Microsoft Graph API-在Azure中获取组所有者详细信息以及组详细信息

时间:2019-02-12 04:13:15

标签: rest azure azure-active-directory microsoft-graph azure-resource-group

在Azure中,我可以找到一个用于获取组详细信息的API,如下所示

https://graph.microsoft.com/v1.0/groups

这将为我提供所有组详细信息,如下所示

{  
  "value": [  
    {  
      "id": "/groups/53c765632095310385020001",  
      "name": "Administrators",  
      "description": "Administrators is a built-in group. Its membership is managed by the system. Microsoft Azure subscription administrators fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    },  
    {  
      "id": "/groups/53c765632095310385020002",  
      "name": "Developers",  
      "description": "Developers is a built-in group. Its membership is managed by the system. Signed-in users fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    },  
    {  
      "id": "/groups/53c765632095310385020003",  
      "name": "Guests",  
      "description": "Guests is a built-in group. Its membership is managed by the system. Unauthenticated users visiting the developer portal fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    }  
  ],  
  "count": 3,  
  "nextLink": null  
}  

但是问题是我还需要组所有者详细信息以及组详细信息。目前,我调用了如下所示的另一个API,以获取组所有者的详细信息

https://graph.microsoft.com/v1.0/groups/{groupId}/owners

我是否可以通过任何API或其他任何方式在一次拍摄中获取组所有者详细信息以及组详细信息

1 个答案:

答案 0 :(得分:2)

Microsoft Graph API支持一些可选的查询参数,例如select,filter,expand,search等,这些参数有助于控制响应查询返回的数据。您可以阅读有关here

的信息

expand parameter 可能对您的用例有用。

我很快从Microsoft Graph Explorer尝试了如下查询,它返回了组信息以及每个组的所有者集合。

https://graph.microsoft.com/v1.0/groups?$expand=owners

免责声明:用于扩展参数的Microsoft文档有一个注释,内容类似于

  

具有从directoryObject派生的Azure AD资源,例如用户   和组,$ expand仅受beta支持,通常返回一个   扩展关系最多20个。

尽管上面提到的使用v1.0的查询至少对Graph Explorer来说对我来说效果很好。因此,在开始依赖它之前,请尽可能多地进行测试(以及大量的组)。如果我找到更多有关此文档的最新文档,我也会进行更新。

