Skip to content

serviceprincipal-list-memberof.md

Latest commit

 

History

History
313 lines (241 loc) · 8.96 KB

serviceprincipal-list-memberof.md

File metadata and controls

313 lines (241 loc) · 8.96 KB
title List servicePrincipal memberOf
description Get the groups and directory roles that this service principal is a direct member of. This operation isn't transitive.
ms.localizationpriority high
doc_type apiPageType
ms.subservice entra-applications
author Jackson-Woods
ms.date 06/22/2024

List servicePrincipal memberOf

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Get the groups and directory roles that this servicePrincipal is a direct member of. This operation isn't transitive.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE limited-info]

HTTP request

GET /servicePrincipals/{id}/memberOf

Optional query parameters

This method supports the $filter, $count, $select, $search, $top OData query parameters to help customize the response.

  • OData cast is also enabled.
  • $search is supported on the displayName and description properties only.
  • The default and maximum page size is 100 and 999 objects respectively.
  • The use of query parameters with this API is supported only with advanced query parameters. For more information, see Advanced query capabilities on directory objects.

Request headers

Name Type Description
Authorization string Bearer {token}. Required. Learn more about authentication and authorization.
ConsistencyLevel eventual. This header and $count are required when using the $search, $filter, $orderby, or OData cast query parameters. It uses an index that might not be up-to-date with recent changes to the object.

Request body

Don't supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and a collection of directoryObject objects in the response body.

Examples

Example 1: Get groups and directory roles that the service principal is a direct member of

Request

The following example shows a request.

HTTP

GET https://graph.microsoft.com/beta/servicePrincipals/{id}/memberOf

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "value": [
    {
      "@odata.type": "#microsoft.graph.group",
      "id": "id-value",
      "createdDateTime": null,
      "description": "All users at the company",
      "displayName": "All Users",
      "groupTypes": [],
      "mailEnabled": false,
      "securityEnabled": true,
    }
  ]
}

Example 2: Get only a count of all memberships

Request

The following example shows a request.

GET https://graph.microsoft.com/beta/servicePrincipals/{id}/memberOf/$count
ConsistencyLevel: eventual

Response

The following example shows the response.

HTTP/1.1 200 OK
Content-type: text/plain

394

Example 3: Use OData cast to get only a count of group membership

Request

The following example shows a request.

GET https://graph.microsoft.com/beta/servicePrincipals/{id}/memberOf/microsoft.graph.group/$count
ConsistencyLevel: eventual

Response

The following example shows the response.

HTTP/1.1 200 OK
Content-type: text/plain

394

Example 4: Use $search and OData cast to get group membership with display names that contain the letters 'Video' including a count of returned objects

Request

The following example shows a request.

GET https://graph.microsoft.com/beta/servicePrincipals/{id}/memberOf/microsoft.graph.group?$count=true&$orderby=displayName&$search="displayName:Video"
ConsistencyLevel: eventual

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@odata.context":"https://graph.microsoft.com/beta/$metadata#directoryObjects",
  "@odata.count":1396,
  "value": [
    {
      "@odata.type": "#microsoft.graph.group",
      "id": "id-value",
      "createdDateTime": null,
      "description": "All videos for the company",
      "displayName": "All Videos",
      "groupTypes": [],
      "mailEnabled": false,
      "securityEnabled": true
    }
  ]
}

Example 5: Use $filter and OData cast to get group membership with a display name that starts with the letter 'A' including a count of returned objects

Request

The following example shows a request.

GET https://graph.microsoft.com/beta/servicePrincipals/{id}/memberOf/microsoft.graph.group?$count=true&$orderby=displayName&$filter=startswith(displayName, 'A')
ConsistencyLevel: eventual

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@odata.context":"https://graph.microsoft.com/beta/$metadata#directoryObjects",
  "@odata.count":76,
  "value":[
    {
      "@odata.type": "#microsoft.graph.group",
      "id": "id-value",
      "createdDateTime": null,
      "description": "All videos for the company",
      "displayName": "All Videos",
      "groupTypes": [],
      "mailEnabled": false,
      "securityEnabled": true
    }
  ]
}