Microsoft Graph API - Get group owner details along with group details in azure

Question

In Azure I could find an API for getting the group details like as shown below

https://graph.microsoft.com/v1.0/groups

which will gives me all the group details like as shown below

{  
  "value": [  
    {  
      "id": "/groups/53c765632095310385020001",  
      "name": "Administrators",  
      "description": "Administrators is a built-in group. Its membership is managed by the system. Microsoft Azure subscription administrators fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    },  
    {  
      "id": "/groups/53c765632095310385020002",  
      "name": "Developers",  
      "description": "Developers is a built-in group. Its membership is managed by the system. Signed-in users fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    },  
    {  
      "id": "/groups/53c765632095310385020003",  
      "name": "Guests",  
      "description": "Guests is a built-in group. Its membership is managed by the system. Unauthenticated users visiting the developer portal fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    }  
  ],  
  "count": 3,  
  "nextLink": null  
}  

but the problem is I need group owner details also along with group details. At present I calls another API as shown below for getting the group owner details

https://graph.microsoft.com/v1.0/groups/{groupId}/owners

Is there any API or any other way in which I can get the group owner details along with groups details in one shot in azure

Answer 1

Microsoft Graph API supports some optional query parameters like select, filter, expand, search etc. which help in controlling what data you get back in response to your query. You can read about them here

expand parameter might be helpful for your use case.

I quickly tried out a query like below from Microsoft Graph Explorer and it returns the group information as well as owners collection for each group.

https://graph.microsoft.com/v1.0/groups?$expand=owners

Disclaimer: Microsoft Docs for expand parameter have a note which says something like

With Azure AD resources that derive from directoryObject, like user and group, $expand is only supported for beta and typically returns a maximum of 20 items for the expanded relationship.

Although, above mentioned query, which uses v1.0 did work fine for me at least from Graph explorer. So do test as much as possible (with high number of groups as well) before starting to rely on it. I'll also update back in case I find more up to date documentation regarding the same.

Here is the exact response I got for query I mentioned above. It's pretty big, I just included 2 groups and removed others, so that you get an idea.

Important part is to notice that owners collection is present along with groups. Notice the first group has no owners assigned, but second group has 2 users as owners.

