName\": \"Docs TrackingAzure AD Scim - Contractors\",\r\n            \"FriendlyName\": \"Docs Generic Groupeidcontractors_group0111_07\",\r\n            \"Description\": \"Docs Generic Groupeidcontractors_group0111_07\",\r\n            \"GroupTypeName\": \"GenericOffice 365 Group\",\r\n            \"AllowJoinRequests\": truefalse,\r\n            \"IsHighSecurityGroup\": false,\r\n            \"RiskFactorTotal\": 0,\r\n            \"PreventExternalMembershipChanges\": false,\r\n            \"Email\": null\"eidcontractors_group0111_07@EmpowerIDContractors.onmicrosoft.com\",\r\n            \"DistinguishedName\": \"CN=4e9c0fe3-72bc-4638-bc22-10a90cba13a0,DC=Docs Tracking\"null,\r\n            \"ResourceID\": 6586732421414,\r\n            \"GroupID\": 743201824430,\r\n            \"ResourceGUID\": null,\r\n            \"ValidUntil\": null,\r\n            \"IsMailEnabled\": falsetrue,\r\n            \"Notes\": \"Docs Generic Group\"null,\r\n            \"RiskFactorLastCalculated\": \"2022-04-11T20:35:18.5\",\r\n            \"ResourceTypeID\": 628,\r\n            \"AuxAssigned\": null,\r\n            \"AuxInherited\": null\r\n        },\r\n        {\r\n            \"LogonName\": \"dgroupustest-az-201(01169ae7-0af8-428c-8eb9-847812488431)\",\r\n            \"NetBiosName\": \"Docs TrackingAzure AD Scim - Contractors\",\r\n            \"FriendlyName\": \"Docsustest-Testaz-Domain-Group201\",\r\n            \"Description\": \"Docsustest-Testaz-Domain-Group201\",\r\n            \"GroupTypeName\": \"GenericOffice 365 Group\",\r\n            \"AllowJoinRequests\": truefalse,\r\n            \"IsHighSecurityGroup\": false,\r\n            \"RiskFactorTotal\": 0,\r\n            \"PreventExternalMembershipChanges\": false,\r\n            \"Email\": null\"ustest-az-201@EmpowerIDContractors.onmicrosoft.com\",\r\n            \"DistinguishedName\": \"CN=08ab492901169ae8-887a0af4-4eeb428c-aab58eb7-94da74768af0,DC=Docs Tracking847812488432,38A6D48D-1775-4DE4-B029-9B425A8070E9\",\r\n            \"ResourceID\": 6810797617066,\r\n            \"GroupID\": 745511857664,\r\n            \"ResourceGUID\": null,\r\n            \"ValidUntil\": null,\r\n            \"IsMailEnabled\": falsetrue,\r\n            \"Notes\": null,\r\n            \"RiskFactorLastCalculated\": \"2022-0406-11T2020T19:3548:1819.592\",\r\n            \"ResourceTypeID\": 628,\r\n            \"AuxAssigned\": null,\r\n            \"AuxInherited\": null\r\n        }\r\n    ],\r\n    \"OutParameters\": [\r\n        {\r\n            \"Name\": \"totalCount\",\r\n            \"Value\": 117\r\n        }\r\n    ]\r\n}"}]},{"type":"paragraph","content":[]}]},"icon":"bootstrap/FillCircleFill"},{"label":"401","id":"2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"This error occurs when there is an issue with the access token."}]},{"type":"paragraph","content":[]}]},"icon":"bootstrap/FillCircleFill"},{"label":"500","id":"6a16m5mmd","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"This error indicates that the API call included an invalid parameter."}]},{"type":"codeBlock","attrs":{"language":"json"},"content":[{"type":"text","text":"{\n    {\n    \"Message\": \"An error has occurred.\",\r\n    \"ExceptionMessage\": \"The given key was not present in the dictionary.\"\n}"}]},{"type":"paragraph","content":[]}]},"icon":"bootstrap/FillCircleFill"}]

Page Properties

hidden	true

Account Properties

The below table includes Account Properties that can be added to IncludedProperties.

