Home > other >  How to find user principle name not a member of perticuler group (which contain "AVD" in i
How to find user principle name not a member of perticuler group (which contain "AVD" in i

Time:06-17

From Azure AD, Are there any ways to find users who does not have a speciifc group assigned ( the name contain %AVD% in it) ?

This is what I have tried:

  https://graph.microsoft.com/beta/users?$expand=memberOf
  https://graph.microsoft.com/v1.0/users/groups?$search="AVD"
   https://graph.microsoft.com/v1.0/users?$select=memberOf eq '%AVD%'

unable to get expected result. That is user principle name not a member of perticuler group which contain "AVD" in its name. Thanks.

CodePudding user response:

To find users who does not have a specific group assigned, please try the below PowerShell script by enter image description here

Per my test, I think this request should work but it didn't execute the filter actually.

https://graph.microsoft.com/v1.0/users?$expand=memberOf($select=displayName;$filter=displayName eq 'xxx';)&$select=displayName,id,memberOf

So I'm afraid you have to execute the api first and then do the filter by your code. And I wrote a sample like this:

using Microsoft.Graph;
using Azure.Identity;

var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "your_tenant_name.onmicrosoft.com";
var clientId = "azure_ad_client_id";
var clientSecret = "client_secret";
var clientSecretCredential = new ClientSecretCredential(
    tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
//$filter=displayName eq 'xxx' doesn't work
var a = await graphClient.Users.Request().Expand("memberOf($select=displayName;$filter=displayName eq 'xxx')").Select("displayName,id,memberOf").GetAsync();
List<User> users = a.ToList();
List<User> res = new List<User>();
foreach (User user in users)
{
    List<DirectoryObject> memberOf = user.MemberOf.ToList();
    foreach (DirectoryObject obj in memberOf) {
        if (obj.ODataType == "#microsoft.graph.group") {
            Group temp = (Group)obj;
            if (temp.DisplayName.Contains("Admin")) {
                res.Add(user);
                continue;
            }
        }
    }
}
  • Related