REQUEST

GET https://graph.microsoft.com/v1.0/groups?$expand=owners

RESPONSE

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
    "value": [
        {
            "id": "xxxx-redacted-49b4e13fcf0f",
            "deletedDateTime": null,
            "classification": null,
            "createdDateTime": "2018-09-26T04:41:10Z",
            "creationOptions": [],
            "description": null,
            "displayName": "Business",
            "groupTypes": [],
            "mail": null,
            "mailEnabled": false,
            "mailNickname": "xxxx-redacted-88df-adf033b7f545",
            "onPremisesLastSyncDateTime": null,
            "onPremisesSecurityIdentifier": null,
            "onPremisesSyncEnabled": null,
            "preferredDataLocation": null,
            "proxyAddresses": [],
            "renewedDateTime": "2018-09-26T04:41:10Z",
            "resourceBehaviorOptions": [],
            "resourceProvisioningOptions": [],
            "securityEnabled": true,
            "visibility": null,
            "onPremisesProvisioningErrors": [],
            "owners": []
        },
        {
            "id": "xxxx-redacted-9316-a5acea4412d8",
            "deletedDateTime": null,
            "classification": null,
            "createdDateTime": "2018-09-26T04:19:29Z",
            "creationOptions": [],
            "description": null,
            "displayName": "DevOps",
            "groupTypes": [],
            "mail": null,
            "mailEnabled": false,
            "mailNickname": "xxxx-redacted-4f18-b2b1-e5a7b80d19ea",
            "onPremisesLastSyncDateTime": null,
            "onPremisesSecurityIdentifier": null,
            "onPremisesSyncEnabled": null,
            "preferredDataLocation": null,
            "proxyAddresses": [],
            "renewedDateTime": "2018-09-26T04:19:29Z",
            "resourceBehaviorOptions": [],
            "resourceProvisioningOptions": [],
            "securityEnabled": true,
            "visibility": null,
            "onPremisesProvisioningErrors": [],
            "owners": [
                {
                    "@odata.type": "#microsoft.graph.user",
                    "id": "xxxx-redacted-8000-8cb9f0d497c9",
                    "deletedDateTime": null,
                    "accountEnabled": true,
                    "ageGroup": null,
                    "businessPhones": [],
                    "city": "xxxx",
                    "companyName": null,
                    "consentProvidedForMinor": null,
                    "country": "xxxx",
                    "createdDateTime": null,
                    "department": "Human Resources",
                    "displayName": "Adam G",
                    "employeeId": null,
                    "faxNumber": null,
                    "givenName": "Adam",
                    "jobTitle": "Senior Human Resource Manager",
                    "legalAgeGroupClassification": null,
                    "mail": null,
                    "mailNickname": "adamg",
                    "mobilePhone": "xxxx",
                    "onPremisesDistinguishedName": null,
                    "onPremisesDomainName": null,
                    "onPremisesImmutableId": null,
                    "onPremisesLastSyncDateTime": null,
                    "onPremisesSecurityIdentifier": null,
                    "onPremisesSamAccountName": null,
                    "onPremisesSyncEnabled": null,
                    "onPremisesUserPrincipalName": null,
                    "otherMails": [],
                    "passwordPolicies": "DisablePasswordExpiration",
                    "passwordProfile": null,
                    "officeLocation": "131/1105",
                    "postalCode": "98052",
                    "preferredLanguage": "en-US",
                    "proxyAddresses": [],
                    "refreshTokensValidFromDateTime": "2018-09-19T03:34:39Z",
                    "imAddresses": [],
                    "isResourceAccount": null,
                    "showInAddressList": null,
                    "state": "MH",
                    "streetAddress": "xxxxxxxe",
                    "surname": "Gily",
                    "usageLocation": "US",
                    "userPrincipalName": "adamg@xxxxx.onmicrosoft.com",
                    "userType": "Member",
                    "assignedLicenses": [],
                    "assignedPlans": [],
                    "onPremisesProvisioningErrors": [],
                    "onPremisesExtensionAttributes": {
                        "extensionAttribute1": null,
                        "extensionAttribute2": null,
                        "extensionAttribute3": null,
                        "extensionAttribute4": null,
                        "extensionAttribute5": null,
                        "extensionAttribute6": null,
                        "extensionAttribute7": null,
                        "extensionAttribute8": null,
                        "extensionAttribute9": null,
                        "extensionAttribute10": null,
                        "extensionAttribute11": null,
                        "extensionAttribute12": null,
                        "extensionAttribute13": null,
                        "extensionAttribute14": null,
                        "extensionAttribute15": null
                    },
                    "provisionedPlans": []
                },
                {
                    "@odata.type": "#microsoft.graph.user",
                    "id": "xxxx-redacted-4824-8013-4325f68e275d",
                    "deletedDateTime": null,
                    "accountEnabled": true,
                    "ageGroup": null,
                    "businessPhones": [],
                    "city": null,
                    "companyName": null,
                    "consentProvidedForMinor": null,
                    "country": null,
                    "createdDateTime": null,
                    "department": null,
                    "displayName": "groupownertest",
                    "employeeId": null,
                    "faxNumber": null,
                    "givenName": null,
                    "jobTitle": null,
                    "legalAgeGroupClassification": null,
                    "mail": null,
                    "mailNickname": "groupownertest",
                    "mobilePhone": null,
                    "onPremisesDistinguishedName": null,
                    "onPremisesDomainName": null,
                    "onPremisesImmutableId": null,
                    "onPremisesLastSyncDateTime": null,
                    "onPremisesSecurityIdentifier": null,
                    "onPremisesSamAccountName": null,
                    "onPremisesSyncEnabled": null,
                    "onPremisesUserPrincipalName": null,
                    "otherMails": [],
                    "passwordPolicies": null,
                    "passwordProfile": null,
                    "officeLocation": null,
                    "postalCode": null,
                    "preferredLanguage": null,
                    "proxyAddresses": [],
                    "refreshTokensValidFromDateTime": "2019-01-23T18:56:43Z",
                    "imAddresses": [],
                    "isResourceAccount": null,
                    "showInAddressList": null,
                    "state": null,
                    "streetAddress": null,
                    "surname": null,
                    "usageLocation": null,
                    "userPrincipalName": "groupownertest@XXXXX.onmicrosoft.com",
                    "userType": "Member",
                    "assignedLicenses": [],
                    "assignedPlans": [],
                    "onPremisesProvisioningErrors": [],
                    "onPremisesExtensionAttributes": {
                        "extensionAttribute1": null,
                        "extensionAttribute2": null,
                        "extensionAttribute3": null,
                        "extensionAttribute4": null,
                        "extensionAttribute5": null,
                        "extensionAttribute6": null,
                        "extensionAttribute7": null,
                        "extensionAttribute8": null,
                        "extensionAttribute9": null,
                        "extensionAttribute10": null,
                        "extensionAttribute11": null,
                        "extensionAttribute12": null,
                        "extensionAttribute13": null,
                        "extensionAttribute14": null,
                        "extensionAttribute15": null
                    },
                    "provisionedPlans": []
                }
            ]
        }
    ]
}

UPDATE 1 (to answer queries from comments)

members and owners are both navigational properties/relationships and not direct properties for groups. You can only expand one at a time. I'll show you 3 quick api calls that can be tested from Microsoft Graph Explorer.

expand only members - This works as expected and returns groups as well as members for each group.

GET https://graph.microsoft.com/v1.0/groups?$expand=members

expand only owners - This works as expected and returns groups as well as owners for each group. Sample response shown above already.

GET https://graph.microsoft.com/v1.0/groups?$expand=owners

expand both members and owners in a single call

GET https://graph.microsoft.com/v1.0/groups?$expand=members,owners

RESPONSE

you can only expand one navigational property in a single call.. look at the error message it's quite intuitive:

{
    "error": {
        "code": "Request_BadRequest",
        "message": "The result of parsing $expand contained at least 2 items, but the maximum allowed is 1.",
        "innerError": {
            "request-id": "119cf794-af56-48a0-b415-4d52c2e60e98",
            "date": "2019-02-13T02:57:13"
        }
    }
}

UPDATE 2 (to answer query about expand and select together from comments)

I don't think you will be able to $select only a few columns along with $expand in the query. This seems to be a known limitation. See the two links below for more context

1. Query Parameter Limitations - Microsoft Docs
2. Another SO post Specifically, in this SO post look at comment from Marc LaFleur and an answer from Dan Kershaw - MSFT

Answer 2

Not sure if this has been fixed, but I was able to limit the output of the expanded owner query with this

https://graph.microsoft.com/v1.0/groups/?$select=displayName&$filter=resourceProvisioningOptions/Any(x:x eq 'Team')&$expand=owners($select=id,department)

note: this was to retrieve specific groups that belonged to Teams, but that's just a filter, I think it should work otherwise as well.