Share via


Operations on users | Graph API reference

Applies to: Graph API | Azure Active Directory

This topic discusses how to perform operations on users using the Azure Active Directory (AD) Graph API. With the Azure AD Graph API, you can create, read, update, and delete users. You can also query and modify a user's relationships to other directory entities. For example, you can assign the user's manager, query the user's direct reports, manage group memberships, app roles, and devices assigned to the user, and much more.

The Graph API is an OData 3.0 compliant REST API that provides programmatic access to directory objects in Azure Active Directory, such as users, groups, organizational contacts, and applications.

This article applies to Azure AD Graph API. For similar info related to Microsoft Graph API, see Working with users in Microsoft Graph.

Caution

Azure Active Directory (Azure AD) Graph is deprecated and is currently in its retirement path. We recommend that you migrate your apps to Microsoft Graph.

Performing REST operations on users

To perform operations on users with the Graph API, you send HTTP requests with a supported method (GET, POST, PATCH, PUT, or DELETE) to an endpoint that targets the users resource collection, a specific user, a navigation property of a user, or a function or action that can be called on a user.

Graph API requests use the following basic URL:

https://graph.windows.net/{tenant_id}/{resource_path}?{api_version}[odata_query_parameters]

Important

Requests sent to the Graph API must be well-formed, target a valid endpoint and version of the Graph API, and carry a valid access token obtained from Azure AD in their Authorization header. For more detailed information about creating requests and receiving responses with the Graph API, see Operations Overview.

You specify the resource path differently depending on whether you are targeting the collection of all users in your tenant, an individual user, or a navigation property of a specific user.

  • /users targets the user resource collection. You can use this resource path to read all users or a filtered list of users in your tenant or to create one or more new users in your tenant.
  • /users/{user_id} targets an individual user in your tenant. You specify the user_id either as the object ID (GUID) or the user principal name (UPN) of the target user. You can use this resource path to get the declared properties of a user, to modify the declared properties of a user, or to delete a user. Note: For an external user, you must specify the user’s object ID (GUID).
  • /users/{user_id}/{property} targets the specified navigation property of a user. You can use it to return the object or objects referenced by the target navigation property of the specified user. Note: This form of addressing is only available for reads.
  • /users/{user_id}/$links/{property} targets the specified navigation property of a user. You can use this form of addressing to both read and modify a navigation property. On reads, the objects referenced by the property are returned as one or more links in the response body. On writes, the objects are specified as one or more links in the request body.

For example, the following request returns a link to the specified user's manager:

GET https://graph.windows.net/myorganization/users/john@contoso.onmicrosoft.com/$links/manager?api-version=1.6

Note: You can use the me alias to target the signed-in user. For more information about performing operations using the me alias, see Operations on the Signed-in User.

Basic operations on users

You can perform basic create, read, update, and delete (CRUD) operations on users and their declared properties by targeting either the user resource collection or a specific user. The following topics show you how.

Get users

Gets a collection of users. You can add OData query parameters to the request to filter, sort, and page the response. For more information, see Supported Queries, Filters, and Paging Options.

On success, returns a collection of User objects; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

Note: Password property will be null.

GET https://graph.windows.net/myorganization/users?api-version[&$filter]

Parameters

Parameter Type Value Notes
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
$filter string startswith(displayName,'A') A filter to apply to the request. Optional. (Leave blank to omit the $filter parameter.)

