Get Active Directory users in SharePoint using Graph API

Graph API Introduction

Microsoft Graph API (Application Programming Interface) is the evolvement of Office 365 Unified API into a single stop for a cloud solution by exposing multiple Microsoft cloud service APIs through a single REST (Representational State Transfer) API endpoint.

With the Office Graph, the user has created a web that consists of content and communication.  Each piece of content is a node.  Each person is a node.  Each form of communication is a node.  Office Graph connects these nodes together through specific APIs.  Each one has its own API.  Office Graph creates a small web for each user, whereas, Microsoft Graph API creates a web not only for one user but interlinks related users across an entire organization resulting in a large web of collaboration and communication.

Here is an image that shows how we can use Office Graph to connect and surface data among different areas of the Office 365 and Azure stacks.

The larger the web, the slower the time to access and find data.  Microsoft Graph API retained the inherent machine learning capabilities as one of the responses to this issue.  By collecting and analyzing, the machine learning algorithm allows Microsoft Graph API to learn the users working relationships and brings to the forefront the most frequented services not only for each individual user but as an organization as a whole by connecting each individual with collaborators and teams.

The single and greatest response to cloud data congestion is that Microsoft Graph API was evolved further so that multiple API exposures from Microsoft Cloud services are handled through a single REST API endpoint.  In other words, there is one endpoint to rule them all!

Today’s Solution

Today we are going to perform business Oriented solution which will be going to help admin users a handy Benefit to know the list of Active Directory users and groups.

Get a list of the group’s direct members. A group can have users, contacts, and other groups as members.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) User.ReadBasic.All, User.Read.All, Directory.Read.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application User.Read.All, Directory.Read.All

HTTP Request

GET /groups/{id}/members

Request Headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

Do not supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and collection of directory Object objects in the response body.

Example

Request

The following is an example of the request.

GET https://graph.microsoft.com/v1.0/groups/{id}/members

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

Prerequisites

Azure Application with required permissions and, Application ID of the Application which we have created into the Azure Active directory.

Create Application into Azure

1. Go to https://portal.azure.com and log in with your O365 admin credentials

2. Click on “Azure Active Directory” option from left navigation3. Then click on “App registrations” option 4. Click on “Add” button to register your app and fill in the required information and then click on the “Create” button

5. Please copy “Application ID” value. Here “Application ID = Client ID” i.e. Client ID value asked in graphapi.js file

6. Edit the manifest and activate implicit OAuth

  1. Click on the new registration you have created
  2. Now Click on the “Manifest” button
  3. Now Click on “Edit” button
  4. Now change “oauth2AllowImplicitFlow” to true
  5. Click on Save button to save the manifest file settings

7. Settings App Access Permission +
(Please note that these settings are depending on what type of graph query you have used in your app. E.g. Query regarding the user, email, list items etc.…)
Following is the example of permission I have given to read user profile of the user.

  1. Click on the new registration you have created.
  2. Click on “API Access Required Permissions”
  3. Click on default permission settings you want to give one of permission as mentioned above into the Permissions Portion.
  4. Select permission as your requirement
  5. Click “Save” button
  6. Click on “Grant Permission” button
  7. Click on “Yes”
    Now we have the Azure application registered with required permissions.

Create an HTML File with Graph API Operation

Let’s create the Solution based on the Graph API services and the build a proper solution to get the “AD Groups” Member.

Step 1: Create the HTML design with show “AD Groups” member.

Step 2: Create the Script and implement the Graph API into the Script. I have Attached the HTML file which has HTML and Script both.

Step 3: You should make some changes into the Script as per your Applications and your Site collection.

Apply your Configurations at given highlighted places.

  1. Apply your Application ID which you can get by the Application you have generated into the Azure.
  2. Apply your Graph API URL as per your requirement and also provide your Time zone.

Working Scenario

Here is the Working Solution which shows get a list of the group’s direct members. A group can have users, contacts, and other groups as members.

Step 1: For this Solution, we must have AD users, Otherwise, it won’t show us any data.

Download the Source code from Github location given below:

https://github.com/mindlabco/ADUsersinSharePoint-using-GraphAPI

Paras Dodhia

Leave a Reply