Add members

Namespace: microsoft.graph

Add a member to a security or Microsoft 365 group through the members navigation property.

The following table shows the types of members that can be added to either security groups or Microsoft 365 groups.

Object type Member of security group Member of Microsoft 365 group
User Can be group member Can be group member
Security group Can be group member Cannot be group member
Microsoft 365 group Cannot be group member Cannot be group member
Device Can be group member Cannot be group member
Service principal Can be group member Cannot be group member
Organizational contact Can be group member Cannot be group member

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All

Important

To add members to a role-assignable group, the calling user must also be assigned the RoleManagement.ReadWrite.Directory permission.

HTTP request

POST /groups/{group-id}/members/$ref

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-type application/json. Required.

Request body

In the request body, supply a JSON representation of a directoryObject, user, group, or organizational contact object to be added.

Response

If successful, this method returns a 204 No Content response code. It does not return anything in the response body. This method returns a 400 Bad Request response code when the object is already a member of the group. This method returns a 404 Not Found response code when the object being added doesn't exist.

Examples

Example 1: Add a member to a group

Request

The following is an example of the request.

POST https://graph.microsoft.com/v1.0/groups/{group-id}/members/$ref
Content-type: application/json

{
  "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{id}"
}

In the request body, supply a JSON representation of the id of the directoryObject, user, or group object you want to add.

Response

The following is an example of the response.

HTTP/1.1 204 No Content

Example 2: Add multiple members to a group in a single request

This example shows how to add multiple members to a group with OData bind support in a PATCH operation. Note that up to 20 members can be added in a single request. The POST operation is not supported. If an error condition exists in the request body, no members are added and the appropriate response code is returned.

Request

The following is an example of the request.

PATCH https://graph.microsoft.com/v1.0/groups/{group-id}
Content-type: application/json

{
  "members@odata.bind": [
    "https://graph.microsoft.com/v1.0/directoryObjects/{id}",
    "https://graph.microsoft.com/v1.0/directoryObjects/{id}",
    "https://graph.microsoft.com/v1.0/directoryObjects/{id}"
    ]
}

In the request body, supply a JSON representation of the id of the directoryObject, user, or group object you want to add.

Response

The following is an example of the response.

HTTP/1.1 204 No Content

See also