편집

다음을 통해 공유


List groups

Namespace: microsoft.graph

List all the groups available in an organization, excluding dynamic distribution groups. To retrieve dynamic distribution groups, use the Exchange admin center.

This operation returns by default only a subset of the properties for each group. These default properties are noted in the Properties section. To get properties that are not returned by default, do a GET operation for the group and specify the properties in a $select OData query option. The hasMembersWithLicenseErrors and isArchived properties are an exception and are not returned in the $select query.

Note: This request might have replication delays for groups that were recently created, updated, or deleted.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) GroupMember.Read.All Group.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Group.Read.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application GroupMember.Read.All Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, Group.ReadWrite.All

HTTP request

GET /groups

Optional query parameters

This method supports the $count, $expand, $filter, $orderby, $search, $select, and $top OData query parameters to help customize the response. $skip isn't supported. The default and maximum page sizes are 100 and 999 group objects respectively. Some queries are supported only when you use the ConsistencyLevel header set to eventual and $count. For more information, see Advanced query capabilities on directory objects.

To list only Microsoft 365 groups (aka unified groups), apply a filter on groupTypes:

GET https://graph.microsoft.com/v1.0/groups?$filter=groupTypes/any(c:c+eq+'Unified')

The $search query parameter supports tokenization only on the displayName and description fields and requires the ConsistencyLevel header. Fields other than displayName and description default to $filter startswith behavior.

Extension properties also support query parameters as follows:

Extension type Comments
Schema extensions Returned only with $select.
Open extensions Returned only with $expand.
Directory extensions Returned by default.

For more information on OData query options, see OData query parameters. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on directory objects.

Filter by group types

Group type API request
Microsoft 365 (unified) groups GET /groups?$filter=groupTypes/any(c:c+eq+'Unified')
Security groups GET /groups?$filter=mailEnabled eq false&securityEnabled eq true
Mail-enabled security groups GET /groups?$filter=NOT groupTypes/any(c:c eq 'Unified') and mailEnabled eq true and securityEnabled eq true&$count=true **
Distribution groups GET /groups?$filter=NOT groupTypes/any(c:c eq 'Unified') and mailEnabled eq true and securityEnabled eq false&$count=true **

** : This example is only supported with advanced query capabilities.

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
ConsistencyLevel eventual. This header and $count are required when using $search, or in specific usage of $filter. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on directory objects.

Request body

Don't supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and collection of group objects in the response body. The response includes only the default properties of each group.

Examples

Example 1: Get a list of groups

Request

The following example shows a request.

GET https://graph.microsoft.com/v1.0/groups

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability. All the default properties are returned for each group in an actual call.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
  "value": [
    {
      "id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
      "deletedDateTime": null,
      "classification": null,
      "createdDateTime": "2018-12-22T02:21:05Z",
      "description": "Self help community for golf",
      "displayName": "Golf Assist",
      "expirationDateTime": null,
      "groupTypes": [
        "Unified"
      ],
      "isAssignableToRole": null,
      "mail": "golfassist@contoso.com",
      "mailEnabled": true,
      "mailNickname": "golfassist",
      "membershipRule": null,
      "membershipRuleProcessingState": null,
      "onPremisesLastSyncDateTime": null,
      "onPremisesSecurityIdentifier": null,
      "onPremisesSyncEnabled": null,
      "preferredDataLocation": "CAN",
      "preferredLanguage": null,
      "proxyAddresses": [
        "smtp:golfassist@contoso.com",
        "SMTP:golfassist@contoso.com"
      ],
      "renewedDateTime": "2018-12-22T02:21:05Z",
      "resourceBehaviorOptions": [],
      "resourceProvisioningOptions": [],
      "securityEnabled": false,
      "theme": null,
      "visibility": "Public",
      "onPremisesProvisioningErrors": []
    },
    {
      "id": "d7797254-3084-44d0-99c9-a3b5ab149538",
      "deletedDateTime": null,
      "classification": null,
      "createdDateTime": "2018-11-19T20:29:40Z",
      "description": "Talk about golf",
      "displayName": "Golf Discussion",
      "expirationDateTime": null,
      "groupTypes": [],
      "isAssignableToRole": null,
      "mail": "golftalk@contoso.com",
      "mailEnabled": true,
      "mailNickname": "golftalk",
      "membershipRule": null,
      "membershipRuleProcessingState": null,
      "onPremisesLastSyncDateTime": null,
      "onPremisesSecurityIdentifier": null,
      "onPremisesSyncEnabled": null,
      "preferredDataLocation": "CAN",
      "preferredLanguage": null,
      "proxyAddresses": [
        "smtp:golftalk@contoso.com",
        "SMTP:golftalk@contoso.com"
      ],
      "renewedDateTime": "2018-11-19T20:29:40Z",
      "resourceBehaviorOptions": [],
      "resourceProvisioningOptions": [],
      "securityEnabled": false,
      "serviceProvisioningErrors": [],
      "theme": null,
      "visibility": null,
      "onPremisesProvisioningErrors": []
    }
  ]
}

Example 2: Get a filtered list of groups

This request that filters against the hasMembersWithLicenseErrors property doesn't support retrieving the count of returned objects.