Response

Status Code:200

Content-Type: application/json

{
  "odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.User",
  "value": [
    {
      "odata.type": "Microsoft.DirectoryServices.User",
      "objectType": "User",
      "objectId": "e61ff361-5baf-41f0-b2fd-380a6a5e406a",
      "deletionTimestamp": null,
      "accountEnabled": true,
      "signInNames": [],
      "assignedLicenses": [
        {
          "disabledPlans": [],
          "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
        }
      ],
      "assignedPlans": [
        {
          "assignedTimestamp": "2014-10-14T02:54:57Z",
          "capabilityStatus": "Enabled",
          "service": "exchange",
          "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:57Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:57Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:57Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftCommunicationsOnline",
          "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:57Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftOffice",
          "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:57Z",
          "capabilityStatus": "Enabled",
          "service": "RMSOnline",
          "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
        }
      ],
      "city": null,
      "country": null,
      "creationType": null,
      "department": null,
      "dirSyncEnabled": null,
      "displayName": "Rob Young",
      "facsimileTelephoneNumber": null,
      "givenName": "Rob",
      "immutableId": null,
      "jobTitle": null,
      "lastDirSyncTime": null,
      "mail": "roby@a830edad9050849NDA1.onmicrosoft.com",
      "mailNickname": "roby",
      "mobile": null,
      "onPremisesSecurityIdentifier": null,
      "otherMails": [],
      "passwordPolicies": "None",
      "passwordProfile": null,
      "physicalDeliveryOfficeName": null,
      "postalCode": null,
      "preferredLanguage": null,
      "provisionedPlans": [
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "exchange"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftCommunicationsOnline"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftOffice"
        }
      ],
      "provisioningErrors": [],
      "proxyAddresses": [
        "SMTP:roby@a830edad9050849NDA1.onmicrosoft.com"
      ],
      "sipProxyAddress": "roby@a830edad9050849NDA1.onmicrosoft.com",
      "state": null,
      "streetAddress": null,
      "surname": "Young",
      "telephoneNumber": null,
      "usageLocation": "US",
      "userPrincipalName": "roby@a830edad9050849NDA1.onmicrosoft.com",
      "userType": "Member"
    },
    {
      "odata.type": "Microsoft.DirectoryServices.User",
      "objectType": "User",
      "objectId": "fec3faba-6a15-4e3e-8a9e-5c63f7510377",
      "deletionTimestamp": null,
      "accountEnabled": true,
      "signInNames": [],
      "assignedLicenses": [
        {
          "disabledPlans": [],
          "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
        }
      ],
      "assignedPlans": [
        {
          "assignedTimestamp": "2014-10-14T02:54:32Z",
          "capabilityStatus": "Enabled",
          "service": "exchange",
          "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:32Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:32Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:32Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftCommunicationsOnline",
          "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:32Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftOffice",
          "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:32Z",
          "capabilityStatus": "Enabled",
          "service": "RMSOnline",
          "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
        }
      ],
      "city": "Pittsburgh",
      "country": "United States",
      "creationType": null,
      "department": "Finance",
      "dirSyncEnabled": null,
      "displayName": "Katie Jordan",
      "facsimileTelephoneNumber": null,
      "givenName": "Katie",
      "immutableId": null,
      "jobTitle": "Auditor",
      "lastDirSyncTime": null,
      "mail": "katiej@a830edad9050849NDA1.onmicrosoft.com",
      "mailNickname": "katiej",
      "mobile": null,
      "onPremisesSecurityIdentifier": null,
      "otherMails": [],
      "passwordPolicies": "None",
      "passwordProfile": null,
      "physicalDeliveryOfficeName": "12/1110",
      "postalCode": "15212",
      "preferredLanguage": "en-US",
      "provisionedPlans": [
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "exchange"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftCommunicationsOnline"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftOffice"
        }
      ],
      "provisioningErrors": [],
      "proxyAddresses": [
        "SMTP:katiej@a830edad9050849NDA1.onmicrosoft.com"
      ],
      "sipProxyAddress": "katiej@a830edad9050849NDA1.onmicrosoft.com",
      "state": "PA",
      "streetAddress": "30 Isabella St., Second Floor",
      "surname": "Jordan",
      "telephoneNumber": "+1 412 555 0109",
      "usageLocation": "US",
      "userPrincipalName": "katiej@a830edad9050849NDA1.onmicrosoft.com",
      "userType": "Member"
    },
    {
      "odata.type": "Microsoft.DirectoryServices.User",
      "objectType": "User",
      "objectId": "6816d6c4-5c13-44a5-baaa-2dae2cc07461",
      "deletionTimestamp": null,
      "accountEnabled": true,
      "signInNames": [],
      "assignedLicenses": [
        {
          "disabledPlans": [],
          "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
        }
      ],
      "assignedPlans": [
        {
          "assignedTimestamp": "2014-10-14T02:55:27Z",
          "capabilityStatus": "Enabled",
          "service": "exchange",
          "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
        },
        {
          "assignedTimestamp": "2014-10-14T02:55:27Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
        },
        {
          "assignedTimestamp": "2014-10-14T02:55:27Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
        },
        {
          "assignedTimestamp": "2014-10-14T02:55:27Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftCommunicationsOnline",
          "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
        },
        {
          "assignedTimestamp": "2014-10-14T02:55:27Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftOffice",
          "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
        },
        {
          "assignedTimestamp": "2014-10-14T02:55:27Z",
          "capabilityStatus": "Enabled",
          "service": "RMSOnline",
          "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
        }
      ],
      "city": "Iselin",
      "country": "United States",
      "creationType": null,
      "department": "Sales & Marketing",
      "dirSyncEnabled": null,
      "displayName": "Pavel Bansky",
      "facsimileTelephoneNumber": null,
      "givenName": "Pavel",
      "immutableId": null,
      "jobTitle": "VP Sales",
      "lastDirSyncTime": null,
      "mail": "pavelb@a830edad9050849NDA1.onmicrosoft.com",
      "mailNickname": "pavelb",
      "mobile": null,
      "onPremisesSecurityIdentifier": null,
      "otherMails": [],
      "passwordPolicies": "None",
      "passwordProfile": null,
      "physicalDeliveryOfficeName": "19/3123",
      "postalCode": "8830",
      "preferredLanguage": null,
      "provisionedPlans": [
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "exchange"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftCommunicationsOnline"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftOffice"
        }
      ],
      "provisioningErrors": [],
      "proxyAddresses": [
        "SMTP:pavelb@a830edad9050849NDA1.onmicrosoft.com"
      ],
      "sipProxyAddress": "pavelb@a830edad9050849NDA1.onmicrosoft.com",
      "state": "NJ",
      "streetAddress": "101 Wood Avenue South, Suite 900",
      "surname": "Bansky",
      "telephoneNumber": "+1 732 555 0102",
      "usageLocation": "US",
      "userPrincipalName": "pavelb@a830edad9050849NDA1.onmicrosoft.com",
      "userType": "Member"
    },
    {
      "odata.type": "Microsoft.DirectoryServices.User",
      "objectType": "User",
      "objectId": "13addec1-c5ae-47f5-a1fe-202be14b1570",
      "deletionTimestamp": null,
      "accountEnabled": true,
      "signInNames": [],
      "assignedLicenses": [
        {
          "disabledPlans": [],
          "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
        }
      ],
      "assignedPlans": [
        {
          "assignedTimestamp": "2014-10-14T02:54:04Z",
          "capabilityStatus": "Enabled",
          "service": "exchange",
          "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:04Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:04Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:04Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftCommunicationsOnline",
          "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:04Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftOffice",
          "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
        },
        {
          "assignedTimestamp": "2014-10-14T02:54:04Z",
          "capabilityStatus": "Enabled",
          "service": "RMSOnline",
          "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
        }
      ],
      "city": "Tulsa",
      "country": "United States",
      "creationType": null,
      "department": "Sales & Marketing",
      "dirSyncEnabled": null,
      "displayName": "Garth Fort",
      "facsimileTelephoneNumber": null,
      "givenName": "Garth",
      "immutableId": null,
      "jobTitle": "Web Marketing Manager",
      "lastDirSyncTime": null,
      "mail": "garthf@a830edad9050849NDA1.onmicrosoft.com",
      "mailNickname": "garthf",
      "mobile": null,
      "onPremisesSecurityIdentifier": null,
      "otherMails": [],
      "passwordPolicies": "None",
      "passwordProfile": null,
      "physicalDeliveryOfficeName": "20/1101",
      "postalCode": "74133",
      "preferredLanguage": "en-US",
      "provisionedPlans": [
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "exchange"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftCommunicationsOnline"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftOffice"
        }
      ],
      "provisioningErrors": [],
      "proxyAddresses": [
        "SMTP:garthf@a830edad9050849NDA1.onmicrosoft.com"
      ],
      "sipProxyAddress": "garthf@a830edad9050849NDA1.onmicrosoft.com",
      "state": "OK",
      "streetAddress": "7633 E. 63rd Place, Suite 300",
      "surname": "Fort",
      "telephoneNumber": "+1 918 555 0101",
      "usageLocation": "US",
      "userPrincipalName": "garthf@a830edad9050849NDA1.onmicrosoft.com",
      "userType": "Member"
    },
    {
      "odata.type": "Microsoft.DirectoryServices.User",
      "objectType": "User",
      "objectId": "89efe8ed-d141-4151-a3e4-570a70022dff",
      "deletionTimestamp": null,
      "accountEnabled": true,
      "signInNames": [],
      "assignedLicenses": [
        {
          "disabledPlans": [],
          "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
        }
      ],
      "assignedPlans": [
        {
          "assignedTimestamp": "2014-10-14T02:53:29Z",
          "capabilityStatus": "Enabled",
          "service": "exchange",
          "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
        },
        {
          "assignedTimestamp": "2014-10-14T02:53:29Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
        },
        {
          "assignedTimestamp": "2014-10-14T02:53:29Z",
          "capabilityStatus": "Enabled",
          "service": "SharePoint",
          "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
        },
        {
          "assignedTimestamp": "2014-10-14T02:53:29Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftCommunicationsOnline",
          "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
        },
        {
          "assignedTimestamp": "2014-10-14T02:53:29Z",
          "capabilityStatus": "Enabled",
          "service": "MicrosoftOffice",
          "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
        },
        {
          "assignedTimestamp": "2014-10-14T02:53:29Z",
          "capabilityStatus": "Enabled",
          "service": "RMSOnline",
          "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
        }
      ],
      "city": "Bellevue",
      "country": "United States",
      "creationType": null,
      "department": "Sales & Marketing",
      "dirSyncEnabled": null,
      "displayName": "Janet Schorr",
      "facsimileTelephoneNumber": null,
      "givenName": "Janet",
      "immutableId": null,
      "jobTitle": "Product Marketing Manager",
      "lastDirSyncTime": null,
      "mail": "janets@a830edad9050849NDA1.onmicrosoft.com",
      "mailNickname": "janets",
      "mobile": null,
      "onPremisesSecurityIdentifier": null,
      "otherMails": [],
      "passwordPolicies": "None",
      "passwordProfile": null,
      "physicalDeliveryOfficeName": "18/2111",
      "postalCode": "98004",
      "preferredLanguage": null,
      "provisionedPlans": [
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "exchange"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftCommunicationsOnline"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "SharePoint"
        },
        {
          "capabilityStatus": "Enabled",
          "provisioningStatus": "Success",
          "service": "MicrosoftOffice"
        }
      ],
      "provisioningErrors": [],
      "proxyAddresses": [
        "SMTP:janets@a830edad9050849NDA1.onmicrosoft.com"
      ],
      "sipProxyAddress": "janets@a830edad9050849NDA1.onmicrosoft.com",
      "state": "WA",
      "streetAddress": "205 108th Ave. NE, Suite 400",
      "surname": "Schorr",
      "telephoneNumber": "+1 425 555 0109",
      "usageLocation": "US",
      "userPrincipalName": "janets@a830edad9050849NDA1.onmicrosoft.com",
      "userType": "Member"
    }
  ]
}

Response List

Status Code Description
200 OK. Indicates success. The results are returned in the response body.

