Get Users in Group from Azure AD via Microsoft Graph
Getting the membership for a single Group can be done using $expand. For example, running the following query in Graph Explorer will return the Group HRTaskforce and all of it's members:
https://graph.microsoft.com/v1.0/groups/02bd9fd6-8f93-4758-87c3-1fb73740a315?$expand=members
Using the .NET Client SDK, you could do something like this:
var groupAndMembers = await _tokenService.Token.GetGraphServiceClient()
.Groups["02bd9fd6-8f93-4758-87c3-1fb73740a315"]
.Request()
.Expand("members")
.GetAsync();
var usersInGroup = groupAndMembers.Members.ToList();
One aside, all of the documentation you linked to is from the Azure AD Graph API. Please note that this is a different API and it is not always safe to assume that resources and methods from Azure AD Graph will be available (or work the same way) as Microsoft Graph
Related videos on Youtube
04 : 04
03 : 55
16 : 44
10 : 37
19 : 09
07 : 10
02 : 17
Admin
Updated on September 02, 2022Comments
-
Admin over 1 year
I'm requesting a list of users from AzureAD via Microsoft Graph.
I get the User objects back, but their MemberOf property is always null.
I thought I could use Expand to request that property specifically, and while it causes no error it also doesn't populate the property.
This question and answer from mid-2016 suggests this functionality was in beta at that time, and I thought it would have graduated to the production API by now?
var allUsers = await graphClient .Users .Request() .Expand("memberOf") .GetAsync(); var usersInGroup = allUsers .Where(user => user.MemberOf.Any(memberOf => memberOf.Id.Equals(groupId, StringComparison.OrdinalIgnoreCase))) .ToList();(I've tried expanding "memberOf" and "MemberOf".)
I can retrieve a list of members via the Group.
But that returns a list of IDs, so I'd have to make two requests instead of just the one.
var groupMembers = await graphClient .Groups[groupId] .Members .Request() .GetAsync(); var groupMemberIds = groupMembers .Select(groupMember => groupMember.Id) .ToList(); var allUsers = await graphClient .Users .Request() .GetAsync(); var usersInGroup = allUsers .Where(user => groupMemberIds.Contains(user.Id)) .ToList();If getting the IDs belonging to the Group, and then filtering the Users is the correct way then that's fine, I'll go with that.
Ideally I'd like to make a single request to retrieve the User objects and have the filtering done server side.
e.g.
var usersInGroup = await graphClient .Users .Request() .Filter($"memberOf eq {groupId}") .GetAsync();Obviously that filter won't work, but something like that would be ideal.
(It was pointed out that I have been linking to the wrong set of documentation, so I've stripped out those links to prevent confusion for future readers)
-
Admin about 6 yearsI just gave that query a try and it it does exactly what I want, thank you. Unfortunately when searching for resources on this subject it's very easy to end up in the wrong place. e.g. searching for "microsoft graph get users in group" with google gives me a link to an irrelevant page in the MS Graph docs, and the next few links are for the AzureAD docs. Bing is similar, the top results all link to the Azure AD docs. Evidently I need to pay a lot more attention to where I'm landing.
-
Marc LaFleur about 6 yearsI've long ago accepted that I can't fix how Google or Bing think (there is a joke in there somewhere). Personally, I search for API docs using the GitHub repo before going broader. This helps limit the scope to only Graph topics and often times there are extra nuggets that surface from GitHub Issues. The repo is located at github.com/microsoftgraph/microsoft-graph-docs
-
Admin about 6 yearsThanks for the tip, that will be useful from this point onwards. I sometimes use site limited searches, often when I only want Stack Overflow results, so I'm a tad dismayed it hadn't occurred to me to try it in this case. I wouldn't have thought to limit it to the documentation repository though, that is a very valuable approach.
