2

I know how to get member directory roles filtering by type using the rest query below:

https://graph.microsoft.com/v1.0/me/memberOf/$/microsoft.graph.directoryRole

So the response from MS Graph api only contains directoryRole objects. Not sure how this can be done using the MS Graph .Net client SDK as we do not specify any OData keyword like Select or Filter in the actual Rest request.

Note that I do not want to call just memberOf and filter directoryRole type responses in memory on client side, I want this filter to be part of the query as in the URL above, so memberOf response contains only directoryRole s.

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
Dogu Arslan
  • 3,292
  • 24
  • 43

2 Answers2

1

The Graph Net Client have not directly support your requirement.

But based on my test, we can try the following work around:

Use the following code to get the list with DirectoryRole and then filter by DisplayName, and then check the role template id(For the directoryRole from Me.MemberOf, if the DisplayName contains Administrator, basically, we are admin role. If use the DirectoryRoles api, we can iterate the list and check the role template id):

// This will contains the group too, we need to filter it to get the directoryrole

    IUserMemberOfCollectionWithReferencesRequest builder = graphClient.Me.MemberOf.Request();
                    IUserMemberOfCollectionWithReferencesPage page = await builder.GetAsync();

    // This is all directoryrole in our tenant, we need to filter by DisplayName contains **Administrator**
                IGraphServiceDirectoryRolesCollectionRequest request = graphClient.DirectoryRoles.Request();
                IGraphServiceDirectoryRolesCollectionPage directoryRoles = await request.GetAsync();

Results of Me.MemberOf: enter image description here Results of DirectoryRoles: enter image description here

If the work around still cannot suit your requirement, I suggest you submit an feature request on uservoice and github issues

Supplementary answer: (Unfortunately the filtering is generally pretty limited in Microsoft Graph for directory resources. So you can just use the client side in-memory filter or submit feature request now):

Theoretically, we can use the rest api like this(The specified filter to the reference property query is currently not supported.)

https://graph.microsoft.com/v1.0/me/memberOf/$/microsoft.graph.group?$filter=groupTypes/any(a:roleTemplateId eq  '62e90394-69f5-4237-9190-012177145e10')

And in the C# code which is based on the Graph Client

List<QueryOption> options = new List<QueryOption>
                {
                    new QueryOption("$filter", 
                      "groupTypes/any(a:roleTemplateId eq  '62e90394-69f5-4237-9190-012177145e10'")
                };   
IUserMemberOfCollectionWithReferencesRequest builder = graphClient.Me.MemberOf.Request(options); 

                    IGraphServiceDirectoryRolesCollectionRequest request = graphClient.DirectoryRoles.Request(options);
Seiya Su
  • 1,836
  • 1
  • 7
  • 10
  • Is there any other way to filter a specific directoryRole from the memberOf response using the RoleTemplateId ? – Dogu Arslan Sep 07 '18 at 15:12
  • I think RoleTempateId can used for filtering the result of MemberOf and DirectoryRoles(Iterating over the list or by LINQ). The way besides RoleTemplateId still need to test – Seiya Su Sep 07 '18 at 15:27
  • If you post a working example filtering with RoleTemplateId I will accept that answer. – Dogu Arslan Sep 07 '18 at 15:42
  • It is our Saturday now, I will do it in our Monday after back to office. – Seiya Su Sep 07 '18 at 15:59
  • I should go back to my office in about 20 hours, as early as this evening. – Seiya Su Sep 07 '18 at 16:08
  • Thanks Seiya, no major rush on this we can wait till over the weekend. Just to clarify I am not looking for an in memory filtering on client side. I know how this can be done easily. I am looking for a way to push this filtering (ie. filter by a specific RoleTemplateId) to the server side. – Dogu Arslan Sep 07 '18 at 16:11
  • For server side filter, all I can say is try as possible as i can. As you know, we can do little for the Graph server side code. The most likely result, we need to do in-memory filter or submit the feature request – Seiya Su Sep 07 '18 at 16:21
1

With the SDK, filtering is a function applied to the object. For example:

var users = await graphClient
    .Users
    .Request()
    .Filter("startswith(displayName,'A')")
    .GetAsync();

Unfortunately, this won't help you here since /memberOf doesn't support $filter. So you would need to do the filtering on the client.

If you're checking a specific directoryRole, you could come at this from the other direction. The /members endpoint does support filtering by member id:

v1.0/directoryRoles/{role-id}/members?$filter=id eq '{user-id}'

It is important to note here that /members does not support filtering by userPrincipalName, only by the actual id.

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63