user: getMemberObjects

  • 2 minutes to read
  • Contributors
    • Dan Kershaw [MSFT]
    • Jeremy Thake (Microsoft)
    • Office GSX

Return all of the groups, directory roles and administrative units that the user is a member of. The check is transitive.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Directory.Read.All, Directory.ReadWrite.All

HTTP request

POST /users/{id | userPrincipalName}/getMemberObjects

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
securityEnabledOnly Boolean true to specify that only security groups that the user is a member of should be returned; false to specify that all groups and directory roles that the user is a member of should be returned. Note: Setting this parameter to true is only supported when calling this method on a user.

Response

If successful, this method returns 200 OK response code and String collection in the response body that contains the IDs of the groups and directory roles that the user is a member of.

Example

Here is an example of how to call this API.

Request

Here is an example of the request.

POST https://graph.microsoft.com/v1.0/me/getMemberObjects
Content-type: application/json
Content-length: 33

{
  "securityEnabledOnly": true
}
Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 39

{
  "value": [
    "string-value"
  ]
}