Graph API Common Queries

This topic shows some common queries that can be performed with the Azure AD Graph API. For more information about supported operations when querying the Graph, see Supported Queries, Filters, and Paging Options in Azure AD Graph API.


Azure Active Directory (Azure AD) Graph is deprecated and will be retired at any time after June 30, 2023, without advance notice, as we announced in September, 2022. We recommend that you migrate your apps to use Microsoft Graph. See the App migration planning checklist to help you plan your app migration. However, the Azure AD Graph licensing assignment APIs will be retired on March 31, 2023, as recently announced.


The queries below all address the tenant using a domain name. You can replace with one of your tenant’s registered domain names, with your tenant's ID (GUID), or with the MyOrganization alias (for delegated access). For information about other ways of addressing the tenant, see Addressing Entities and Operations in the Graph API.

Querying Top-Level Resources

The following common queries demonstrate how to access top-level resources with the Graph API using as the example tenant. Note that an Authorization header containing a valid bearer token received from Azure AD will be required to run queries against a tenant.

Top-Level Resource Query Results URI (for
Top-level resources Returns URI list of the top-level resources for directory services (also listed below)
Company information Returns company information
Contacts Returns organizational contact information
Users Returns user information
Groups Returns group data
Directory Roles Returns all activated directory roles in the tenant
SubscribedSkus Returns the tenant's subscriptions
Directory metadata Returns a Service Metadata Document that describes the data model (that is, structure and organization of directory resources)$metadata?api-version=1.6

Query Operations

The following table shows some example Graph API queries using using as the example tenant.

Query Operation URI (for
List all Users and Groups
Retrieve individual User by specifying the objectId or userPrincipalName
Request and Filter for a user with displayName equal to “Jon Doe”$filter=displayName eq 'Jon Doe'&api-version=1.6
Request and Filter for specific users with firstName equal to “Jon”$filter=givenName eq 'Jon'&api-version=1.6
Filter for givenName and surname values.$filter=givenName eq 'Jon' and surname eq 'Doe'&api-version=1.6
Retrieve individual group by specifying the objectId
Retrieve a user’s manager
Retrieve a user’s direct reports list
Retrieve a list of links to a user’s direct reports$links/directReports?api-version=1.6
Retrieve membership list of a group
Retrieve a list of links to the members of a group.$links/members?api-version=1.6
Retrieve a user’s group membership (not transitive)
Retrieve a list of the groups that the user is a member of (not transitive)$links/memberOf?api-version=1.6
Request and filter for groups with displayName >= "az" and <= "dz"$filter=displayName ge 'az' and displayName le 'dz'&api-version=1.6

Note: White space in the query string should be URL-encoded before sending a request. For example, the following query string,$filter=displayName eq 'Jon Doe'&api-version=1.6, should be URL encoded as:$filter=displayName%20eq%20'Jon%20Doe'&api-version=1.6.