Get member-groups in Azure AD Graph Helper

Question

I use Graph API to query my Azure Active Directory, using the Microsoft.WindowsAzure.ActiveDirectory.GraphHelper project as a base for my requests.

In a specific use-case, I have a Group which contains several hundred Users, as well as a few Groups. I am looking to load the Group members of this parent Group. I tried to request a load of the members property:

DirectoryService.LoadProperty(school, "members");

I only get 100 results, all of which are Users (again, there are more than 100 users in the group).
I tried to perform a DataServiceQuery but it doesn't support such an operation:

var groups = DirectoryService.groups;
Group parentGroup = DirectoryService.groups.Where(it => (it.objectId == parentGroupId)).SingleOrDefault();
groups = (DataServiceQuery<Group>)groups.Where(group => group.memberOf.Contains(parentGroup));

It fails on the third line there saying that the expression is not supported.

At the moment, the only solution I can think of is loading ALL of the groups, running LoadPropert(entity, 'memberOf', null) on each and every one, and then checking each one if it is a member of the parentGroup (actually, one of several such parentGroups). note - I put null in the continuationToken space as these groups should only be members of one parent group.

This is terribly inefficient but I can't seem to find any other way!
Is there another way to do what I am trying to do?

Answer 1

Please see our latest samples on github. The sample: https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet has many example calls to the graph API through the latest graph client library, including getting group memberships (as Philippe shows above)

Answer 2

The AAD Graph API currently returns 100 items per page. If the request you make is for more than one page of data, the response will contain a link to the next page of data. From Supported Queries, Filters, and Paging Options in Azure AD Graph API:

A response that contains paged results will include a skip token (odata.nextLink) that allows you to get the next page of results.

The easiest way to see this is to sign in as a user of the directory to https://graphexplorer.cloudpp.net. Then, do the simple GET:

https://graph.windows.net/<your.domain.name>/users

Since you have more than 100 users, if you scroll down to the bottom of the results, you'll see a property odata.nextLink. If you copy the contents of that property, and use then in your next query, you'll get the next page. Continuing this example, the next request would look something like this:

https://graph.windows.net/<your.domain.name>/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User?$skiptoken=X'4453...

I notice you're using the deprecated helper library Microsoft.WindowsAzure.ActiveDirectory.GraphHelper. Instead, you should use the newer (and supported) Graph API client library: Microsoft.Azure.ActiveDirectory.GraphClient (NuGet). The following code snippet retrieves all group members, and only prints the display name of Group objects:

// Fetch group member objects
IGroupFetcher groupFetcher = (IGroupFetcher)parentGroup;
IPagedCollection<IDirectoryObject> members = 
    groupFetcher.Members.ExecuteAsync().Result;

// Iterate over each page keep only the Groups
do
{
    List<IDirectoryObject> directoryObjects = members.CurrentPage.ToList();
    foreach (IDirectoryObject member in directoryObjects)
    {
        if (member is Group)
        {
            Group group = member as Group;
            Console.WriteLine("Group: {0}", group.DisplayName);
        }
    }
    members = members.MorePagesAvailable ? 
        members = members.GetNextPageAsync().Result : null;
} while (members != null);