Property

Returns

AccountID

int

The ID of the account

AccountStoreID

int

The ID of the account store associated with the account

AccountTypeID

int

The ID of the account type

Expand

title	View Account Type IDs

Insert excerpt

	IL:Account Type IDs
	IL:Account Type IDs
nopanel	true

FriendlyName

string

The Friendly Name of the person

Name

string

The full name of the person

string

The EmpowerID login for the person

Email

string

The email address of the person

null if empty

EmailAlias

string

The email alias of the person

null if empty

PersonalEmail

string

The personal email address of the person

null if empty

ResourceID

int

The ResourceID of the person

PrimaryOrgRoleOrgZoneID

int

The ID of the person’s primary Business Role and Location

PersonGUID

string

The unique identifier for the person

Active

Boolean

True or False

PersonalTitle

string

The personal title

null if empty

FirstName

string

The person’s first name

MiddleName

string

The person’s middle name

null if empty

LastName

string

The person’s last name

SecondLastName

string

The person’s second last name

null if empty

GenerationalSuffix

string

The person’s generational suffix

null if empty

BirthName

string

The person’s birth name

null if empty

Initials

string

The person’s initials

null if empty

Title

string

The person’s title

null if empty

AboutMe

string

The information in the AboutMe field of a person

null if empty

StreetAddress

string

The person’s street address

null if empty

StreetAddress2

string

The second line of street address

null if empty

City

string

The person’s city

null if empty

State

string

The person’s state

null if empty

PostalCode

string

The person’s postal code

null if empty

Country

string

The person’s country

null if empty

Province

string

The person’s province

null if empty

Company

string

The person’s company

null if empty

Division

string

The person’s division

null if empty

Department

string

The person’s department

null if empty

DepartmentNumber

string

The person’s department number

null if empty

Office

string

The person’s office

null if empty

POBox

string

The person’s Post Office Box

null if empty

Location

string

The person’s location

null if empty

SocialSecurityNumber

string

The person’s Social Security Number

null if empty

NationalIdentificationNumber

string

The person’s National Identification Number

null if empty

CarLicense

string

The person’s vehicle license plate number

null if empty

DriversLicenseNumber

string

The person’s driver’s license number

null if empty

Ethnicity

string

The person’s ethnicity

null if empty

Gender

string

The person’s gender

null if empty

District

string

The District for the person

null if empty

Assistant

string

The name of the assistant for the person

null if empty

PhotoURL

string

The Photo URL for the person

null if empty

IMAddress

string

The IM address for the person

null if empty

SIPAddress

string

The SIP address for the person

null if empty

IdentityURL

string

The Identity URL for a person

null if empty

URLPersonal

string

The Personal URL for a person

null if empty

URLBusiness

string

The Business URL for a person

null if empty

URLOWA

string

The OWA URL for a person

null if empty

Telephone

string

The telephone number for the person

null if empty

MobilePhone

string

The mobile phone number for the person

null if empty

BusinessPhone

string

The business phone number for the person

null if empty

string

The pager number for the person

null if empty

HomeTelephone

string

The home telephone number for the person

null if empty

FAX

string

The fax number of a person

null if empty

Notes

string

Notes about a person

null if empty

MustChangePasswordOnNextLogin

Boolean

Specifies whether the person must change their password on their next login

True or False

LastLoginDate

DateTime

Date the person last logged in

LastPasswordChangedDate

DateTime

Date the person’s password was changed

FirstLoginFailedAttempt

DateTime

Date of the first logn failure for the person

null if empty

FailedLoginAttemptsCount

int

Number of failed lgoin attempts for the person

0 if no failed attempts

DisableSSOLogin

Boolean

Specifies whether the person can login via SSO

True or False

LockedUntil

DateTime

Date the person is locked out of the system due to login failures

null if empty

Description

string

Description of the person

null if empty

ValidFrom

DateTime

Date the person account became valid

null if empty

ValidUntil

DateTime

Date the person account becomes invalid

null if empty

DateOfBirth

DateTime

Birth date of the person

null if empty

CityOfBirth

string

Birth city of the person

null if empty

CountryOfBirth

string

Birth country of the person

null if empty

NationID

int

Nation ID of the person

null if empty

IsOutOfOffice

Boolean

Specifies the Out Of Office status of the person

True or False

EmployeeID

string

Employee ID of the person

null if empty

EmployeeIDOther

string

Secondary Employee ID of tjhe person

null if empty

ManagerPersonID

int

PersonID of the person’s manager

null if empty

EmployeeType

string

The person’s Employee type

null if empty

EmployeeTypeOther

string

The person’s Secondary Employee type

null if empty

MobilePhoneProviderID

int

The ID of the person’s mobile phone provider

null if empty

Status

string

The person’s account status

Active or Disabled

LocaleID

int

LocaleID of the person’s Locale

null if empty

ProfileManagerLastUpdated

DateTime

The date the person’s profile was last updated

null if empty

OrgRoleOrgZoneFriendlyName

string

The Friendly Name of the person’s Business Role and Location

CoreIdentityID

int

The ID of the Core Identity linked to the person

PersonProofingStatusFriendlyName

string

The status of the person’s proofing status

PersonManagerName

string

The name of the person’s manager

TimeConstrain

XML

Time constraint data for the person

XML format

TimeConstraintActive

Boolean

Specifies whether an active time constraint exists for the person

True or False

AllowLogin

Boolean

Specifies whether the person can log in

True or False

AllowPasswordOperations

Boolean

Specifies whether the person can update their passwords

True or False

AllowAttributeSync

Boolean

Specifies whether attribute sync is allowed between the person account and any owned external user accounts

