All geek questions in one place

Get membership groups in Azure AD Graph Helper

I use the Graph API to query my Azure Active Directory, using the Microsoft.WindowsAzure.ActiveDirectory.GraphHelper project as the base for my queries.

In the specific use case, I have a group that contains several hundred users, as well as several groups. I am looking to download group members of this parent group. I tried to request the loading of the members property:

 DirectoryService.LoadProperty(school, "members");

I get only 100 results, all of which are users (again, in the group of more than 100 users).
I tried to execute DataServiceQuery , but does not support such an operation:

 var groups = DirectoryService.groups; Group parentGroup = DirectoryService.groups.Where(it => (it.objectId == parentGroupId)).SingleOrDefault(); groups = (DataServiceQuery<Group>)groups.Where(group => group.memberOf.Contains(parentGroup));

In the third line, it does not work there that the expression is not supported.

Currently, the only solution I can think of is to load ALL groups, run LoadPropert(entity, 'memberOf', null) for each of them, and then check each of them if it is a member of parentGroup (in fact, one of several such parent groups). note. I put null in the continuationToken space since these groups should only be members of the same parent group.

It is terribly inefficient, but I cannot find another way!
Is there any other way to do what I'm trying to do?

+6
source share
2 answers

The AAD Graph API now returns 100 elements per page. If the request you make contains more than one data page, the response will contain a link to the next data page. From Supported Queries, Filters, and Paging Options in the Azure AD API :

The response containing the paged results will include a skip token (odata.nextLink), which allows you to get the next page of results.

The easiest way to see this is to log in as a user of the https://graphexplorer.cloudpp.net directory. Then do a simple get:

 https://graph.windows.net/<your.domain.name>/users

Since you have over 100 users, if you scroll down to the end, you will see the odata.nextLink property. If you copy the contents of this property and use it in the next request, you will get the following page. Continuing this example, the following query will look something like this:

 https://graph.windows.net/<your.domain.name>/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User?$skiptoken=X'4453...

I notice that you are using the legacy Microsoft.WindowsAzure.ActiveDirectory.GraphHelper helper library. Instead, you should use the new (and supported) Graph API client library: Microsoft.Azure.ActiveDirectory.GraphClient ( NuGet ). The following code snippet extracts all members of the group and displays only the display name of the Group objects:

 // Fetch group member objects IGroupFetcher groupFetcher = (IGroupFetcher)parentGroup; IPagedCollection<IDirectoryObject> members = groupFetcher.Members.ExecuteAsync().Result; // Iterate over each page keep only the Groups do { List<IDirectoryObject> directoryObjects = members.CurrentPage.ToList(); foreach (IDirectoryObject member in directoryObjects) { if (member is Group) { Group group = member as Group; Console.WriteLine("Group: {0}", group.DisplayName); } } members = members.MorePagesAvailable ? members = members.GetNextPageAsync().Result : null; } while (members != null);
+12
source

Please check out our latest github examples. Sample: https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet has many examples of graph API calls through the latest client chart library, including getting group memberships (as Philip shows above)

+2
source

Source: https://habr.com/ru/post/978452/

More articles:


All Articles