This API returns up to 11,000 group IDs. If more than 11,000 results are available, it returns a 400 Bad Request error with the Directory_ResultSizeLimitExceeded error code. If you get the Directory_ResultSizeLimitExceeded error code, use the List group transitive memberOf API instead.
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Group memberships for a directory object
Here, the permission allows you to read any directory object, regardless of the object type. To scope the operation to a specific object type and use lesser-privileged permissions, refer to other permissions tables on this page.
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
Directory.Read.All
Delegated (personal Microsoft account)
Not supported.
Application
Directory.Read.All
Group memberships for a user
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All
Delegated (personal Microsoft account)
Not supported.
Application
User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All
In the request body, provide a JSON object with the following parameters.
Parameter
Type
Description
securityEnabledOnly
Boolean
true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned. true can be specified only for users or service principals to return security-enabled groups.
Response
If successful, this method returns 200 OK response code and String collection object in the response body.
Examples
Example 1: Check group memberships for a directory object
POST https://graph.microsoft.com/v1.0/directoryObjects/0049d944-a805-4680-9f54-3ab292090309/getMemberGroups
Content-type: application/json
{
"securityEnabledOnly": false
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.DirectoryObjects.Item.GetMemberGroups;
var requestBody = new GetMemberGroupsPostRequestBody
{
SecurityEnabledOnly = false,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DirectoryObjects["{directoryObject-id}"].GetMemberGroups.PostAsGetMemberGroupsPostResponseAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphdirectoryobjects "github.com/microsoftgraph/msgraph-sdk-go/directoryobjects"
//other-imports
)
requestBody := graphdirectoryobjects.NewGetMemberGroupsPostRequestBody()
securityEnabledOnly := false
requestBody.SetSecurityEnabledOnly(&securityEnabledOnly)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
getMemberGroups, err := graphClient.DirectoryObjects().ByDirectoryObjectId("directoryObject-id").GetMemberGroups().PostAsGetMemberGroupsPostResponse(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.directoryobjects.item.getmembergroups.GetMemberGroupsPostRequestBody getMemberGroupsPostRequestBody = new com.microsoft.graph.directoryobjects.item.getmembergroups.GetMemberGroupsPostRequestBody();
getMemberGroupsPostRequestBody.setSecurityEnabledOnly(false);
var result = graphClient.directoryObjects().byDirectoryObjectId("{directoryObject-id}").getMemberGroups().post(getMemberGroupsPostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\DirectoryObjects\Item\GetMemberGroups\GetMemberGroupsPostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new GetMemberGroupsPostRequestBody();
$requestBody->setSecurityEnabledOnly(false);
$result = $graphServiceClient->directoryObjects()->byDirectoryObjectId('directoryObject-id')->getMemberGroups()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.directoryobjects.item.get_member_groups.get_member_groups_post_request_body import GetMemberGroupsPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = GetMemberGroupsPostRequestBody(
security_enabled_only = False,
)
result = await graph_client.directory_objects.by_directory_object_id('directoryObject-id').get_member_groups.post(request_body)
POST https://graph.microsoft.com/v1.0/me/getMemberGroups
Content-type: application/json
{
"securityEnabledOnly": true
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Me.GetMemberGroups;
var requestBody = new GetMemberGroupsPostRequestBody
{
SecurityEnabledOnly = true,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Me.GetMemberGroups.PostAsGetMemberGroupsPostResponseAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphusers "github.com/microsoftgraph/msgraph-sdk-go/users"
//other-imports
)
requestBody := graphusers.NewItemGetMemberGroupsPostRequestBody()
securityEnabledOnly := true
requestBody.SetSecurityEnabledOnly(&securityEnabledOnly)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
getMemberGroups, err := graphClient.Me().GetMemberGroups().PostAsGetMemberGroupsPostResponse(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.users.item.getmembergroups.GetMemberGroupsPostRequestBody getMemberGroupsPostRequestBody = new com.microsoft.graph.users.item.getmembergroups.GetMemberGroupsPostRequestBody();
getMemberGroupsPostRequestBody.setSecurityEnabledOnly(true);
var result = graphClient.me().getMemberGroups().post(getMemberGroupsPostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Users\Item\GetMemberGroups\GetMemberGroupsPostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new GetMemberGroupsPostRequestBody();
$requestBody->setSecurityEnabledOnly(true);
$result = $graphServiceClient->me()->getMemberGroups()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Users.Actions
$params = @{
securityEnabledOnly = $true
}
# A UPN can also be used as -UserId.
Get-MgUserMemberGroup -UserId $userId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.users.item.get_member_groups.get_member_groups_post_request_body import GetMemberGroupsPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = GetMemberGroupsPostRequestBody(
security_enabled_only = True,
)
result = await graph_client.me.get_member_groups.post(request_body)