Code Samples

using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;

namespace CSHttpClientSample
{
    static class Program
    {
	    static void Main()
        {
            MakeRequest();

            Console.WriteLine("Hit ENTER to exit...");
            Console.ReadLine();
        }

        static async void MakeRequest()
        {
            var client = new HttpClient();
            var queryString = HttpUtility.ParseQueryString(string.Empty);

            /* OAuth2 is required to access this API. For more information visit:
               https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */



		   // Specify values for the following required parameters
			queryString["api-version"] = "1.6";

			// Specify values for optional parameters, as needed
			// queryString["$filter"] = "startswith(displayName,'A')";
            // Specify values for path parameters (shown as {...})
            var uri = "https://graph.windows.net/myorganization/users?" + queryString;


            var response = await client.GetAsync(uri);

            if (response.Content != null)
            {
                var responseString = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseString);
            }
        }
    }
}
@ECHO OFF

REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/users?api-version=1.6&$filter=startswith(displayName%2c%27A%27)&"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class JavaSample {

  public static void main(String[] args) {
	HttpClient httpclient = HttpClients.createDefault();

	try
	{
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		// Specify values for path parameters (shown as {...})
		URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/users");
		// Specify values for the following required parameters
		builder.setParameter("api-version", "1.6");
		// Specify values for optional parameters, as needed
		// builder.setParameter("$filter", "startswith(displayName,'A')");
		URI uri = builder.build();
		HttpGet request = new HttpGet(uri);
		HttpResponse response = httpclient.execute(request);
		HttpEntity entity = response.getEntity();
		if (entity != null) {
			System.out.println(EntityUtils.toString(entity));
		}
	}
	catch (Exception e)
	{
		System.out.println(e.getMessage());
	}
  }
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
	$(function() {
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		var params = {
			// Specify values for the following required parameters
			'api-version': "1.6",
			// Specify values for optional parameters, as needed
			// $filter: "startswith(displayName,'A')",
		};
		
		$.ajax({
			// Specify values for path parameters (shown as {...})
			url: 'https://graph.windows.net/myorganization/users?' + $.param(params),
			type: 'GET',
		})
		.done(function(data) {
			alert("success");
		})
		.fail(function() {
			alert("error");
		});
	});
</script>
</body>
</html>
#import <Foundation/Foundation.h>

int main(int argc, const char * argv[])
{
    NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
    
	// OAuth2 is required to access this API. For more information visit:
	// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

	// Specify values for path parameters (shown as {...})
    NSString* path = @"https://graph.windows.net/myorganization/users";
    NSArray* array = @[
                         @"entities=true",
                      ];
    
    NSString* string = [array componentsJoinedByString:@"&"];
    path = [path stringByAppendingFormat:@"?%@", string];
    NSLog(@"%@", path);

    NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
    [_request setHTTPMethod:@"GET"];
    
    NSURLResponse *response = nil;
    NSError *error = nil;
    NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
    if(nil != error)
    {
        NSLog(@"Error: %@", error);
    }
    else
    {
        NSError* error = nil;
        NSMutableDictionary* json = nil;
        
        NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
        NSLog(@"%@", dataString);
        
        if(nil != _connectionData)
        {
            json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
        }
        
        if (error || !json)
        {
            NSLog(@"Could not parse loaded json with error:%@", error);
        }
        
        NSLog(@"%@", json);
        _connectionData = nil;
    }
    
    [pool drain];
    return 0;
}
<?php

// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);

$query_params = array(
	// Specify values for the following required parameters
	'api-version' => '1.6',
	// Specify values for optional parameters, as needed
	//'$filter' => 'startswith(displayName,'A')',
);

$request = new Http_Request2('https://graph.windows.net/myorganization/users');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);

// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

$url = $request->getUrl();
$url->setQueryVariables($query_params);

try
{
	$response = $request->send();
	
	echo $response->getBody();
}
catch (HttpException $ex)
{
	echo $ex;
}

?>
########### Python 2.7 #############
import httplib, urllib, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
	# Specify values for optional parameters, as needed
	#'$filter': 'startswith(displayName,'A')',
})

try:
	conn = httplib.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################

########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.parse.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
	# Specify values for optional parameters, as needed
	#'$filter': 'startswith(displayName,'A')',
})

try:
	conn = http.client.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################
require 'net/http'

uri = URI('https://graph.windows.net/myorganization/users')

uri.query = URI.encode_www_form({
	# Specify values for the following required parameters
	'api-version' => '1.6',
	# Specify values for optional parameters, as needed
	# '$filter' => 'startswith(displayName,'A')',
})

request = Net::HTTP::Get.new(uri.request_uri)

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks



response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
    http.request(request)
end

puts response.body

Get a user

Gets a specified user. You can use either the object ID (GUID) or the user principal name (UPN) to identify the target user.

Note: For an external user, you must specify the user’s object ID (GUID). Password property will be null.

On success, returns the User object for the specified user; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

GET https://graph.windows.net/myorganization/users/{user_id}?api-version

Parameters

Parameter Type Value Notes
URL
user_id string MeganB@M365x214355.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 Specifies the version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
GET https://graph.windows.net/myorganization/users/MeganB%40M365x214355.onmicrosoft.com?api-version=1.6

