From Azure AD, Are there any ways to find users who does not have a speciifc group assigned ( the name contain %AVD% in it) ?
This is what I have tried:
https://graph.microsoft.com/beta/users?$expand=memberOf
https://graph.microsoft.com/v1.0/users/groups?$search="AVD"
https://graph.microsoft.com/v1.0/users?$select=memberOf eq '%AVD%'
unable to get expected result. That is user principle name not a member of perticuler group which contain "AVD" in its name. Thanks.
CodePudding user response:
To find users who does not have a specific group assigned, please try the below PowerShell script by 
Per my test, I think this request should work but it didn't execute the filter actually.
https://graph.microsoft.com/v1.0/users?$expand=memberOf($select=displayName;$filter=displayName eq 'xxx';)&$select=displayName,id,memberOf
So I'm afraid you have to execute the api first and then do the filter by your code. And I wrote a sample like this:
using Microsoft.Graph;
using Azure.Identity;
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "your_tenant_name.onmicrosoft.com";
var clientId = "azure_ad_client_id";
var clientSecret = "client_secret";
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
//$filter=displayName eq 'xxx' doesn't work
var a = await graphClient.Users.Request().Expand("memberOf($select=displayName;$filter=displayName eq 'xxx')").Select("displayName,id,memberOf").GetAsync();
List<User> users = a.ToList();
List<User> res = new List<User>();
foreach (User user in users)
{
List<DirectoryObject> memberOf = user.MemberOf.ToList();
foreach (DirectoryObject obj in memberOf) {
if (obj.ODataType == "#microsoft.graph.group") {
Group temp = (Group)obj;
if (temp.DisplayName.Contains("Admin")) {
res.Add(user);
continue;
}
}
}
}