Skip to main content
Solved

Veeam M365 & Ansible

S

I need some help.  I am trying to automate my Employee Offboarding using ansible by creating a backup job that will do a final backup of the user’s mailbox, archive, teams, teams chat and personal site.  Then restore it to an offsite File Share for long term storage.  I’m using the REST API and I can query my Veeam server for Org ID, Repository ID, etc.  However, I can not create a job.  I think it is because I can list the user ID in the task.  Is the User ID based off of the Azure ID?  Would I need a separate task that queries my O365 Instance and retrieves that?

Best answer by Rin

Steve.Bennett wrote:

Is the User ID based off of the Azure ID?  Would I need a separate task that queries my O365 Instance and retrieves that?

Sorry for the delay Steve. I normally work in the PS word so I had to fire up the lab and see how it worked in the API side. 

 

The Entra ID is used for part of the user ID. The user ID is actually made up of 4 number sets with the beginning made of the domain name. Without the full set of IDs pulled using the get OrganizationUser the return will be “incorrect user ID format”.

This was using the Organizational Users with a search on userName to get a specific result

Then took that D into Organizations User to show how the ID looks in line

 

Hope this helps out.

View original
    Did this topic help you find an answer to your question?

    8 comments

    JonahMay
    Forum|alt.badge.img+11
    • JonahMay
    • Veeam Vanguard
    • 46 comments
    • February 27, 2024

    Hi Steve, I am not super familiar with the VB365 or M365 REST APIs, but I believe you are correct from the last time I was digging around in them.

     

    @Rin have you worked on anything like this before to provide input? 

    Jonah May - VMCA | Veeam Vanguard | Join the Veeam Community Hackathon @ https://veeamhackathon.com
    Chris.Childerhose
    jcolonfzenpr
    leduardoserrano
    3 people like this
    • Chris.Childerhose
      Chris.Childerhose
    • jcolonfzenpr
      jcolonfzenpr
    • leduardoserrano
      leduardoserrano
    JonahMay
    Forum|alt.badge.img+11
    • JonahMay
    • Veeam Vanguard
    • 46 comments
    • February 28, 2024

    @Steve.Bennett Have you tried this call yet? Looks like you can add a username filter and then get the user ID from the results.

     

    https://helpcenter.veeam.com/docs/vbo365/rest/reference/vbo365-rest.html?ver=70#tag/OrganizationUser/operation/OrganizationUser_Get

    Jonah May - VMCA | Veeam Vanguard | Join the Veeam Community Hackathon @ https://veeamhackathon.com
    leduardoserrano
    1 person likes this
    • leduardoserrano
      leduardoserrano
    Rin
    Forum|alt.badge.img+7
    • Rin
    • Product Strategy
    • 8 comments
    • Answer
    • February 28, 2024
    Steve.Bennett wrote:

    Is the User ID based off of the Azure ID?  Would I need a separate task that queries my O365 Instance and retrieves that?

    Sorry for the delay Steve. I normally work in the PS word so I had to fire up the lab and see how it worked in the API side. 

     

    The Entra ID is used for part of the user ID. The user ID is actually made up of 4 number sets with the beginning made of the domain name. Without the full set of IDs pulled using the get OrganizationUser the return will be “incorrect user ID format”.

    This was using the Organizational Users with a search on userName to get a specific result

    Then took that D into Organizations User to show how the ID looks in line

     

    Hope this helps out.

    RinBytes
    JonahMay
    leduardoserrano
    2 people like this
    • JonahMay
      JonahMay
    • leduardoserrano
      leduardoserrano
    S
    • Steve.Bennett
    • Author
    • Not a newbie anymore
    • 7 comments
    • March 4, 2024

    @Rin that helped a lot.  I modified my playbook and used the Organizations Users to grab my users.  However, I am getting inconsistent results and it’s sometimes returning a value of -1.  I know the email is correct and I can hard code userName instead of a variable and sometimes it will work.  I think its a timeout issue? Is there a way to speed up the query time? 

     

    leduardoserrano
    1 person likes this
    • leduardoserrano
      leduardoserrano
    Rin
    Forum|alt.badge.img+7
    • Rin
    • Product Strategy
    • 8 comments
    • March 5, 2024
    Steve.Bennett wrote:

    @Rin that helped a lot.  I modified my playbook and used the Organizations Users to grab my users.  However, I am getting inconsistent results and it’s sometimes returning a value of -1.  I know the email is correct and I can hard code userName instead of a variable and sometimes it will work.  I think its a timeout issue? Is there a way to speed up the query time? 

     

    When we query we have to run the query across the entire Microsoft 365 Org users. Microsoft APIs run the search on the back end so we don't really have a way to speed up that process. However you might be able to narrow the search plane with other parameters. 

    There is also a default limit of 30 items per server return. You can use the limit to try increasing or decreasing the number of items per page to see if that helps with speed or timeouts. Looks like this when I set it to 10

    As for users not being returned I had the best luck using the username without the domain name to get the userID needed. Microsoft changes the way they have added users to Microsoft over time so it could account for inconsistency with username and email through API. Or if it ends up being a timeout and the limit modification corrects the issues you can ignore this section.

     

    Here are all the parameters if you are interested in trying something out. 

     

    RinBytes
    leduardoserrano
    S
    2 people like this
    • leduardoserrano
      leduardoserrano
    • S
      Steve.Bennett
    S
    • Steve.Bennett
    • Author
    • Not a newbie anymore
    • 7 comments
    • March 5, 2024

    @Rin you are batting 1000 today!  I modified the parameters and moved them into the body of the ansible script. I tweaked the polling time and the limit value.  Funny thing was that I got more consistent results by including the domain name.

     

        - name: Get User ID
      ansible.builtin.uri:
        url: https://myveeamserver.com:4443/v7/Organizations/{{ veeam_org_id }}/Users
        headers:
          Authorization: "Bearer {{ veeam_token }}"
        body_format: "json"
        body:
         limit: "1"
         userName: "{{ user_email }}"
         locationFilter: "Cloud"
         dataSource: "PerferLocal"
        method: "GET"
        status_code: 200
      register: org_user_response
      async: 600 # Run time is 600 seconds
      poll: 30 # Check back every 30 seconds to see if job has completed

     

    Rin
    JonahMay
    leduardoserrano
    3 people like this
    • Rin
      Rin
    • JonahMay
      JonahMay
    • leduardoserrano
      leduardoserrano
    S
    • Steve.Bennett
    • Author
    • Not a newbie anymore
    • 7 comments
    • April 2, 2024

    Still Stuck.  I am still running into consistency errors in querying the UserID’s.  Does the User ID ever change?  Could I build a library/dictionary of userid by running a separate nightly process to build the dictionary of user id’s and then query that versus the entire Azure Directory?

    JonahMay
    Forum|alt.badge.img+11
    • JonahMay
    • Veeam Vanguard
    • 46 comments
    • April 3, 2024
    Steve.Bennett wrote:

    Still Stuck.  I am still running into consistency errors in querying the UserID’s.  Does the User ID ever change?  Could I build a library/dictionary of userid by running a separate nightly process to build the dictionary of user id’s and then query that versus the entire Azure Directory?

    That should be a unique identifier for each user and should remain static, based on my experience with some of Veeam’s other REST APIs.

    Jonah May - VMCA | Veeam Vanguard | Join the Veeam Community Hackathon @ https://veeamhackathon.com

    Comment


    Terms & Conditions