True or False

AllowOrgRoleOrgZoneReEval

Boolean

Specifies whether the Business Role and Location of the person can be re-evaluated

True or False

LogonNameBeforeDeleted

string

The logon name before the person account was deleted

null if the person has not been deleted

Deleted

Boolean

Specifies whether the person account has been deleted

True or False

DeletedDate

DateTime

The date the person account was deleted

null if the person has not been deleted

SessionDirtyDate

DateTime

The date of the person’s last session

null if empty

RiskFactorTotal

int

The total risk factor score associated with the person

null if empty

RiskFactorTotalCalculated

DateTime

The date the person’s total risk factor score was calculated

CreatedDate

DateTime

The date and time the person account was created in the system

ModifiedDate

DateTime

The date and time any person attributes were modified for the person

DisableNotifications

Boolean

Specifies whether system notifications are disabled for the person

True or False

DisableAsApprover

Boolean

Specifies whether approval notifications are disabled for the person

True or False

PreferredFirstName

string

The preferred first name of the person

null if empty

PreferredLastName

string

The preferred last name of the person

null if empty

ExpectedHireDate

DateTime

The expected hire date for the person

null if empty

OriginalHireDate

DateTime

The person’s original hire date

null if empty

TerminationDate

DateTime

The date the person was terminated from the company

null if empty

OrganizationID

string

The ID of the person’s organization

LoginRequireDeviceRegistration

Boolean

Specifies whether the person’s devices must be registered to log in to the Web app

True or False

RequireSecondFactor

Boolean

Specifies whether second factor authentication is required for the person to log in

True or False

RequireSecondFactorForLDAP

Boolean

Specifies whether second factor authentication is required for the person to log in via LDAP

True or False

RequireSecondFactorForRadius

Boolean

Specifies whether second factor authentication is required for the person to log in via RADIUS

True or False

LastChatStatus

string

The last chat status of the person

null if empty

JobCode

string

The peson's job code

null if empty

PositionCode

string

The person’s position code

null if empty

DefaultHomePage

string

The default home page of the Web application for the person

null if empty

RoomNumber

string

The person’s room number

null if empty

BusinessCategory

string

The business category for the person

null if empty

OrgUnit

string

The person’s org unit

null if empty

SearchTerms

string

Search terms used to return the person in the search fields of the Web application

DistinguishedName

strimng

Distinguished name of the person account

CoreIdentityID

string

ID of the person’s Core Identity object

null if empty

ProcessStatus

int

Process status for the person’s account

2 for provisioned

ProcessTime

DateTime

The date and time the system processed the person’s account

DisabledDate

DateTime

The date the person’s account was disabled

null if empty

OwnerAssigneeID

string

Unique identifier of the owner of the person’s account

null if empty

IsExternal

Boolean

Specifies whether the person is external to the organization

True or False

HRNumber

string

The person’s HR Number

null if empty

DepartmentType

string

The person’s Department Type

null if empty

DepartmentCode

string

The person’s Department Code

null if empty

CompanyType

string

The person’s company type

null if empty

CompanyCode

string

The company code for the person

null if empty

CostCenter

string

The cost center for the person

null if empty

BusinessUnit

string

The person’s business unit

null if empty

PositionID

string

The ID of the person’s position

null if empty

SiteCode

string

The Site Code for the person’s site

null if empty

SiteName

string

The Site Name for the person’s site

null if empty

WorkingCompany

string

The Working Company of the person

null if empty

PreferredLanguage

string

The person’s preferred language

null if empty

SuspensionStartDate

DateTime

The suspension start date for the person

null if empty

SuspensionEndDate

DateTime

The suspension end date for the person

null if empty

IsContingentWorker

Boolean (nullable)

Specifies whether the person is a contingent worker

null if not set

IsFullTimeEmployee

Boolean (nullable)

Specifies whether the person is a full-time employee

null if not set

WorkingDaysPerWeek

int

The number of days per week the person works

null if empty

StandardHours

int

The standard hours for the person

null if empty

WorkLocation

string

The person’s work location

null if empty

BusinessTitle

string

The person’s Business Title

null if empty

Region

string

The person’s region

null if empty

IsEmailAcountRequired

Boolean (nullble)

