Using Fiddler to retrieve all of the users from a WAAD instance

The first step before you can submit any Graph request is to obtain an authorization token using the steps outlined in Using Fiddler to acquire a JWT ( JSON Web Token ) for use with the Graph API. Another way to retrieve an authorization token is to capture the fiddler traffic. For this exercise, follow the instructions provided in this blog post to request the token.

Once you have followed the steps in Using Fiddler to acquire a JWT ( JSON Web Token ) for use with the Graph API. Double click the HTTPS request in the session window to select the login request capture information.

clip_image001

In the response window, select “JSON” for the display format.

Copy the access_token property to the clipboard. You will need this information to add the token to the Authentication property of the header request. You can copy the access_token property to the clipboard by selecting the “access_token” property in the response windows and right click, Select “Copy” from the menu.

clip_image003

  • Select the “Composer” tab.
  • In the “Request Headers” section. Paste the access_token value from step 3.
  • Replace the string “access_token=” with “Authorization: Bearer”
  • Press the “end” key and add a new line to the header. Type “Content-Type: application/json” press enter, type “Host: graph.windows.net” press enter. The request header section will look similar to the following:

Authorization: Bearer eyJ0…Dsw
Content-Type: application/json
Host: graph.windows.net

  • Select “Get” from the command window.
  • Create an URL to retrieve users from a tenant. For example, if you want to retrieve all of the users from mlvdemo.onmicrosoft.com, the URL would be:

https://graph.windows.net/mlvdemo.onmicrosoft.com/users?api-version=2013-04-05

Place the URL into the URL edit box.

For this request, there will be nothing in the body. The “Composer” tab will look similar to the following:

clip_image005

Click the “Execute” button. If the request is formed properly and the tenant exists, then the response will contain all of the users in the tenant. You can view the users by double clicking the request in the session window.