This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 94%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hi,
I'm trying to use the Graph API to create/update/delete groups and also add/remove members to groups and I was facing permission issues to remove a user from a group.
I'm using this (https://learn.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0&tabs=http) on my sandbox AAD and I tried adding different permissions from least to most privileged, but nothing worked.
So I decided to use my global admin user to test the same call, and the user was completed deleted instead of being removed from the group. I was able to restore the user from "Deleted users" and then repeat the tests again.
I've shared the verbose output from my most recent call.
INFO: Request URL: 'https://graph.microsoft.com/v1.0/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/members/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/'
INFO: Request method: 'DELETE'
INFO: Request headers:
INFO: 'User-Agent': 'python/3.10.0 (Linux-5.14.18-300.fc35.x86_64-x86_64-with-glibc2.34) AZURECLI/2.30.0 (PIP)'
INFO: 'Accept-Encoding': 'gzip, deflate'
INFO: 'Accept': '/'
INFO: 'Connection': 'keep-alive'
INFO: 'Content-Type': 'application/json'
INFO: 'x-ms-client-request-id': '510024b8-49c5-4864-9a79-cb519494b7df'
INFO: 'CommandName': 'rest'
INFO: 'ParameterSetName': '--method --url --headers --body --verbose'
INFO: 'Authorization': 'Bearer xxxxxxxxxxxxx...'
INFO: 'Content-Length': '102'
INFO: Request body:
INFO: {"@odata.id":"https://graph.microsoft.com/v1.0/directoryObjects/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
INFO: Response status: 204
INFO: Response headers:
INFO: 'Date': 'Tue, 30 Nov 2021 15:06:03 GMT'
INFO: 'Content-Length': '0'
INFO: 'Cache-Control': 'no-cache'
INFO: 'Strict-Transport-Security': 'max-age=31536000'
INFO: 'request-id': '9758aaf9-bbf5-4056-aa79-aaf4ef9549e3'
INFO: 'client-request-id': '9758aaf9-bbf5-4056-aa79-aaf4ef9549e3'
INFO: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"AM4PEPF00012FF6"}}'
INFO: 'x-ms-resource-unit': '1'
INFO: Response content:
INFO:
INFO: Command ran in 0.532 seconds (init: 0.099, invoke: 0.432)
Let me know if you need more details or if I'm doing something wrong.
I also found this to be similar to my situation https://powerusers.microsoft.com/t5/Connecting-To-Data/Using-graph-API-to-remove-member-works-unexpected/m-p/931788 , so I rechecked my call.
I'm using the /$ref at the end, atleast thats what my CLI input shows
az rest --method DELETE --url "https://graph.microsoft.com/v1.0/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/members/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/$ref" --headers Content-Type=application/json --body '{"@odata.id":"https://graph.microsoft.com/v1.0/directoryObjects/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}' --verbose
Welp. My own comment hinted at the problem.
The $ref was being looked up by shell during execution as an environment variable and was being replaced with blank effectively removing the $ref at the end.
Enclosing the url in single quotes fixed my problem.
@Mohana Arunachalam Srinivasan ,
We appreciate your use of the Microsoft Q&A forum and for sharing your findings here, which will assist others who encounter a similar issue in the future.