Get member objects

Returns all the groups, administrative units and directory roles that a user, group, service principals or directory object is a member of. This function is transitive.

Note: Only users can be members of directory roles.


One of the following scopes are required to execute this API: Directory.Read.All

HTTP request

POST /me/getMemberObjects
POST /users/{id | userPrincipalName}/getMemberObjects
POST /groups/{id}/getMemberObjects
POST /servicePrincipals/{id}/getMemberObjects
POST /directoryObjects/{id}/getMemberObjects

Request headers

Name Type Description
Authorization string Bearer {token}. Required.
Content-Type application/json  

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
securityEnabledOnly Boolean true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned. Note: The function can only be called on a user if the parameter is true.


If successful, this method returns 200, OK response code and String collection object in the response body.


Content-type: application/json

  "securityEnabledOnly": true

Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json

    "@odata.context": "$metadata#Collection(Edm.String)",
    "value": [