Directory Manager API - searching for a user

hcoleman · April 17, 2026, 3:14pm

Looking at the “Get a User” API Endpoint (https://demomachine:4443/GroupIDDataService/api/IdentityStores/{identityStoreId}/Users/{userIdentity}) it appears we need to know the objectGUID of the user in advance. How can we search for a user through an API call based on their name or email address in order to retrieve the objectGUID (userID entity)?

ali.irshad · April 17, 2026, 5:32pm

Hi Hunter,

Welcome to the community

Good question. I’m digging into this right now.

It looks like this may require doing a more general search via the API first to retrieve the user details, and then using that info (like the objectGUID) for the specific call. I’m going to validate this and put together some details.

I’ll share an update soon!

hcoleman · April 17, 2026, 7:13pm

Thank you!

ali.irshad · April 27, 2026, 9:54pm

Hi Hunter,

As promised, here are the details! You’re right that the GET /Users/{userIdentity} endpoint requires the objectGUID upfront. The solution is a two-step flow — search first, then fetch.

Step 1 — Search by name or email

POST https://yourserver/GroupIDDataService/api/IdentityStores/{identityStoreId}/Searches
Authorization: Bearer {token}
Content-Type: application/json

Search by email:

json

{
    "identityStoreId": 2,
    "searchType": 0,
    "sortBy": "displayName",
    "sortOrder": 0,
    "pageNo": 1,
    "pageSize": 10,
    "calculateTotal": true,
    "criteria": {
        "operator": "Is Exactly",
        "attribute": "mail",
        "value": "john.doe@company.com"
    },
    "attributesToLoad": ["displayName", "mail", "objectGUID", "sAMAccountName"]
}

Search by display name (partial match):

json

{
    "criteria": {
        "operator": "Contains",
        "attribute": "displayName",
        "value": "John"
    },
    "attributesToLoad": ["displayName", "mail", "objectGUID", "sAMAccountName"]
}

From the response, extract objectIdFromIdentityStore — that’s your objectGUID.

Step 2 — Get full user details

GET https://yourserver/GroupIDDataService/api/IdentityStores/{identityStoreId}/Users/{objectGUID}
Authorization: Bearer {token}

A couple of gotchas worth flagging:

sortOrder must be an integer (0 = Ascending, 1 = Descending) — passing "Ascending" as a string will return a 400 error
When getting your Bearer token, the client_id must be the Secret GUID from SVC.Client where ClientType = 'APIClient' — not the client name. This one isn’t obvious from the documentation

Hope that helps! Let me know if you run into any issues.

hcoleman · April 27, 2026, 10:36pm

Thank you Ali, this is very helpful.

derek.putnam · April 28, 2026, 1:34pm

If this works for you, please mark Ali’s reply as the solution! It’s this button under his reply:

Topic		Replies	Views
Directory Manager API Discussions & Questions groupid , api , directory-manager	11	239	August 22, 2025
Working on backup and restore scripts for Directory Manager Discussions & Questions powershell , directory-manager	13	183	November 22, 2025
Show the original location (path) in form of the OU in passwordlist Ideas password-secure , new , ideas	0	50	October 3, 2025
Link to an Organisational Unit (OU) - password list Ideas password-secure , new , ideas	1	34	September 25, 2025
NIM - How to view job changes via API Discussions & Questions api , identity-manager	1	23	May 7, 2026

Directory Manager API - searching for a user

Related topics