这是我上面提到的查询得到的确切响应。它很大,我只包括2个小组,并删除了其他小组,所以您有了个主意。

重要的一点是要注意所有者集合与组一起存在。请注意,第一组没有分配所有者,但第二组有2个用户作为所有者。

请求

GET https://graph.microsoft.com/v1.0/groups?$expand=owners

响应

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
    "value": [
        {
            "id": "xxxx-redacted-49b4e13fcf0f",
            "deletedDateTime": null,
            "classification": null,
            "createdDateTime": "2018-09-26T04:41:10Z",
            "creationOptions": [],
            "description": null,
            "displayName": "Business",
            "groupTypes": [],
            "mail": null,
            "mailEnabled": false,
            "mailNickname": "xxxx-redacted-88df-adf033b7f545",
            "onPremisesLastSyncDateTime": null,
            "onPremisesSecurityIdentifier": null,
            "onPremisesSyncEnabled": null,
            "preferredDataLocation": null,
            "proxyAddresses": [],
            "renewedDateTime": "2018-09-26T04:41:10Z",
            "resourceBehaviorOptions": [],
            "resourceProvisioningOptions": [],
            "securityEnabled": true,
            "visibility": null,
            "onPremisesProvisioningErrors": [],
            "owners": []
        },
        {
            "id": "xxxx-redacted-9316-a5acea4412d8",
            "deletedDateTime": null,
            "classification": null,
            "createdDateTime": "2018-09-26T04:19:29Z",
            "creationOptions": [],
            "description": null,
            "displayName": "DevOps",
            "groupTypes": [],
            "mail": null,
            "mailEnabled": false,
            "mailNickname": "xxxx-redacted-4f18-b2b1-e5a7b80d19ea",
            "onPremisesLastSyncDateTime": null,
            "onPremisesSecurityIdentifier": null,
            "onPremisesSyncEnabled": null,
            "preferredDataLocation": null,
            "proxyAddresses": [],
            "renewedDateTime": "2018-09-26T04:19:29Z",
            "resourceBehaviorOptions": [],
            "resourceProvisioningOptions": [],
            "securityEnabled": true,
            "visibility": null,
            "onPremisesProvisioningErrors": [],
            "owners": [
                {
                    "@odata.type": "#microsoft.graph.user",
                    "id": "xxxx-redacted-8000-8cb9f0d497c9",
                    "deletedDateTime": null,
                    "accountEnabled": true,
                    "ageGroup": null,
                    "businessPhones": [],
                    "city": "xxxx",
                    "companyName": null,
                    "consentProvidedForMinor": null,
                    "country": "xxxx",
                    "createdDateTime": null,
                    "department": "Human Resources",
                    "displayName": "Adam G",
                    "employeeId": null,
                    "faxNumber": null,
                    "givenName": "Adam",
                    "jobTitle": "Senior Human Resource Manager",
                    "legalAgeGroupClassification": null,
                    "mail": null,
                    "mailNickname": "adamg",
                    "mobilePhone": "xxxx",
                    "onPremisesDistinguishedName": null,
                    "onPremisesDomainName": null,
                    "onPremisesImmutableId": null,
                    "onPremisesLastSyncDateTime": null,
                    "onPremisesSecurityIdentifier": null,
                    "onPremisesSamAccountName": null,
                    "onPremisesSyncEnabled": null,
                    "onPremisesUserPrincipalName": null,
                    "otherMails": [],
                    "passwordPolicies": "DisablePasswordExpiration",
                    "passwordProfile": null,
                    "officeLocation": "131/1105",
                    "postalCode": "98052",
                    "preferredLanguage": "en-US",
                    "proxyAddresses": [],
                    "refreshTokensValidFromDateTime": "2018-09-19T03:34:39Z",
                    "imAddresses": [],
                    "isResourceAccount": null,
                    "showInAddressList": null,
                    "state": "MH",
                    "streetAddress": "xxxxxxxe",
                    "surname": "Gily",
                    "usageLocation": "US",
                    "userPrincipalName": "adamg@xxxxx.onmicrosoft.com",
                    "userType": "Member",
                    "assignedLicenses": [],
                    "assignedPlans": [],
                    "onPremisesProvisioningErrors": [],
                    "onPremisesExtensionAttributes": {
                        "extensionAttribute1": null,
                        "extensionAttribute2": null,
                        "extensionAttribute3": null,
                        "extensionAttribute4": null,
                        "extensionAttribute5": null,
                        "extensionAttribute6": null,
                        "extensionAttribute7": null,
                        "extensionAttribute8": null,
                        "extensionAttribute9": null,
                        "extensionAttribute10": null,
                        "extensionAttribute11": null,
                        "extensionAttribute12": null,
                        "extensionAttribute13": null,
                        "extensionAttribute14": null,
                        "extensionAttribute15": null
                    },
                    "provisionedPlans": []
                },
                {
                    "@odata.type": "#microsoft.graph.user",
                    "id": "xxxx-redacted-4824-8013-4325f68e275d",
                    "deletedDateTime": null,
                    "accountEnabled": true,
                    "ageGroup": null,
                    "businessPhones": [],
                    "city": null,
                    "companyName": null,
                    "consentProvidedForMinor": null,
                    "country": null,
                    "createdDateTime": null,
                    "department": null,
                    "displayName": "groupownertest",
                    "employeeId": null,
                    "faxNumber": null,
                    "givenName": null,
                    "jobTitle": null,
                    "legalAgeGroupClassification": null,
                    "mail": null,
                    "mailNickname": "groupownertest",
                    "mobilePhone": null,
                    "onPremisesDistinguishedName": null,
                    "onPremisesDomainName": null,
                    "onPremisesImmutableId": null,
                    "onPremisesLastSyncDateTime": null,
                    "onPremisesSecurityIdentifier": null,
                    "onPremisesSamAccountName": null,
                    "onPremisesSyncEnabled": null,
                    "onPremisesUserPrincipalName": null,
                    "otherMails": [],
                    "passwordPolicies": null,
                    "passwordProfile": null,
                    "officeLocation": null,
                    "postalCode": null,
                    "preferredLanguage": null,
                    "proxyAddresses": [],
                    "refreshTokensValidFromDateTime": "2019-01-23T18:56:43Z",
                    "imAddresses": [],
                    "isResourceAccount": null,
                    "showInAddressList": null,
                    "state": null,
                    "streetAddress": null,
                    "surname": null,
                    "usageLocation": null,
                    "userPrincipalName": "groupownertest@XXXXX.onmicrosoft.com",
                    "userType": "Member",
                    "assignedLicenses": [],
                    "assignedPlans": [],
                    "onPremisesProvisioningErrors": [],
                    "onPremisesExtensionAttributes": {
                        "extensionAttribute1": null,
                        "extensionAttribute2": null,
                        "extensionAttribute3": null,
                        "extensionAttribute4": null,
                        "extensionAttribute5": null,
                        "extensionAttribute6": null,
                        "extensionAttribute7": null,
                        "extensionAttribute8": null,
                        "extensionAttribute9": null,
                        "extensionAttribute10": null,
                        "extensionAttribute11": null,
                        "extensionAttribute12": null,
                        "extensionAttribute13": null,
                        "extensionAttribute14": null,
                        "extensionAttribute15": null
                    },
                    "provisionedPlans": []
                }
            ]
        }
    ]
}

更新1(回答评论中的查询)

成员和所有者都是导航属性/关系,而不是组的直接属性。一次只能扩展一个。我将向您展示3个可以从Microsoft Graph Explorer进行测试的快速api调用。

仅扩展成员-这可以按预期工作,并返回组以及每个组的成员。

GET https://graph.microsoft.com/v1.0/groups?$expand=members

仅扩展所有者-这可以按预期工作,并返回组以及每个组的所有者。上面已经显示了示例响应。

GET https://graph.microsoft.com/v1.0/groups?$expand=owners

在单个通话中同时扩展成员和所有者

GET https://graph.microsoft.com/v1.0/groups?$expand=members,owners

响应

您只能在一个调用中展开一个导航属性。.看看错误消息是否很直观

{
    "error": {
        "code": "Request_BadRequest",
        "message": "The result of parsing $expand contained at least 2 items, but the maximum allowed is 1.",
        "innerError": {
            "request-id": "119cf794-af56-48a0-b415-4d52c2e60e98",
            "date": "2019-02-13T02:57:13"
        }
    }
}

更新2(回答有关扩展的查询并从注释中一起选择)

我认为您不能在查询中仅选择$ selectand以及几列。这似乎是已知的限制。有关更多上下文,请参见下面的两个链接

  1. Query Parameter Limitations - Microsoft Docs
  2. Another SO post 具体来说,在这篇SO帖子中,请查看Marc LaFleur的评论和Dan Kershaw - MSFT的答案