Get member groups
Namespace: microsoft.graph
Return all the groups that the specified user, group, or directory object is a member of. This function is transitive.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All |
Delegated (personal Microsoft account) | Not supported. |
Application | User.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All |
Use the follow scenario guidance to help determine which permission types to use:
- Use User.Read and GroupMember.Read.All or User.Read and Group.Read.All permissions to get group memberships for the signed-in user.
- Use User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All or User.Read.All and Group.Read.All permissions to get group memberships for any user.
- Use GroupMember.Read.All or Group.Read.All permission to get group memberships for a group.
- Use Directory.Read.All permission to get group memberships for a directory object.
HTTP request
POST /me/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberGroups
POST /groups/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberGroups
Request headers
Name | Type | Description |
---|---|---|
Authorization | string | Bearer {token}. Required. |
Content-Type | string | application/json |
Request body
In the request body, provide a JSON object with the following parameters.
Parameter | Type | Description |
---|---|---|
securityEnabledOnly | Boolean | true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned. Note: The function can only be called on a user if the parameter is true. |
Response
If successful, this method returns 200 OK
response code and String collection object in the response body.
Example
Request
POST https://graph.microsoft.com/v1.0/directoryObjects/{object-id}/getMemberGroups
Content-type: application/json
{
"securityEnabledOnly": true
}
Response
Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
"value": [
"fee2c45b-915a-4a64-b130-f4eb9e75525e",
"4fe90ae7-065a-478b-9400-e0a0e1cbd540",
"e0c3beaf-eeb4-43d8-abc5-94f037a65697"
]
}