Solved

Veeam M365 & Ansible

  • 27 February 2024
  • 8 comments
  • 127 views

Userlevel 3

I need some help.  I am trying to automate my Employee Offboarding using ansible by creating a backup job that will do a final backup of the user’s mailbox, archive, teams, teams chat and personal site.  Then restore it to an offsite File Share for long term storage.  I’m using the REST API and I can query my Veeam server for Org ID, Repository ID, etc.  However, I can not create a job.  I think it is because I can list the user ID in the task.  Is the User ID based off of the Azure ID?  Would I need a separate task that queries my O365 Instance and retrieves that?

icon

Best answer by Rin 28 February 2024, 19:59

View original

8 comments

Userlevel 6
Badge +10

Hi Steve, I am not super familiar with the VB365 or M365 REST APIs, but I believe you are correct from the last time I was digging around in them.

 

@Rin have you worked on anything like this before to provide input? 

Userlevel 6
Badge +10

@Steve.Bennett Have you tried this call yet? Looks like you can add a username filter and then get the user ID from the results.

 

https://helpcenter.veeam.com/docs/vbo365/rest/reference/vbo365-rest.html?ver=70#tag/OrganizationUser/operation/OrganizationUser_Get

Userlevel 4
Badge +6

Is the User ID based off of the Azure ID?  Would I need a separate task that queries my O365 Instance and retrieves that?

Sorry for the delay Steve. I normally work in the PS word so I had to fire up the lab and see how it worked in the API side. 

 

The Entra ID is used for part of the user ID. The user ID is actually made up of 4 number sets with the beginning made of the domain name. Without the full set of IDs pulled using the get OrganizationUser the return will be “incorrect user ID format”.

This was using the Organizational Users with a search on userName to get a specific result

Then took that D into Organizations User to show how the ID looks in line

 

Hope this helps out.

Userlevel 3

@Rin that helped a lot.  I modified my playbook and used the Organizations Users to grab my users.  However, I am getting inconsistent results and it’s sometimes returning a value of -1.  I know the email is correct and I can hard code userName instead of a variable and sometimes it will work.  I think its a timeout issue? Is there a way to speed up the query time? 

 

Userlevel 4
Badge +6

@Rin that helped a lot.  I modified my playbook and used the Organizations Users to grab my users.  However, I am getting inconsistent results and it’s sometimes returning a value of -1.  I know the email is correct and I can hard code userName instead of a variable and sometimes it will work.  I think its a timeout issue? Is there a way to speed up the query time? 

 

When we query we have to run the query across the entire Microsoft 365 Org users. Microsoft APIs run the search on the back end so we don't really have a way to speed up that process. However you might be able to narrow the search plane with other parameters. 

There is also a default limit of 30 items per server return. You can use the limit to try increasing or decreasing the number of items per page to see if that helps with speed or timeouts. Looks like this when I set it to 10

As for users not being returned I had the best luck using the username without the domain name to get the userID needed. Microsoft changes the way they have added users to Microsoft over time so it could account for inconsistency with username and email through API. Or if it ends up being a timeout and the limit modification corrects the issues you can ignore this section.

 

Here are all the parameters if you are interested in trying something out. 

 

Userlevel 3

@Rin you are batting 1000 today!  I modified the parameters and moved them into the body of the ansible script. I tweaked the polling time and the limit value.  Funny thing was that I got more consistent results by including the domain name.

 

    - name: Get User ID
ansible.builtin.uri:
url: https://myveeamserver.com:4443/v7/Organizations/{{ veeam_org_id }}/Users
headers:
Authorization: "Bearer {{ veeam_token }}"
body_format: "json"
body:
limit: "1"
userName: "{{ user_email }}"
locationFilter: "Cloud"
dataSource: "PerferLocal"
method: "GET"
status_code: 200
register: org_user_response
async: 600 # Run time is 600 seconds
poll: 30 # Check back every 30 seconds to see if job has completed

 

Userlevel 3

Still Stuck.  I am still running into consistency errors in querying the UserID’s.  Does the User ID ever change?  Could I build a library/dictionary of userid by running a separate nightly process to build the dictionary of user id’s and then query that versus the entire Azure Directory?

Userlevel 6
Badge +10

Still Stuck.  I am still running into consistency errors in querying the UserID’s.  Does the User ID ever change?  Could I build a library/dictionary of userid by running a separate nightly process to build the dictionary of user id’s and then query that versus the entire Azure Directory?

That should be a unique identifier for each user and should remain static, based on my experience with some of Veeam’s other REST APIs.

Comment