title | description | ms.localizationpriority | author | ms.subservice | doc_type |
---|---|---|---|---|---|
Get member objects |
Return all the groups, administrative units, and directory roles that a user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
medium |
keylimesoda |
entra-directory-management |
apiPageType |
Namespace: microsoft.graph
Return all IDs for the groups, administrative units, and directory roles that a user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.
Note: Only users and role-enabled groups can be members of directory roles.
[!INCLUDE national-cloud-support]
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Directory.Read.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Directory.Read.All |
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | User.Read, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Directory.Read.All, Directory.ReadWrite.All |
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Device.Read.All, Directory.Read.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Device.Read.All, Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
Memberships for a directory object
POST /directoryObjects/{id}/getMemberObjects
Memberships for a user
POST /me/getMemberObjects
POST /users/{id | userPrincipalName}/getMemberObjects
Memberships for a group
POST /groups/{id}/getMemberObjects
Memberships for a service principal
POST /servicePrincipals/{id}/getMemberObjects
Memberships for an organizational contact
POST /contacts/{id}/getMemberObjects
Memberships for a device
POST /devices/{id}/getMemberObjects
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Content-Type | application/json |
In the request body, provide a JSON object with the following parameters.
Parameter | Type | Description |
---|---|---|
securityEnabledOnly | Boolean | true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups, administrative units, and directory roles that the entity is a member of should be returned. |
If successful, this method returns 200 OK
response code and String collection object in the response body.
POST https://graph.microsoft.com/v1.0/directoryObjects/{object-id}/getMemberObjects
Content-type: application/json
{
"securityEnabledOnly": true
}
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
"value": [
"fee2c45b-915a-4a64-b130-f4eb9e75525e",
"4fe90ae7-065a-478b-9400-e0a0e1cbd540",
"c9ee2d50-9e8a-4352-b97c-4c2c99557c22",
"e0c3beaf-eeb4-43d8-abc5-94f037a65697"
]
}