Request

GET https://graph.microsoft.com/v1.0/groups?$filter=hasMembersWithLicenseErrors+eq+true&$select=id,displayName

Response

The following is an example of the response which includes only the requested properties.

HTTP/1.1 200 OK
Content-type: application/json

{
   "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#groups(id,displayName)",
   "value":[
      {
         "id":"11111111-2222-3333-4444-555555555555",
         "displayName":"Contoso Group 1"
      },
      {
         "id":"22222222-3333-4444-5555-666666666666",
         "displayName":"Contoso Group 2"
      }
   ]
}

Example 3: Get only a count of groups

Request

The following example shows a request. This request requires the ConsistencyLevel header set to eventual because $count is in the request. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on directory objects.

Note: The $count and $search query parameters are currently not available in Azure AD B2C tenants.

GET https://graph.microsoft.com/v1.0/groups/$count
ConsistencyLevel: eventual

Response

The following example shows the response.

HTTP/1.1 200 OK
Content-type: text/plain

893

Example 4: Use $filter and $top to get one group with a display name that starts with 'a' including a count of returned objects

Request

The following example shows a request. This request requires the ConsistencyLevel header set to eventual and the $count=true query string because the request has both the $orderby and $filter query parameters. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on directory objects.

Note: The $count and $search query parameters are currently not available in Azure AD B2C tenants.

GET https://graph.microsoft.com/v1.0/groups?$filter=startswith(displayName, 'a')&$count=true&$top=1&$orderby=displayName
ConsistencyLevel: eventual

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
   "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#groups",
   "@odata.count":1,
   "value":[
      {
         "displayName":"a",
         "mailNickname":"a241"
      }
   ]
}

Example 5: Use $search to get groups with display names that contain the letters 'Video' or a description that contains the letters 'prod' including a count of returned objects

Request

The following example shows a request. This request requires the ConsistencyLevel header set to eventual because $search is in the request. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on directory objects.

Note: The $count and $search query parameters are currently not available in Azure AD B2C tenants.

GET https://graph.microsoft.com/v1.0/groups?$search="displayName:Video" OR "description:prod"&$orderby=displayName&$count=true
ConsistencyLevel: eventual

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
   "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#groups",
   "@odata.count":1396,
   "value":[
      {
         "displayName":"SFA Videos",
         "mail":"SFAVideos@service.contoso.com",
         "mailNickname":"SFAVideos"
      },
      {
         "description":"Video Production",
         "displayName":"Video Production",
         "mail":"videoprod@service.contoso.com",
         "mailNickname":"VideoProduction"
      }
   ]
}

Example 6: List dynamic security groups

Request

The following example shows a request that filters by the membershipRuleProcessingState to retrieve dynamic groups. You may also filter by the groupTypes properties (that is, $filter=groupTypes/any(s:s eq 'DynamicMembership')). This request requires the ConsistencyLevel header set to eventual and the $count=true query string because the request uses the not operator of the $filter query parameter. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on directory objects.

Note: The $count and $search query parameters are currently not available in Azure AD B2C tenants.

GET https://graph.microsoft.com/v1.0/groups?$filter=mailEnabled eq false and securityEnabled eq true and NOT(groupTypes/any(s:s eq 'Unified')) and membershipRuleProcessingState eq 'On'&$count=true&$select=id,membershipRule,membershipRuleProcessingState
ConsistencyLevel: eventual

Response

The following example shows the response.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups(id,membershipRule,membershipRuleProcessingState)",
    "@odata.count": 1,
    "value": [
        {
            "@odata.id": "https://graph.microsoft.com/v2/84841066-274d-4ec0-a5c1-276be684bdd3/directoryObjects/e9f4a701-e7b5-4401-a0ca-5bd5f3cdcf4b/Microsoft.DirectoryServices.Group",
            "id": "e9f4a701-e7b5-4401-a0ca-5bd5f3cdcf4b",
            "membershipRule": "(user.userType -contains \"Guest\" and user.accountEnabled -eq true) or (user.city -eq \"Nairobi\")",
            "membershipRuleProcessingState": "On"
        }
    ]
}

Example 7: List any groups with any licenses and get the group's members

Request

GET https://graph.microsoft.com/v1.0/groups?$select=id,assignedLicenses&$filter=assignedLicenses/any()&$expand=members($select=id,displayName)

Response

The following example shows the response.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups(id,assignedLicenses,members())",
  "value": [
    {
      "id": "5caf712c-8483-4b3d-8384-d8da988c0ca4",
      "assignedLicenses": [
        {
          "disabledPlans": [],
          "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
        }
      ],
      "members": [
        {
          "@odata.type": "#microsoft.graph.user",
          "id": "0952e4c8-432f-4950-a65c-769c45993527"
        },
        {
          "@odata.type": "#microsoft.graph.user",
          "id": "49e373b6-4717-40c6-ad43-843c45a258f0"
        }
      ]
    },
    {
      "id": "aae8ec2a-5a08-4013-ae70-fafbb5c20de1",
      "assignedLicenses": [
        {
          "disabledPlans": [
            "7547a3fe-08ee-4ccb-b430-5077c5041653"
          ],
          "skuId": "18181a46-0d4e-45cd-891e-60aabd171b4e"
        }
      ],
      "members": []
    }
  ]
}