Get member groups

11/15/2019
2 minutes to read
- +2

Return all the groups that the specified user, group, or directory object is a member of. This function is transitive.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All
Delegated (personal Microsoft account)	Not supported.
Application	User.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All

Use the follow scenario guidance to help determine which permission types to use:

Use User.Read and GroupMember.Read.All or User.Read and Group.Read.All permissions to get group memberships for the signed-in user.
Use User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All or User.Read.All and Group.Read.All permissions to get group memberships for any user.
Use GroupMember.Read.All or Group.Read.All permission to get group memberships for a group.
Use Directory.Read.All permission to get group memberships for a directory object.

HTTP request

POST /me/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberGroups
POST /groups/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberGroups

Request headers

Name	Type	Description
Authorization	string	Bearer {token}. Required.
Content-Type	string	application/json

Request body

In the request body, provide a JSON object with the following parameters.

Parameter	Type	Description
securityEnabledOnly	Boolean	true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned. Note: The function can only be called on a user if the parameter is true.

Response

If successful, this method returns 200 OK response code and String collection object in the response body.

Example

Request

POST https://graph.microsoft.com/v1.0/directoryObjects/{object-id}/getMemberGroups
Content-type: application/json

{
  "securityEnabledOnly": true
}


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var securityEnabledOnly = true;

await graphClient.DirectoryObjects["{object-id}"]
	.GetMemberGroups(securityEnabledOnly)
	.Request()
	.PostAsync();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.


const options = {
	authProvider,
};

const client = Client.init(options);

const string = {
  securityEnabledOnly: true
};

let res = await client.api('/directoryObjects/{object-id}/getMemberGroups')
	.post(string);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.


MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];

NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/directoryObjects/{object-id}/getMemberGroups"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];

NSMutableDictionary *payloadDictionary = [[NSMutableDictionary alloc] init];

BOOL securityEnabledOnly = YES;
payloadDictionary[@"securityEnabledOnly"] = securityEnabledOnly;

NSData *data = [NSJSONSerialization dataWithJSONObject:payloadDictionary options:kNilOptions error:&error];
[urlRequest setHTTPBody:data];

MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest 
	completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {

		//Request Completed

}];

[meDataTask execute];

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.


IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

boolean securityEnabledOnly = true;

graphClient.directoryObjects("{object-id}")
	.getMemberGroups(securityEnabledOnly)
	.buildRequest()
	.post();

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Response

Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "fee2c45b-915a-4a64-b130-f4eb9e75525e",
        "4fe90ae7-065a-478b-9400-e0a0e1cbd540",
        "e0c3beaf-eeb4-43d8-abc5-94f037a65697"
    ]
}

Get member groups

Permissions

HTTP request

Request headers

Request body

Response

Example

Request

Response

Is this page helpful?

Feedback

Send feedback about this page

Is this page helpful?