Response

Status Code:200

Content-Type: application/json

"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element",
  "odata.type": "Microsoft.DirectoryServices.User",
  "objectType": "User",
  "objectId": "13addec1-c5ae-47f5-a1fe-202be14b1570",
  "deletionTimestamp": null,
  "accountEnabled": true,
  "signInNames": [],
  "assignedLicenses": [
    {
      "disabledPlans": [],
      "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
    }
  ],
  "assignedPlans": [
    {
      "assignedTimestamp": "2014-10-14T02:54:04Z",
      "capabilityStatus": "Enabled",
      "service": "exchange",
      "servicePlanId": "efb87545-963c-4e0d-99df-69c6916d9eb0"
    },
    {
      "assignedTimestamp": "2014-10-14T02:54:04Z",
      "capabilityStatus": "Enabled",
      "service": "SharePoint",
      "servicePlanId": "5dbe027f-2339-4123-9542-606e4d348a72"
    },
    {
      "assignedTimestamp": "2014-10-14T02:54:04Z",
      "capabilityStatus": "Enabled",
      "service": "SharePoint",
      "servicePlanId": "e95bec33-7c88-4a70-8e19-b10bd9d0c014"
    },
    {
      "assignedTimestamp": "2014-10-14T02:54:04Z",
      "capabilityStatus": "Enabled",
      "service": "MicrosoftCommunicationsOnline",
      "servicePlanId": "0feaeb32-d00e-4d66-bd5a-43b5b83db82c"
    },
    {
      "assignedTimestamp": "2014-10-14T02:54:04Z",
      "capabilityStatus": "Enabled",
      "service": "MicrosoftOffice",
      "servicePlanId": "43de0ff5-c92c-492b-9116-175376d08c38"
    },
    {
      "assignedTimestamp": "2014-10-14T02:54:04Z",
      "capabilityStatus": "Enabled",
      "service": "RMSOnline",
      "servicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90"
    }
  ],
  "city": "Tulsa",
  "country": "United States",
  "creationType": null,
  "department": "Sales & Marketing",
  "dirSyncEnabled": null,
  "displayName": "Garth Fort",
  "facsimileTelephoneNumber": null,
  "givenName": "Garth",
  "immutableId": null,
  "jobTitle": "Web Marketing Manager",
  "lastDirSyncTime": null,
  "mail": "garthf@a830edad9050849NDA1.onmicrosoft.com",
  "mailNickname": "garthf",
  "mobile": null,
  "onPremisesSecurityIdentifier": null,
  "otherMails": [],
  "passwordPolicies": "None",
  "passwordProfile": null,
  "physicalDeliveryOfficeName": "20/1101",
  "postalCode": "74133",
  "preferredLanguage": "en-US",
  "provisionedPlans": [
    {
      "capabilityStatus": "Enabled",
      "provisioningStatus": "Success",
      "service": "exchange"
    },
    {
      "capabilityStatus": "Enabled",
      "provisioningStatus": "Success",
      "service": "MicrosoftCommunicationsOnline"
    },
    {
      "capabilityStatus": "Enabled",
      "provisioningStatus": "Success",
      "service": "SharePoint"
    },
    {
      "capabilityStatus": "Enabled",
      "provisioningStatus": "Success",
      "service": "SharePoint"
    },
    {
      "capabilityStatus": "Enabled",
      "provisioningStatus": "Success",
      "service": "MicrosoftOffice"
    }
  ],
  "provisioningErrors": [],
  "proxyAddresses": [
    "SMTP:garthf@a830edad9050849NDA1.onmicrosoft.com"
  ],
  "sipProxyAddress": "garthf@a830edad9050849NDA1.onmicrosoft.com",
  "state": "OK",
  "streetAddress": "7633 E. 63rd Place, Suite 300",
  "surname": "Fort",
  "telephoneNumber": "+1 918 555 0101",
  "usageLocation": "US",
  "userPrincipalName": "garthf@a830edad9050849NDA1.onmicrosoft.com",
  "userType": "Member"
}

Response List

Status Code Description
200 OK. Indicates success. The user is returned in the response body.

Code Samples

using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;

namespace CSHttpClientSample
{
    static class Program
    {
	    static void Main()
        {
            MakeRequest();

            Console.WriteLine("Hit ENTER to exit...");
            Console.ReadLine();
        }

        static async void MakeRequest()
        {
            var client = new HttpClient();
            var queryString = HttpUtility.ParseQueryString(string.Empty);

            /* OAuth2 is required to access this API. For more information visit:
               https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */



		   // Specify values for the following required parameters
			queryString["api-version"] = "1.6";
            // Specify values for path parameters (shown as {...})
            var uri = "https://graph.windows.net/myorganization/users/{user_id}?" + queryString;


            var response = await client.GetAsync(uri);

            if (response.Content != null)
            {
                var responseString = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseString);
            }
        }
    }
}
@ECHO OFF

REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/users/{user_id}?api-version=1.6&amp;"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class JavaSample {

  public static void main(String[] args) {
	HttpClient httpclient = HttpClients.createDefault();

	try
	{
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		// Specify values for path parameters (shown as {...})
		URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/users/{user_id}");
		// Specify values for the following required parameters
		builder.setParameter("api-version", "1.6");
		URI uri = builder.build();
		HttpGet request = new HttpGet(uri);
		HttpResponse response = httpclient.execute(request);
		HttpEntity entity = response.getEntity();
		if (entity != null) {
			System.out.println(EntityUtils.toString(entity));
		}
	}
	catch (Exception e)
	{
		System.out.println(e.getMessage());
	}
  }
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
	$(function() {
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		var params = {
			// Specify values for the following required parameters
			'api-version': "1.6",
		};
		
		$.ajax({
			// Specify values for path parameters (shown as {...})
			url: 'https://graph.windows.net/myorganization/users/{user_id}?' + $.param(params),
			type: 'GET',
		})
		.done(function(data) {
			alert("success");
		})
		.fail(function() {
			alert("error");
		});
	});
</script>
</body>
</html>
#import <Foundation/Foundation.h>

int main(int argc, const char * argv[])
{
    NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
    
	// OAuth2 is required to access this API. For more information visit:
	// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

	// Specify values for path parameters (shown as {...})
    NSString* path = @"https://graph.windows.net/myorganization/users/{user_id}";
    NSArray* array = @[
                         @"entities=true",
                      ];
    
    NSString* string = [array componentsJoinedByString:@"&"];
    path = [path stringByAppendingFormat:@"?%@", string];
    NSLog(@"%@", path);

    NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
    [_request setHTTPMethod:@"GET"];
    
    NSURLResponse *response = nil;
    NSError *error = nil;
    NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
    if(nil != error)
    {
        NSLog(@"Error: %@", error);
    }
    else
    {
        NSError* error = nil;
        NSMutableDictionary* json = nil;
        
        NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
        NSLog(@"%@", dataString);
        
        if(nil != _connectionData)
        {
            json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
        }
        
        if (error || !json)
        {
            NSLog(@"Could not parse loaded json with error:%@", error);
        }
        
        NSLog(@"%@", json);
        _connectionData = nil;
    }
    
    [pool drain];
    return 0;
}
<?php

// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);

$query_params = array(
	// Specify values for the following required parameters
	'api-version' => '1.6',
);

$request = new Http_Request2('https://graph.windows.net/myorganization/users/{user_id}');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);

// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

$url = $request->getUrl();
$url->setQueryVariables($query_params);

try
{
	$response = $request->send();
	
	echo $response->getBody();
}
catch (HttpException $ex)
{
	echo $ex;
}

?>
########### Python 2.7 #############
import httplib, urllib, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = httplib.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################

########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.parse.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = http.client.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################
require 'net/http'

uri = URI('https://graph.windows.net/myorganization/users/{user_id}')

uri.query = URI.encode_www_form({
	# Specify values for the following required parameters
	'api-version' => '1.6',
})

request = Net::HTTP::Get.new(uri.request_uri)

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks



response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
    http.request(request)
end

puts response.body

Get a user's thumbnail photo

Gets the thumbnail photo for a specified user from the thumbnailPhoto property. You can use either the object ID (GUID) or the user principal name (UPN) to identify the target user. Note: For an external user, you must specify the user’s object ID (GUID).

On success, returns the thumbnail photo for the specified user; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

Important: The media type depends on the image type stored in Azure AD and is returned in the Content-Type header; for example, image/jpeg. If the media type cannot be determined, the Graph API returns a Content-Type of */*. The Graph API does not convert between media (image) types.

GET https://graph.windows.net/myorganization/users/{user_id}/thumbnailPhoto?api-version
GET https://graph.windows.net/myorganization/users/MeganB%40M365x214355.onmicrosoft.com/thumbnailPhoto?api-version=1.6

Response

Status Code:200

Content-Type: image/jpeg

image data

Response List

Status Code Description
200 OK. Indicates success. The thumbnail photo is returned in the response body. Check the Content-Type header for the media type.
404 Not Found. The requested resource was not found. This can occur if the thumbnailPhoto property is not currently set for the specified user. It can also have other causes, for example, a bad domain. A code and associated message is returned with the error.

