drakomi6
commented
5 months ago Also to add I tested with a different group that has about 5 users and that does seem to restrict as expected
Open drakomi6 opened 5 months ago
drakomi6
commented
5 months ago Also to add I tested with a different group that has about 5 users and that does seem to restrict as expected
Yvand
commented
4 months ago @drakomi6 sorry for my late reply. I admit I did not try this scenario with so many users in a group, I will test your scenario and come back to you, but it will take me time, I won't be able to get back to you soon, but I will.
drakomi6
commented
4 months ago No problem, appreciate your work as always :)
On 27 Jun 2024, at 14:47, Yvan Duhamel @.***> wrote:
@drakomi6https://github.com/drakomi6 sorry for my late reply. I admit I did not try this scenario with so many users in a group, I will test your scenario and come back to you, but it will take me time, I won't be able to get back to you soon, but I will.
— Reply to this email directly, view it on GitHubhttps://github.com/Yvand/EntraCP/issues/264#issuecomment-2194734451, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BBUUUZY7FAPXG22JPBTF4I3ZJQJXHAVCNFSM6AAAAABJNMIOEWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJUG4ZTINBVGE. You are receiving this because you were mentioned.Message ID: @.***>
Yvand
commented
4 months ago @drakomi6 I confirm there is an issue with the current implementation:
EntraCP uses endpoint /groups/{id}/members to return the users members of the groups specified in the textbox.
But it returns 100 members per page, EntraCP only asks for the 1st page.
So any user not returned by the 1st page will be filtered out.
I already tested a quick and dirty fix which is to get 999 members per page (maximum supported), but I will make sure I get all the pages, to really get all the members.
You can see the progress in branch https://github.com/Yvand/EntraCP/tree/fix-missing-group-members
drakomi6
commented
3 months ago Thanks Yvan, that checks out
On 10 Jul 2024, at 14:26, Yvan Duhamel @.***> wrote:
@drakomi6https://github.com/drakomi6 I confirm there is an issue with the current implementation:
EntraCP uses endpoint /groups/{id}/members to return the users members of the groups specified in the textbox. But it returns 100 members per page, EntraCP only asks for the 1st page. So any user not returned by the 1st page will be filtered out.
I already tested a quick and dirty fix which is to get 999 members per page (maximum supportedhttps://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http#optional-query-parameters), but I will make sure I get all the pages, to really get all the members.
You can see the progress in branch https://github.com/Yvand/EntraCP/tree/fix-missing-group-members
— Reply to this email directly, view it on GitHubhttps://github.com/Yvand/EntraCP/issues/264#issuecomment-2220508472, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BBUUUZ6IHDPAXQWAGGEDI43ZLUZATAVCNFSM6AAAAABJNMIOEWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMRQGUYDQNBXGI. You are receiving this because you were mentioned.Message ID: @.***>
I have been trying to test the new 'Restrict searchable users' functionality however when I add the group in question it does pull back some entra groups (suggesting entracp is still functioning) but not any of the entra accounts in the group in question. I'm not sure if part of the issue would be the scale of the group having 4000+ members. I have not been able to see any overt errors in the logs and it just shows Got 0 users/groups in 187ms entra results for query. It does still pull back on premise AD accounts as expected when the restriction is applied. If i remove the restriction I can find all accounts again as normal.
For reference in our schema all users have 2 accounts an on premise and an entra; we were hoping with the new feature we could restrict so that only the users on premise ad accounts would show and only relevant entra accounts (guest accounts)