azure-active-directorymicrosoft-graph-apiactive-directory-groupadgroup

How to create AD nested groups using GraphServiceClient c#?


Is it possible to create nested groups in Azure AD using Graph API client as:

enter image description here


Solution

  • You could use AdditionalData to add members in the step of creating groups in C#.

    The example creates a Security group with an owner and members specified. Note that a maximum of 20 relationships, such as owners and members, can be added as part of group creation.

    IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithTenantId(tenantID)
            .WithClientSecret(clientSecret)
            .Build();
    
    ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
    GraphServiceClient graphClient = new GraphServiceClient(authProvider);
    
    // Create group B and add members(user-id1 and user-id2)
    var additionalDataGroupB = new Dictionary<string, object>()
    {
        {"members@odata.bind", new List<string>()}
    };
    (additionalData["members@odata.bind"] as List<string>).Add("https://graph.microsoft.com/v1.0/users/{id1}");
    (additionalData["members@odata.bind"] as List<string>).Add("https://graph.microsoft.com/v1.0/users/{id2}");
    
    var groupB = new Group
    {
        Description = "Group B",
        DisplayName = "PamelaGroupB",
        GroupTypes = new List<String>()
        {
        },
        MailEnabled = false,
        MailNickname = "operations2019",
        SecurityEnabled = true,
        AdditionalData = additionalDataGroupB
    };
    
    Group groupBRequest = await graphClient.Groups.Request().AddAsync(groupB);
    string groupB_id = groupBRequest.Id;
    
    // Create group C
    ......
    string groupC_id = groupCRequest.Id;
    
    
    // Create group A and add members(groupB and groupC)
    var additionalDataGroupA = new Dictionary<string, object>()
    {
        {"members@odata.bind", new List<string>()}
    };
    (additionalData["members@odata.bind"] as List<string>).Add("https://graph.microsoft.com/v1.0/groups/" + groupB_id);
    (additionalData["members@odata.bind"] as List<string>).Add("https://graph.microsoft.com/v1.0/groups/" + groupC_id);
    
    var groupA = new Group
    {
        Description = "Group A",
        DisplayName = "PamelaGroupA",
        GroupTypes = new List<String>()
        {
        },
        MailEnabled = false,
        MailNickname = "XXXXX",
        SecurityEnabled = true,
        AdditionalData = additionalDataGroupA
    };
    
    await graphClient.Groups.Request().AddAsync(groupA);