Create a user (work or school account)

Adds a user to the tenant by creating a work or school account. Such users are also known as organizational accounts or organizational users. The request body contains the properties of the user to create. At a minimum, you must specify the required properties for the user. You can optionally specify any other writable properties except for creationType, signInNames, or userIdentities, which are only valid for local and social accounts. To add a local account user to an Azure Active Directory B2C tenant, see Create a user (local account).

Important

Using scopes User.ReadWrite.All, Directory.ReadWrite.All (both of these for delegated and app only) and Directory.ActAsUser.All, the password can be set as part of user creation (POST)." Note that for the delegated permissions the signed-in user will need permissions to create users in the directory.

The following table shows the properties that are required when you create a user.

Required parameter Type Description
accountEnabled boolean true if the account is enabled; otherwise, false.
displayName string The name to display in the address book for the user.
immutableId string Only needs to be specified when creating a new user account if you are using a federated domain for the user's userPrincipalName (UPN) property.
mailNickname string The mail alias for the user.
passwordProfile PasswordProfile The password profile for the user. Note: The password can be set when creating a user.
userPrincipalName string The user principal name (someuser@contoso.com). The user principal name must contain one of the verified domains for the tenant.

On success, returns the newly created User; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

POST https://graph.windows.net/myorganization/users?api-version

Parameters

Parameter Type Value Notes
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
Body
Content-Type: application/json
{
  "accountEnabled": true,
  "displayName": "Alex Wu",
  "mailNickname": "AlexW",
  "passwordProfile": {
    "password": "Test1234",
    "forceChangePasswordNextLogin": false
  },
  "userPrincipalName": "Alex@a830edad9050849NDA1.onmicrosoft.com"
}

Response

Status Code:201

Content-Type: application/json

{
  "odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element",
  "odata.type": "Microsoft.DirectoryServices.User",
  "objectType": "User",
  "objectId": "84fba1e8-b942-47c9-a10e-a4bee353ce60",
  "deletionTimestamp": null,
  "accountEnabled": true,
  "signInNames": [],
  "assignedLicenses": [],
  "assignedPlans": [],
  "city": null,
  "country": null,
  "creationType": null,
  "department": null,
  "dirSyncEnabled": null,
  "displayName": "Alex Wu",
  "facsimileTelephoneNumber": null,
  "givenName": null,
  "immutableId": null,
  "jobTitle": null,
  "lastDirSyncTime": null,
  "mail": null,
  "mailNickname": "AlexW",
  "mobile": null,
  "onPremisesSecurityIdentifier": null,
  "otherMails": [],
  "passwordPolicies": null,
  "passwordProfile": null,
  "physicalDeliveryOfficeName": null,
  "postalCode": null,
  "preferredLanguage": null,
  "provisionedPlans": [],
  "provisioningErrors": [],
  "proxyAddresses": [],
  "sipProxyAddress": null,
  "state": null,
  "streetAddress": null,
  "surname": null,
  "telephoneNumber": null,
  "usageLocation": null,
  "userPrincipalName": "alex@a830edad9050849NDA1.com",
  "userType": "Member"
}

Response List

Status Code Description
201 Created. Indicates success. The new user is returned in the response body.

Create a user (local or social account)

Beginning with version 1.6, Graph API supports creating local and social account users for Azure Active Directory B2C tenants. Unlike users associated with a work or school account, which require sign-in with an email address that contains one of the tenant's verified domains, local account users support signing in with app-specific credentials; for example, with a 3rd-party email address or an app-specific user name. Social account users sign-in using popular social identity providers such as Facebook, Google, LinkedIn or Microsoft Account. For more information about Azure Active Directory B2C, see the Azure Active Directory B2C documentation.

The request body contains the properties of the local account user or social account user to create. At a minimum, you must specify the required properties. These are somewhat different than those specified for work or school accounts as you can see in the table below. For local account users, the creationType property must be specified to indicate that the user is a local account and the signInNames property must be specified to pass the sign-in names for the user. For social account users, the userIdentities collection must contain one userIdentity specifying the issuer such as facebook.com and the issuerUserId which is a unique user identifier for the issuer. For social account users, the creationType can be left null and the signInNames collection can be left empty. For a user to sign in either a local account or social account, the user creationType should be set to LocalAccount, signInNames should specify the local sign-in name for the user, and userIdentities should specify the social accounts for the user.

In addition to the required properties, you can optionally specify any other writable properties on the User entity; however, this is generally limited to app-defined extension properties and a subset of the available properties on the User entity. You cannot assign licenses or subscriptions to local account users.

The following table shows the properties that are required when you create a local account user:

Required parameter Type Description
accountEnabled boolean true if the account is enabled; otherwise, false.
creationType string Must be set to LocalAccount to create a local account user.
displayName string The name to display in the address book for the user.
passwordProfile PasswordProfile The password profile for the user.
signInNames collection(SignInName) One or more SignInName records that specify the sign-in names for the user. Each sign-in name must be unique across the company/tenant.

The following table shows the properties that are required when you create a social account user:

Required parameter Type Description
accountEnabled boolean true if the account is enabled; otherwise, false.
userIdentities collection(UserIdentity) One or more UserIdentity records that specify the social account type and the unique user identifier from the social identity provider.

On success, returns the newly created User; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

POST https://graph.windows.net/myorganization/users?api-version

Parameters

Parameter Type Value Notes
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
Body
Content-Type: application/json
{
  "accountEnabled": true,
  "creationType": "LocalAccount",
  "displayName": "Alex Wu",
  "passwordProfile": {
    "password": "Test1234",
    "forceChangePasswordNextLogin": false
  },
  "signInNames": [
    {
      "type": "userName",
      "value": "AlexW"
    },
    {
      "type": "emailAddress",
      "value": "AlexW@example.com"
    }
  ],
  "userIdentities": [
    {
      "issuer": "facebook.com",
      "issuerUserId": "MATxTNg5MzYyMzMyMNY1Njc="
    }
  ]
}

Response
Status Code:201
Content-Type: application/json

{
  "odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element",
  "odata.type": "Microsoft.DirectoryServices.User",
  "objectType": "User",
  "objectId": "84fba1e8-b942-47c9-a10e-a4bee353ce60",
  "deletionTimestamp": null,
  "accountEnabled": true,
  "signInNames": [
    {
      "type": "userName",
      "value": "AlexW"
    },
    {
      "type": "emailAddress",
      "value": "AlexW@example.com"
    }
  ],
  "userIdentities": [
    {
      "issuer": "facebook.com",
      "issuerUserId": "MATxTNg5MzYyMzMyMNY1Njc="
    }
  ],
  "assignedLicenses": [],
  "assignedPlans": [],
  "city": null,
  "country": null,
  "creationType": "LocalAccount",
  "department": null,
  "dirSyncEnabled": null,
  "displayName": "Alex Wu",
  "facsimileTelephoneNumber": null,
  "givenName": null,
  "immutableId": null,
  "jobTitle": null,
  "lastDirSyncTime": null,
  "mail": null,
  "mailNickname": "AlexW_example.com#EXT#",
  "mobile": null,
  "onPremisesSecurityIdentifier": null,
  "otherMails": [],
  "passwordPolicies": null,
  "passwordProfile": null,
  "physicalDeliveryOfficeName": null,
  "postalCode": null,
  "preferredLanguage": null,
  "provisionedPlans": [],
  "provisioningErrors": [],
  "proxyAddresses": [],
  "sipProxyAddress": null,
  "state": null,
  "streetAddress": null,
  "surname": null,
  "telephoneNumber": null,
  "usageLocation": null,
  "userPrincipalName": "AlexW_example.com#EXT#@a830edad9050849NDA1.com",
  "userType": "Member"
}

Response List

Status Code Description
201 Created. Indicates success. The new user is returned in the response body.

