directoryObject: checkMemberObjects
Namespace: microsoft.graph
Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified user, group, service principal, organizational contact, device, or directory object. This method is transitive.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Memberships for a directory object
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Directory.Read.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Directory.Read.All |
Memberships for a user
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | User.Read, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
Memberships for a group
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
Memberships for a service principal
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
Memberships for an organizational contact
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Directory.Read.All, Directory.ReadWrite.All |
Memberships for a device
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | Device.Read.All, Directory.Read.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | Device.Read.All, Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
HTTP request
Memberships for a directory object.
POST /directoryObjects/{id}/checkMemberObjects
Memberships for a user.
POST /me/checkMemberObjects
POST /users/{id | userPrincipalName}/checkMemberObjects
Memberships for a group.
POST /groups/{id}/checkMemberObjects
Memberships for a service principal.
POST /servicePrincipals/{id}/checkMemberObjects
Memberships for an organizational contact.
POST /contacts/{id}/checkMemberObjects
Memberships for a device.
POST /devices/{id}/checkMemberObjects
Request headers
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Content-Type | application/json. Required. |
Request body
In the request body, provide a JSON object with the following parameters.
Parameter | Type | Description |
---|---|---|
ids | String collection | A collection that contains the object IDs of the groups, administrative units, directory roles, or roleTemplate IDs of directory roles, in which to check membership. You can specify up to 20 objects. |
Response
If successful, this method returns a 200 OK
response code and a new String collection object in the response body.
Examples
The following is an example of how to call this API.
Request
The following example shows a request.
POST https://graph.microsoft.com/v1.0/me/checkMemberObjects
Content-type: application/json
{
"ids": [
"80a963dd-84af-4eb8-b2a6-781e444d4fb0",
"62e90394-69f5-4237-9190-012177145e10",
"86a64f51-3a64-4cc6-a8c8-6b8f000c0f52",
"ac38546e-ddf3-437a-ac5c-27a94cd7a0f1"
]
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"value": [
"80a963dd-84af-4eb8-b2a6-781e444d4fb0",
"62e90394-69f5-4237-9190-012177145e10"
]
}
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기