question

CRichard-3658 avatar image
0 Votes"
CRichard-3658 asked DanKershaw-5643 commented

Unable to get display names (sAMAccountName) of groups from Graph API call

I have a working Azure app that gives me the group names when I call
https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group

However, I have tried to recreate the app several times, and checked all settings in App Registrations and Enterprise Applications to match the original app - but can never get the group names in the new apps (created in the last 24 hours).

API Permissions:
- Group.Read.All
- GroupMember.Read.All
- User.Read

App is created using these steps
- App registrations, add, Single tenant
- Quickstart, Mobile and desktop applications, Desktop, Make this change for me
- Token configuration, Add groups claim, Security groups, set all to sAMAccountName
- API Permissions, add Group.Read.All and GroupMember.Read.All
- Permission granted using “Grant admin consent for Default Directory”

Any clues would be much appreciated.

FYI fragment of group result that I get

         "@odata.id": "https://graph.microsoft.com/v2/5ed71832-327b-4b98-b68a-6c54ff1717c0/directoryObjects/2f95e1d3-c7cf-4796-92a2-df844feb52d0/Microsoft.DirectoryServices.Group",
         "id": "12345678-c7cf-4796-92a2-df844feb5eee",
         "deletedDateTime": null,
         "classification": null,
         "createdDateTime": null,
         "creationOptions": [],
         "description": null,
         "displayName": null,       <<<<<<<<<< why is this null???

microsoft-graph-groups
· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you get any infomation about your groups from this api (https://graph.microsoft.com/v1.0/me/transitiveMemberOf) in Microsoft Graph Explorer and find your group id 12345678-c7cf-4796-92a2-df844feb5eee?

0 Votes 0 ·

I went to Microsoft Graph Explorer
Signed into two actual accounts (both members of @mydomainname.online (verified)
- one of them shows the group IDs and display names
- the other shows ONLY group IDs with NO display names (null)

I am not sure what is happening here.
Even using the account that shows display names
- using clientID for Azure app 1 - display names are returned
- using clientID for Azure app 2,3,4,5.. - display names are not returned

I cannot for the life of me remember what I did differently with app #1 in the past, but the group display names are showing, whatever account I use to log in using Microsoft.Identity.Client.Desktop flow.

Note: The group id above has some alphanumerics replaced, so it's not real



0 Votes 0 ·

Did you create this group in Azure AD? Can you tell us what the difference between these two accounts? You can try to add Directory.Read.All permission in your application.

0 Votes 0 ·
Show more comments

Hi @CRichard-3658 Since you are using third part account, you can create a support ticket here to ask for help. Thanks.

0 Votes 0 ·

@CRichard-3658 sorry for the late response.
This really looks like your client app does not have permissions to read group details, and hence you are getting a security trimmed response. See https://docs.microsoft.com/en-us/graph/permissions-reference?context=graph%2Fapi%2F1.0&view=graph-rest-1.0#limited-information-returned-for-inaccessible-member-objects.
We can more easily confirm this if you supply the client-request-id and timestamp for the cases where the response only contains the id value (and the rest of the property values are null).

0 Votes 0 ·

0 Answers