Update a user

Update a user's properties. Specify any writable User property in the request body. Only the properties that you specify are changed.

On success, no response body is returned; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

PATCH https://graph.windows.net/myorganization/users/{user_id}?api-version

Parameters

Parameter Type Value Notes
URL
user_id string alexd@a830edad9050849NDA1.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
Body
Content-Type: application/json
{
  "department": "Sales",
  "usageLocation": "US"
}
PATCH https://graph.windows.net/myorganization/users/alexd%40a830edad9050849NDA1.onmicrosoft.com?api-version=1.6

Response

Status Code:204

Content-Type: application/json

none

Response List

Status Code Description
204 No Content. Indicates success. No response body is returned.

Reset a user's password

Reset a user's password. Resetting a user's password is a special case of the update user operation. Specify the passwordProfile property for the User. The request contains a valid PasswordProfile object that specifies a password that satisfies the tenant’s password complexity policy. The password policy typically imposes constraints on the complexity, length, and re-use of a password. For more information, see the PasswordProfile topic.

Important

Either delegated scope User.ReadWrite.All or Directory.AccessAsUser.All is required to reset a user's password. In addition to the correct scope, the signed-in user would need sufficient privileges to reset another user's password.

On success, no response body is returned; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

PATCH https://graph.windows.net/myorganization/users/{user_id}?api-version

Parameters

Parameter Type Value Notes
URL
user_id string alexd@a830edad9050849NDA1.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
Body
Content-Type: application/json
{
  "passwordProfile": {
    "password": "Test123456",
    "forceChangePasswordNextLogin": false
  }
}
PATCH https://graph.windows.net/myorganization/users/alexd%40a830edad9050849NDA1.onmicrosoft.com?api-version=1.6

Response

Status Code:204

Content-Type: application/json

none

Response List

Status Code Description
204 No Content. Indicates success. No response body is returned.

Delete a user

Deletes a user. Deleted users might not be recoverable.

On success, no response body is returned; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

DELETE https://graph.windows.net/myorganization/users/{user_id}[?api-version]

Parameters

Parameter Type Value Notes
URL
user_id string marvin@a830edad9050849NDA1.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 Specifies the version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
DELETE https://graph.windows.net/myorganization/users/marvin%40a830edad9050849NDA1.onmicrosoft.com?api-version=1.6

Response

Status Code:204

Content-Type: application/json

none

Response List

Status Code Description
204 No Content. Indicates success.

Invalidate all refresh tokens for a user

Invalidates all of the user's refresh tokens issued to applications (as well as session cookies in a user's browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation would prevent access to any of the organization's data accessed through applications on the device without the user first being required to sign in again. In fact, this operation would force the user to sign in again for all applications that they have previously consented to, independent of device.

For developers, if the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application will get an error. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint, which will force the user to sign in.

On success, no response body is returned; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

POST https://graph.windows.net/myorganization/users/{user_id}/invalidateAllRefreshTokens?api-version

Parameters

Parameter Type Value Notes
URL
user_id string garthf@a830edad9050849NDA1.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 Specifies the version of the Graph API to target. Required.
POST https://graph.windows.net/myorganization/users/garthf%40a830edad9050849NDA1.onmicrosoft.com/invalidateAllRefreshTokens?api-version=1.6

Response

Status Code:204

Content-Type: application/json

none

Response List

Status Code Description
204 No Content. Indicates success. No response body is returned.

Operations on user navigation properties

Relationships between a user and other objects in the directory such as the user's manager, direct group memberships, and direct reports are exposed through navigation properties. You can read and, in some cases, modify these relationships by targeting these navigation properties in your requests.

Get a user's manager

Gets the user's manager from the manager navigation property.

On success, returns a link to the User or Contact assigned as the user's manager; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

Note: You can remove the "$links" segment from the URL to return the User or Contact object instead of a link.

GET https://graph.windows.net/myorganization/users/{user_id}/$links/manager?api-version

Parameters

Parameter Type Value Notes
URL
user_id string AdeleV@M365x214355.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
GET https://graph.windows.net/myorganization/users/AdeleV%40M365x214355.onmicrosoft.com/$links/manager?api-version=1.6

Response

Status Code:200

Content-Type: application/json

{
  "odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/$links/manager",
  "url": "https://graph.windows.net/myorganization/directoryObjects/fabeb27a-0481-4a80-b43e-a5c02c125874/Microsoft.WindowsAzure.ActiveDirectory.User"
}

Response List

Status Code Description
200 OK. Indicates success. A link to the user's manager is returned.
404 Not Found. The requested resource was not found. This can occur if the manager property is not currently set for the specified user. It can also have other causes, for example, a bad domain. A code and associated message is returned with the error.

Code Samples

using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;

namespace CSHttpClientSample
{
    static class Program
    {
	    static void Main()
        {
            MakeRequest();

            Console.WriteLine("Hit ENTER to exit...");
            Console.ReadLine();
        }

        static async void MakeRequest()
        {
            var client = new HttpClient();
            var queryString = HttpUtility.ParseQueryString(string.Empty);

            /* OAuth2 is required to access this API. For more information visit:
               https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */



		   // Specify values for the following required parameters
			queryString["api-version"] = "1.6";
            // Specify values for path parameters (shown as {...})
            var uri = "https://graph.windows.net/myorganization/users/{user_id}/$links/manager?" + queryString;


            var response = await client.GetAsync(uri);

            if (response.Content != null)
            {
                var responseString = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseString);
            }
        }
    }
}
@ECHO OFF

REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/users/{user_id}/$links/manager?api-version=1.6&amp;"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class JavaSample {

  public static void main(String[] args) {
	HttpClient httpclient = HttpClients.createDefault();

	try
	{
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		// Specify values for path parameters (shown as {...})
		URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/users/{user_id}/$links/manager");
		// Specify values for the following required parameters
		builder.setParameter("api-version", "1.6");
		URI uri = builder.build();
		HttpGet request = new HttpGet(uri);
		HttpResponse response = httpclient.execute(request);
		HttpEntity entity = response.getEntity();
		if (entity != null) {
			System.out.println(EntityUtils.toString(entity));
		}
	}
	catch (Exception e)
	{
		System.out.println(e.getMessage());
	}
  }
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
	$(function() {
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		var params = {
			// Specify values for the following required parameters
			'api-version': "1.6",
		};
		
		$.ajax({
			// Specify values for path parameters (shown as {...})
			url: 'https://graph.windows.net/myorganization/users/{user_id}/$links/manager?' + $.param(params),
			type: 'GET',
		})
		.done(function(data) {
			alert("success");
		})
		.fail(function() {
			alert("error");
		});
	});
</script>
</body>
</html>
#import <Foundation/Foundation.h>

int main(int argc, const char * argv[])
{
    NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
    
	// OAuth2 is required to access this API. For more information visit:
	// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