Specifies whether an email account is required for the person

null if not set

JobCodeDescription

string

The person’s Department Code

null if empty

JobLocationName

string

The person’s Department Code

null if empty

County

string

The person’s county

null if empty

StreetAddress3

string

The third line of the person’s Street Address

null if empty

PreferredState

string

The person’s preferred state

null if empty

ThirdName

string

The person’s third name

null if empty

CostCenterDescription

string

The cost center description for the person

null if empty

CompanyDescription

string

The person’s company description

null if empty

LeaveOfAbsenseActualReturnDate

DateTime

The date the person returned from a leave of absence

null if empty

LeaveOfAbsenseExpectedReturnDate

DateTime

The date the person is expected to return from a leave of absence

null if empty

LeaveOfAbsenseStartDate

DateTime

The date the person starts a leave of absense

null if empty

LeaveOfAbsenseEndDate

DateTime

The date the person’s leave of absence ends

null if empty

WorkOrderStartDate

DateTime

The work order start date for a person

null if empty

WorkOrderEndDate

DzateTime

The work order end date for a person

null if empty

WorkOrderId

String

The work order ID for a person

null if empty

EffectiveStartDate

DateTime

The effective start date for a person

null if empty

EffectiveEndDate

DateTime

The effective end date for a person

null if empty

IsPrimary

Boolean

Specifies whether the account is the primary person

True or False

ExcludeFromResourceEntitlement

Boolean

Specifies whether the person is excluded from recieving any resource entitlements granted by provisioning policies.

True or False

IsSaaS

Boolean

Specifies whether the person is a SaaS account
True or False

SendEmailAsEncrypted

Boolean

Specifies whether email is to be sent encrypted

True or False

PreferredDataLocation

string

The preferred data location for a p

null if empty

ChangeTS

DateTime

The date and time a change occured on the person

OofEndDate

DateTime

Date and time a person’s Out of Office status ends

null if empty

OofInternalMsg

string

Out of Office message sent to internal users

null if empty

OofExternalMsg

string

Out of Office message sent to external users

null if empty

OofAudience

string

Out of Office audience

null if empty

OofStatus

string

Out of Office status

null if empty

OofStartDate

DateTime

Date and time the person’s Out of Office status begins

null if empty

BotConversationReferenceID

string

Unique identifier of the person’s BOT conversation

null if empty

CitizenNationID

int

Nation ID for the person

null if empty

Currency

string

Currency used by the person

null if empty

DefaultCurrency

string

Default currency for the person

null if empty

Div

style	float:left; position:fixed;
id	articleNav

IN THIS ARTICLE

Table of Contents

maxLevel	3
minLevel	2
style	none
printable	false

Insert excerpt

	IL:External Stylesheet
	IL:External Stylesheet
nopanel	true

Page Comparison

Versions Compared

Old Version 2

New Version Current

Key

Post /GetAllSearchAdvanced

URL

Header Key/Value Pairs

Request Body

Included Properties

Body Parameters

AccountStoreID

SecurityBoundaryID

SecurityBoundaryTypeID

GroupTypeID

GroupUsageTypeID

ResourceTypeID

IsEmpty

IsMailEnabled

IsHighSecurityGroup

HideInEmpowerID

OrgZoneID

AccountStoreUsageTypeID

ITEnvironmentTypeID

EligibilityAssigneeID

EligibilityTypeID

RbacAssignedToAssigneeID

TCode

IsAssignable

ReferencePersonID

OwnerPersonGUID

AzGlobalFunctions

ProtectedApplicationResourceID

AccountMemberID

IsAccountIDMember

columnsToSearch

pageLength

resourceTags

start

textToSearch

totalCount

columnsToSearch

Remarks

Search Examples

1️⃣ Get all high security groups that a specific person belongs to

2️⃣ Get all groups belonging to a specified account store

3️⃣ Get all mail-enabled groups

4️⃣ Get all group memberships for a specific user account

SearchTerms

SearchTerms

1️⃣

Get all groups with a SearchTerm of “SAP”

2️⃣ Get all groups where the SearchValue of the SearchTerm is an email address containing "onmicrosoft"

Sample Responses

Account Properties

AccountID

AccountStoreID

AccountTypeID

FriendlyName

Name

Login

Email

EmailAlias

PersonalEmail

ResourceID

PrimaryOrgRoleOrgZoneID

PersonGUID

Active

PersonalTitle

FirstName

MiddleName

LastName

SecondLastName

GenerationalSuffix

BirthName

Initials

Title

AboutMe

StreetAddress

StreetAddress2

2️⃣ Get all groups where the `SearchValue` of the `SearchTerm` is an email address containing "onmicrosoft"