CRichard-3658 avatar image
0 Votes"
CRichard-3658 asked DanKershaw-5643 commented

Unable to get display names (sAMAccountName) of groups from Graph API call

I have a working Azure app that gives me the group names when I call

However, I have tried to recreate the app several times, and checked all settings in App Registrations and Enterprise Applications to match the original app - but can never get the group names in the new apps (created in the last 24 hours).

API Permissions:
- Group.Read.All
- GroupMember.Read.All
- User.Read

App is created using these steps
- App registrations, add, Single tenant
- Quickstart, Mobile and desktop applications, Desktop, Make this change for me
- Token configuration, Add groups claim, Security groups, set all to sAMAccountName
- API Permissions, add Group.Read.All and GroupMember.Read.All
- Permission granted using “Grant admin consent for Default Directory”

Any clues would be much appreciated.

FYI fragment of group result that I get

         "": "",
         "id": "12345678-c7cf-4796-92a2-df844feb5eee",
         "deletedDateTime": null,
         "classification": null,
         "createdDateTime": null,
         "creationOptions": [],
         "description": null,
         "displayName": null,       <<<<<<<<<< why is this null???

· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you get any infomation about your groups from this api ( in Microsoft Graph Explorer and find your group id 12345678-c7cf-4796-92a2-df844feb5eee?

0 Votes 0 ·

I went to Microsoft Graph Explorer
Signed into two actual accounts (both members of (verified)
- one of them shows the group IDs and display names
- the other shows ONLY group IDs with NO display names (null)

I am not sure what is happening here.
Even using the account that shows display names
- using clientID for Azure app 1 - display names are returned
- using clientID for Azure app 2,3,4,5.. - display names are not returned

I cannot for the life of me remember what I did differently with app #1 in the past, but the group display names are showing, whatever account I use to log in using Microsoft.Identity.Client.Desktop flow.

Note: The group id above has some alphanumerics replaced, so it's not real

0 Votes 0 ·

Did you create this group in Azure AD? Can you tell us what the difference between these two accounts? You can try to add Directory.Read.All permission in your application.

0 Votes 0 ·
Show more comments

Hi @CRichard-3658 Since you are using third part account, you can create a support ticket here to ask for help. Thanks.

0 Votes 0 ·

@CRichard-3658 sorry for the late response.
This really looks like your client app does not have permissions to read group details, and hence you are getting a security trimmed response. See
We can more easily confirm this if you supply the client-request-id and timestamp for the cases where the response only contains the id value (and the rest of the property values are null).

0 Votes 0 ·

0 Answers