	// Specify values for path parameters (shown as {...})
    NSString* path = @"https://graph.windows.net/myorganization/users/{user_id}/$links/manager";
    NSArray* array = @[
                         @"entities=true",
                      ];
    
    NSString* string = [array componentsJoinedByString:@"&"];
    path = [path stringByAppendingFormat:@"?%@", string];
    NSLog(@"%@", path);

    NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
    [_request setHTTPMethod:@"GET"];
    
    NSURLResponse *response = nil;
    NSError *error = nil;
    NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
    if(nil != error)
    {
        NSLog(@"Error: %@", error);
    }
    else
    {
        NSError* error = nil;
        NSMutableDictionary* json = nil;
        
        NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
        NSLog(@"%@", dataString);
        
        if(nil != _connectionData)
        {
            json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
        }
        
        if (error || !json)
        {
            NSLog(@"Could not parse loaded json with error:%@", error);
        }
        
        NSLog(@"%@", json);
        _connectionData = nil;
    }
    
    [pool drain];
    return 0;
}
<?php

// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);

$query_params = array(
	// Specify values for the following required parameters
	'api-version' => '1.6',
);

$request = new Http_Request2('https://graph.windows.net/myorganization/users/{user_id}/$links/manager');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);

// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

$url = $request->getUrl();
$url->setQueryVariables($query_params);

try
{
	$response = $request->send();
	
	echo $response->getBody();
}
catch (HttpException $ex)
{
	echo $ex;
}

?>
########### Python 2.7 #############
import httplib, urllib, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = httplib.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}/$links/manager?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################

########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.parse.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = http.client.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}/$links/manager?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################
require 'net/http'

uri = URI('https://graph.windows.net/myorganization/users/{user_id}/$links/manager')

uri.query = URI.encode_www_form({
	# Specify values for the following required parameters
	'api-version' => '1.6',
})

request = Net::HTTP::Get.new(uri.request_uri)

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks



response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
    http.request(request)
end

puts response.body

Assign a user's manager

Assigns a user's manager through the manager property. Either a user or a contact may be assigned. The request body contains a link to the User or Contact to assign.

On success, no response body is returned; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

PUT https://graph.windows.net/myorganization/users/{user_id}/$links/manager?api-version

Parameters

Parameter Type Value Notes
URL
user_id string alexd@a830edad9050849NDA1.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
Body
Content-Type: application/json
{
  "url": "https://graph.windows.net/contoso.onmicrosoft.com/directoryObjects/fabeb27a-0481-4a80-b43e-a5c02c125874"
}
PUT https://graph.windows.net/myorganization/users/alexd%40a830edad9050849NDA1.onmicrosoft.com/$links/manager?api-version=1.6

Response

Status Code:204

Content-Type: application/json

none

Response List

Status Code Description
204 No Content. Indicates success. No response body is returned.

Get a user's direct reports

Gets the user's direct reports from the directReports navigation property.

On success, returns a collection of links to the User's and Contact's for whom this user is assigned as manager; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

Note: You can remove the "$links" segment from the URL to return DirectoryObjects for the users and contacts instead of links.

GET https://graph.windows.net/myorganization/users/{user_id}/$links/directReports?api-version

Parameters

Parameter Type Value Notes
URL
user_id string MiriamG@M365x214355.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
GET https://graph.windows.net/myorganization/users/MiriamG%40M365x214355.onmicrosoft.com/$links/directReports?api-version=1.6

Response

Status Code:200

Content-Type: application/json

{
  "odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/$links/directReports",
  "value": [
    {
      "url": "https://graph.windows.net/myorganization/directoryObjects/84fba1e8-b942-47c9-a10e-a4bee353ce60/Microsoft.DirectoryServices.User"
    }
  ]
}

Response List

Status Code Description
200 OK. Indicates success. One or more direct reports are returned.

Code Samples

using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;

namespace CSHttpClientSample
{
    static class Program
    {
	    static void Main()
        {
            MakeRequest();

            Console.WriteLine("Hit ENTER to exit...");
            Console.ReadLine();
        }

        static async void MakeRequest()
        {
            var client = new HttpClient();
            var queryString = HttpUtility.ParseQueryString(string.Empty);

            /* OAuth2 is required to access this API. For more information visit:
               https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */



		   // Specify values for the following required parameters
			queryString["api-version"] = "1.6";
            // Specify values for path parameters (shown as {...})
            var uri = "https://graph.windows.net/myorganization/users/{user_id}/$links/directReports?" + queryString;


            var response = await client.GetAsync(uri);

            if (response.Content != null)
            {
                var responseString = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseString);
            }
        }
    }
}
@ECHO OFF

REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/users/{user_id}/$links/directReports?api-version=1.6&amp;"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class JavaSample {

  public static void main(String[] args) {
	HttpClient httpclient = HttpClients.createDefault();

	try
	{
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		// Specify values for path parameters (shown as {...})
		URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/users/{user_id}/$links/directReports");
		// Specify values for the following required parameters
		builder.setParameter("api-version", "1.6");
		URI uri = builder.build();
		HttpGet request = new HttpGet(uri);
		HttpResponse response = httpclient.execute(request);
		HttpEntity entity = response.getEntity();
		if (entity != null) {
			System.out.println(EntityUtils.toString(entity));
		}
	}
	catch (Exception e)
	{
		System.out.println(e.getMessage());
	}
  }
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
	$(function() {
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		var params = {
			// Specify values for the following required parameters
			'api-version': "1.6",
		};
		
		$.ajax({
			// Specify values for path parameters (shown as {...})
			url: 'https://graph.windows.net/myorganization/users/{user_id}/$links/directReports?' + $.param(params),
			type: 'GET',
		})
		.done(function(data) {
			alert("success");
		})
		.fail(function() {
			alert("error");
		});
	});
</script>
</body>
</html>
#import <Foundation/Foundation.h>

int main(int argc, const char * argv[])
{
    NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
    
	// OAuth2 is required to access this API. For more information visit:
	// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

	// Specify values for path parameters (shown as {...})
    NSString* path = @"https://graph.windows.net/myorganization/users/{user_id}/$links/directReports";
    NSArray* array = @[
                         @"entities=true",
                      ];
    
    NSString* string = [array componentsJoinedByString:@"&"];
    path = [path stringByAppendingFormat:@"?%@", string];
    NSLog(@"%@", path);

    NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
    [_request setHTTPMethod:@"GET"];
    
    NSURLResponse *response = nil;
    NSError *error = nil;
    NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
    if(nil != error)
    {
        NSLog(@"Error: %@", error);
    }
    else
    {
        NSError* error = nil;
        NSMutableDictionary* json = nil;
        
        NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
        NSLog(@"%@", dataString);
        
        if(nil != _connectionData)
        {
            json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
        }
        
        if (error || !json)
        {
            NSLog(@"Could not parse loaded json with error:%@", error);
        }
        
        NSLog(@"%@", json);
        _connectionData = nil;
    }
    
    [pool drain];
    return 0;
}
<?php

// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);

$query_params = array(
	// Specify values for the following required parameters
	'api-version' => '1.6',
);

$request = new Http_Request2('https://graph.windows.net/myorganization/users/{user_id}/$links/directReports');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);

// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

$url = $request->getUrl();
$url->setQueryVariables($query_params);

try
{
	$response = $request->send();
	
	echo $response->getBody();
}
catch (HttpException $ex)
{
	echo $ex;
}

?>
########### Python 2.7 #############
import httplib, urllib, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = httplib.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}/$links/directReports?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################

########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.parse.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = http.client.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}/$links/directReports?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################
require 'net/http'

uri = URI('https://graph.windows.net/myorganization/users/{user_id}/$links/directReports')

uri.query = URI.encode_www_form({
	# Specify values for the following required parameters
	'api-version' => '1.6',
})

request = Net::HTTP::Get.new(uri.request_uri)

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks



response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
    http.request(request)
end

puts response.body

Get a user's group and directory role memberships

Gets the user's group and directory role memberships from the memberOf navigation property.

