For a bit of background, I am writing a Java app to run as a module in an older, legacy java application that was set up to use LDAP for directory services.
I've registered an application in Entra and provided the least privileges so it can read the directory, users, groups and group members. I have been able to successfully synchronize the directory and groups using MS graph so LDAP is not needed.
I run into the issue now where for some workflows in the larger legacy app, it needs to know who a user's manager is. I believed this to be simple, but I'm hitting issues. I believe the request should be something like this:
// Get a collection of users that match the UPN (Should only be one)
UserCollectionRequest usersRequest = graphClient.users().buildRequest()
.filter("userPrincipalName eq '" + userPrincipalName + "'")
.expand("manager");
// Get the user
User user = usersRequest.get().getCurrentPage().get(0);
// How do I get and use user.manager?
// Get the manager as a user?
User manager = user.manager;
// Nope: user.manager is of type DirectoryObject
// Get the manager's ID and look them up in their own call?
String managerID = user.manager.id;
// Nope: user.manager is null
I expected user.manager to be a User object but instead it's a DirectoryObject. Ok. I suppose I could get user.manager.id and look up the manager from that. However the user.manager DirectoryObject returned is null.
From further digging I think this is due to List manager not supporting application permissions:
https://learn.microsoft.com/en-us/graph/api/user-list-manager?view=graph-rest-1.0&tabs=java#permissions
This I find very annoying. I need this app to be able to run unattended.
Is there any path forward? I am unfortunately not a developer and struggle with Java being strongly typed and requiring such strict structure. I'd appreciate code samples if possible.