Get member objects

Returns all the groups and directory roles that a user, group, or directory object is a member of. This function is transitive.

Note: Only users can be members of directory roles.

Prerequisites

One of the following scopes are required to execute this API: - User.Read.All AND Group.Read.All - Directory.Read.All

Note: Permission scopes are listed in least privilege required order.

HTTP request

POST /me/getMemberObjects
POST /users/{id | userPrincipalName}/getMemberObjects
POST /groups/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberObjects

Request headers

Name Type Description
Authorization string Bearer . Required.
Content-Type application/json  

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
securityEnabledOnly Boolean true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned. Note: The function can only be called on a user if the parameter is true.

Response

If successful, this method returns 200, OK response code and String collection object in the response body.

Example

Request
POST https://graph.microsoft.com/v1.0/me/getMemberObjects
Content-type: application/json

{
  "securityEnabledOnly": true
}
Response

Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "fee2c45b-915a-4a64-b130-f4eb9e75525e",
        "4fe90ae7-065a-478b-9400-e0a0e1cbd540",
        "c9ee2d50-9e8a-4352-b97c-4c2c99557c22",
        "e0c3beaf-eeb4-43d8-abc5-94f037a65697"
    ]
}