user: getMemberObjects

Return all of the groups, directory roles and administrative units that the user is a member of. The check is transitive.

Prerequisites

One of the following scopes is required to execute this API: Directory.Read.All; Directory.ReadWrite.All; Directory.AccessAsUser.All

HTTP request

POST /users/{id | userPrincipalName}/getMemberObjects

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
securityEnabledOnly Boolean true to specify that only security groups that the user is a member of should be returned; false to specify that all groups and directory roles that the user is a member of should be returned. Note: Setting this parameter to true is only supported when calling this method on a user.

Response

If successful, this method returns 200, OK response code and String collection in the response body that contains the IDs of the groups and directory roles that the user is a member of.

Example

Here is an example of how to call this API.

Request

Here is an example of the request.

POST https://graph.microsoft.com/v1.0/me/getMemberObjects
Content-type: application/json
Content-length: 33

{
  "securityEnabledOnly": true
}
Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 39

{
  "value": [
    "string-value"
  ]
}