This property returns only groups or directory roles that the user is a direct member of. To get all of the groups that the user has direct or transitive membership in, call the getMemberGroups function. To get all of the groups or directory roles that the user has direct or transitive membership in, call the getMemberObjects function.

On success, returns a collection of links to the Group's and DirectoryRole's that this user is a member of; otherwise, the response body contains error details. For more information about errors, see Error Codes and Error Handling.

Note: You can remove the "$links" segment from the URL to return the DirectoryObjects for the groups and directory roles instead of links.

GET https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf?api-version

Parameters

Parameter Type Value Notes
URL
user_id string MiriamG@M365x214355.onmicrosoft.com The user ID. Can be the object ID (GUID) or the user principal name (someuser@a830edad9050849NDA1.onmicrosoft.com) of the target user.
Query
api-version string 1.6 The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required.
GET https://graph.windows.net/myorganization/users/MiriamG%40M365x214355.onmicrosoft.com/$links/memberOf?api-version=1.6

Response

Status Code:200

Content-Type: application/json

{
  "odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/$links/memberOf",
  "value": [
    {
      "url": "https://graph.windows.net/myorganization/directoryObjects/12345678-b942-47c9-a10e-a4bee353ce60/Microsoft.DirectoryServices.Group"
    }
  ]
}

Response List

Status Code Description
200 OK. Indicates success. One or more groups and/or directory roles are returned.

Code Samples

using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;

namespace CSHttpClientSample
{
    static class Program
    {
	    static void Main()
        {
            MakeRequest();

            Console.WriteLine("Hit ENTER to exit...");
            Console.ReadLine();
        }

        static async void MakeRequest()
        {
            var client = new HttpClient();
            var queryString = HttpUtility.ParseQueryString(string.Empty);

            /* OAuth2 is required to access this API. For more information visit:
               https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */



		   // Specify values for the following required parameters
			queryString["api-version"] = "1.6";
            // Specify values for path parameters (shown as {...})
            var uri = "https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf?" + queryString;


            var response = await client.GetAsync(uri);

            if (response.Content != null)
            {
                var responseString = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseString);
            }
        }
    }
}
@ECHO OFF

REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf?api-version=1.6&amp;"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class JavaSample {

  public static void main(String[] args) {
	HttpClient httpclient = HttpClients.createDefault();

	try
	{
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		// Specify values for path parameters (shown as {...})
		URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf");
		// Specify values for the following required parameters
		builder.setParameter("api-version", "1.6");
		URI uri = builder.build();
		HttpGet request = new HttpGet(uri);
		HttpResponse response = httpclient.execute(request);
		HttpEntity entity = response.getEntity();
		if (entity != null) {
			System.out.println(EntityUtils.toString(entity));
		}
	}
	catch (Exception e)
	{
		System.out.println(e.getMessage());
	}
  }
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
	$(function() {
		// OAuth2 is required to access this API. For more information visit:
		// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

		var params = {
			// Specify values for the following required parameters
			'api-version': "1.6",
		};
		
		$.ajax({
			// Specify values for path parameters (shown as {...})
			url: 'https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf?' + $.param(params),
			type: 'GET',
		})
		.done(function(data) {
			alert("success");
		})
		.fail(function() {
			alert("error");
		});
	});
</script>
</body>
</html>
#import <Foundation/Foundation.h>

int main(int argc, const char * argv[])
{
    NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
    
	// OAuth2 is required to access this API. For more information visit:
	// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

	// Specify values for path parameters (shown as {...})
    NSString* path = @"https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf";
    NSArray* array = @[
                         @"entities=true",
                      ];
    
    NSString* string = [array componentsJoinedByString:@"&"];
    path = [path stringByAppendingFormat:@"?%@", string];
    NSLog(@"%@", path);

    NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
    [_request setHTTPMethod:@"GET"];
    
    NSURLResponse *response = nil;
    NSError *error = nil;
    NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
    if(nil != error)
    {
        NSLog(@"Error: %@", error);
    }
    else
    {
        NSError* error = nil;
        NSMutableDictionary* json = nil;
        
        NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
        NSLog(@"%@", dataString);
        
        if(nil != _connectionData)
        {
            json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
        }
        
        if (error || !json)
        {
            NSLog(@"Could not parse loaded json with error:%@", error);
        }
        
        NSLog(@"%@", json);
        _connectionData = nil;
    }
    
    [pool drain];
    return 0;
}
<?php

// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);

$query_params = array(
	// Specify values for the following required parameters
	'api-version' => '1.6',
);

$request = new Http_Request2('https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);

// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

$url = $request->getUrl();
$url->setQueryVariables($query_params);

try
{
	$response = $request->send();
	
	echo $response->getBody();
}
catch (HttpException $ex)
{
	echo $ex;
}

?>
########### Python 2.7 #############
import httplib, urllib, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = httplib.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}/$links/memberOf?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################

########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks

headers = {
}

params = urllib.parse.urlencode({
	# Specify values for the following required parameters
	'api-version': '1.6',
})

try:
	conn = http.client.HTTPSConnection('graph.windows.net')
	# Specify values for path parameters (shown as {...}) and request body if needed
	conn.request("GET", "/myorganization/users/{user_id}/$links/memberOf?%s" % params, "", headers)
	response = conn.getresponse()
	data = response.read()
	print(data)
	conn.close()
except Exception as e:
	print("[Errno {0}] {1}".format(e.errno, e.strerror))

####################################
require 'net/http'

uri = URI('https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf')

uri.query = URI.encode_www_form({
	# Specify values for the following required parameters
	'api-version' => '1.6',
})

request = Net::HTTP::Get.new(uri.request_uri)

# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks



response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
    http.request(request)
end

puts response.body

Other navigation properties

By using the same patterns shown above, you can target other navigation properties exposed by users. Some properties are read-only and others may be modified. For more information about user navigation properties, see the documentation for User.


Functions and actions on users

You can call any of the following functions or actions on a user.

Assign a license to a user

You can call the assignLicense action to assign or remove licenses for a user and to enable or disable specific plans for the user.

Change password of the signed-in user

You can call the changePassword action on the signed-in user to enable them to change their password.

Check membership in a specific group (transitive)

You can call the isMemberOf function to check for membership in a specific group. The check is transitive.

Check membership in a list of groups (transitive)

You can call the checkMemberGroups function to check for membership in a list of groups. The check is transitive.

Get all group memberships (transitive)

You can call the getMemberGroups function to return all the groups that the user is a member of. The check is transitive, unlike reading the memberOf navigation property, which returns only the groups that the user is a direct member of.

Get all group and directory role memberships (transitive)

You can call the getMemberObjects function to return all of the groups and directory roles that the user is a member of. The check is transitive, unlike reading the memberOf navigation property, which returns only the groups that the user is a direct member of.


Additional Resources

  • Learn more about Graph API supported features, capabilities, and preview features in Graph API concepts