user: getMemberObjects

Return all of the groups, directory roles and administrative units that the user is a member of. The check is transitive.


One of the following scopes is required to execute this API: Directory.Read.All; Directory.ReadWrite.All; Directory.AccessAsUser.All

HTTP request

POST /users/{id | userPrincipalName}/getMemberObjects

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
securityEnabledOnly Boolean true to specify that only security groups that the user is a member of should be returned; false to specify that all groups that the user is a member of should be returned. Note: Setting this parameter to true is only supported when calling this method on a user.


If successful, this method returns 200, OK response code and String collection in the response body that contains the IDs of the groups and directory roles that the user is a member of.


Here is an example of how to call this API.


Here is an example of the request.

Content-type: application/json
Content-length: 33

  "securityEnabledOnly": true

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 39

  "value": [