| title | directoryObject: checkMemberObjects |
|---|---|
| description | Check for membership in a list of groups, administrative units, or directory roles for the specified user, group, service principal, organizational contact, device, or directory object. |
| ms.localizationpriority | medium |
| author | yyuank |
| ms.reviewer | iamut |
| ms.subservice | entra-users |
| doc_type | apiPageType |
| ms.date | 10/22/2024 |
| ms.custom | sfi-ga-nochange |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified
This method is transitive.
[!INCLUDE national-cloud-support]
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Directory.Read.All | Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Directory.Read.All | Directory.ReadWrite.All |
Note
The Directory.* permissions allow you to retrieve any supported directory object type via this API. To retrieve only a specific type, you can use permissions specific to the resource.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | User.Read | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Not supported. | Not supported. |
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | User.ReadBasic.All and GroupMember.Read.All | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | User.ReadBasic.All and GroupMember.Read.All | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | GroupMember.Read.All | Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | GroupMember.Read.All | Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Application.Read.All | Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Application.Read.All | Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Directory.Read.All | Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Directory.Read.All | Directory.ReadWrite.All |
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Device.Read.All | Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Device.Read.All | Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
Memberships for a directory object.
POST /directoryObjects/{id}/checkMemberObjectsMemberships for the signed-in user.
POST /me/checkMemberObjects
POST /users/{id | userPrincipalName}/checkMemberObjects[!INCLUDE me-apis-sign-in-note]
Memberships for other users.
POST /users/{id | userPrincipalName}/checkMemberObjectsMemberships for a group.
POST /groups/{id}/checkMemberObjectsMemberships for a service principal.
POST /servicePrincipals/{id}/checkMemberObjectsMemberships for an organizational contact.
POST /contacts/{id}/checkMemberObjectsMemberships for a device.
POST /devices/{id}/checkMemberObjects| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json |
In the request body, provide a JSON object with the following parameters.
| Parameter | Type | Description |
|---|---|---|
| ids | String collection | A collection that contains the object IDs of the groups, directory roles, administrative units, or roleTemplate IDs of directory roles, in which to check membership. Up to 20 objects may be specified. |
If successful, this method returns a 200 OK response code and a new String collection object in the response body.
The following is an example of how to call this API.
The following example shows a request.
POST https://graph.microsoft.com/beta/me/checkMemberObjects
Content-type: application/json
{
"ids": [
"80a963dd-84af-4eb8-b2a6-781e444d4fb0",
"62e90394-69f5-4237-9190-012177145e10",
"86a64f51-3a64-4cc6-a8c8-6b8f000c0f52",
"ac38546e-ddf3-437a-ac5c-27a94cd7a0f1"
]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"value": [
"80a963dd-84af-4eb8-b2a6-781e444d4fb0",
"62e90394-69f5-4237-9190-012177145e10"
]
}