azure-active-directorymicrosoft-graph-api

Retrieve all Users from all Groups?


Is it possible to see all of the Groups and all of the Users inside those Groups using Microsoft Graph? I don't see anything like that in the documentation.

When calling:

https://graph.microsoft.com/v1.0/groups/

I get the information about my Groups but I don't see any information about the Users in those Groups.

I have also tried calling:

https://graph.microsoft.com/v1.0/{{userID}}/memberOf

and I get the following error:

{
  "error": {
    "code": "BadRequest",
    "message": "Resource not found for the segment 'memberOf'.",
    "innerError": {
      "request-id": "13488c8e-124f-4161-ad2b-1dc03a302dc9",
      "date": "2019-03-18T16:13:23"
    }
  }
}

Not sure why or if it's even related.

I granted the Service Principal all of the Microsoft Graph permissions.


Solution

  • I see 2 possible approaches that you could work with -

    1. Make use of $expand operator in the call for groups.

      GET https://graph.microsoft.com/v1.0/groups?$expand=members

      This way you could get information about groups and it's members in a single call. Here's a link to Microsoft documentation on $expand parameter

      Disclaimer: Microsoft Docs for expand parameter have a note which says something like

      With Azure AD resources that derive from directoryObject, like user and group, $expand is only supported for beta and typically returns a maximum of 20 items for the expanded relationship.

      Although, above mentioned query, which uses v1.0 did work fine for me at least from Graph explorer with a low number of group members. So you may need to test further.

    2. Find members for each group individually

      In this approach you can use List Members API

       GET https://graph.microsoft.com/v1.0/groups/{id}/members
      

    Permissions required for each API are pretty well described in their respective documentation on Microsoft Docs links.