Microsoft Graph API - 获取组所有者详细信息以及 azure 中的组详细信息

Microsoft Graph API - Get group owner details along with group details in azure

在 Azure 中,我可以找到一个 API 来获取组详细信息,如下所示

https://graph.microsoft.com/v1.0/groups

这将给我所有组详细信息,如下所示

{  
  "value": [  
    {  
      "id": "/groups/53c765632095310385020001",  
      "name": "Administrators",  
      "description": "Administrators is a built-in group. Its membership is managed by the system. Microsoft Azure subscription administrators fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    },  
    {  
      "id": "/groups/53c765632095310385020002",  
      "name": "Developers",  
      "description": "Developers is a built-in group. Its membership is managed by the system. Signed-in users fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    },  
    {  
      "id": "/groups/53c765632095310385020003",  
      "name": "Guests",  
      "description": "Guests is a built-in group. Its membership is managed by the system. Unauthenticated users visiting the developer portal fall into this group.",  
      "builtIn": true,  
      "type": "system",  
      "externalId": null  
    }  
  ],  
  "count": 3,  
  "nextLink": null  
}  

但问题是我还需要群组所有者详细信息以及群组详细信息。目前我调用另一个 API 来获取群组所有者的详细信息

,如下所示
https://graph.microsoft.com/v1.0/groups/{groupId}/owners

是否有任何 API 或任何其他方法可以让我在 azure 中一次获得组所有者详细信息和组详细信息

Microsoft Graph API 支持一些可选的查询参数,例如 select、过滤、展开、搜索等,它们有助于控制您在响应查询时返回的数据。你可以阅读它们 here

expand parameter 可能对您的用例有所帮助。

我很快尝试了如下来自 Microsoft Graph Explorer 的查询,它 returns 组信息以及每个组的所有者集合。

https://graph.microsoft.com/v1.0/groups?$expand=owners

免责声明:Microsoft Docs 的扩展参数有一个注释,上面写着类似

的内容

With Azure AD resources that derive from directoryObject, like user and group, $expand is only supported for beta and typically returns a maximum of 20 items for the expanded relationship.

尽管如此,上面提到的使用 v1.0 的查询对我来说确实工作正常,至少在 Graph 资源管理器中是这样。因此,在开始依赖它之前,请尽可能多地进行测试(也有大量的组)。如果我找到更多关于相同内容的最新文档,我也会进行更新。

这是我对上面提到的查询得到的确切答复。它很大,我只包含了 2 个组并删除了其他组,这样您就可以理解了。

重要的是要注意所有者集合与组一起存在。请注意,第一组没有分配所有者,但第二组有 2 个用户作为所有者。

请求

GET https://graph.microsoft.com/v1.0/groups?$expand=owners

回应

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
    "value": [
        {
            "id": "xxxx-redacted-49b4e13fcf0f",
            "deletedDateTime": null,
            "classification": null,
            "createdDateTime": "2018-09-26T04:41:10Z",
            "creationOptions": [],
            "description": null,
            "displayName": "Business",
            "groupTypes": [],
            "mail": null,
            "mailEnabled": false,
            "mailNickname": "xxxx-redacted-88df-adf033b7f545",
            "onPremisesLastSyncDateTime": null,
            "onPremisesSecurityIdentifier": null,
            "onPremisesSyncEnabled": null,
            "preferredDataLocation": null,
            "proxyAddresses": [],
            "renewedDateTime": "2018-09-26T04:41:10Z",
            "resourceBehaviorOptions": [],
            "resourceProvisioningOptions": [],
            "securityEnabled": true,
            "visibility": null,
            "onPremisesProvisioningErrors": [],
            "owners": []
        },
        {
            "id": "xxxx-redacted-9316-a5acea4412d8",
            "deletedDateTime": null,
            "classification": null,
            "createdDateTime": "2018-09-26T04:19:29Z",
            "creationOptions": [],
            "description": null,
            "displayName": "DevOps",
            "groupTypes": [],
            "mail": null,
            "mailEnabled": false,
            "mailNickname": "xxxx-redacted-4f18-b2b1-e5a7b80d19ea",
            "onPremisesLastSyncDateTime": null,
            "onPremisesSecurityIdentifier": null,
            "onPremisesSyncEnabled": null,
            "preferredDataLocation": null,
            "proxyAddresses": [],
            "renewedDateTime": "2018-09-26T04:19:29Z",
            "resourceBehaviorOptions": [],
            "resourceProvisioningOptions": [],
            "securityEnabled": true,
            "visibility": null,
            "onPremisesProvisioningErrors": [],
            "owners": [
                {
                    "@odata.type": "#microsoft.graph.user",
                    "id": "xxxx-redacted-8000-8cb9f0d497c9",
                    "deletedDateTime": null,
                    "accountEnabled": true,
                    "ageGroup": null,
                    "businessPhones": [],
                    "city": "xxxx",
                    "companyName": null,
                    "consentProvidedForMinor": null,
                    "country": "xxxx",
                    "createdDateTime": null,
                    "department": "Human Resources",
                    "displayName": "Adam G",
                    "employeeId": null,
                    "faxNumber": null,
                    "givenName": "Adam",
                    "jobTitle": "Senior Human Resource Manager",
                    "legalAgeGroupClassification": null,
                    "mail": null,
                    "mailNickname": "adamg",
                    "mobilePhone": "xxxx",
                    "onPremisesDistinguishedName": null,
                    "onPremisesDomainName": null,
                    "onPremisesImmutableId": null,
                    "onPremisesLastSyncDateTime": null,
                    "onPremisesSecurityIdentifier": null,
                    "onPremisesSamAccountName": null,
                    "onPremisesSyncEnabled": null,
                    "onPremisesUserPrincipalName": null,
                    "otherMails": [],
                    "passwordPolicies": "DisablePasswordExpiration",
                    "passwordProfile": null,
                    "officeLocation": "131/1105",
                    "postalCode": "98052",
                    "preferredLanguage": "en-US",
                    "proxyAddresses": [],
                    "refreshTokensValidFromDateTime": "2018-09-19T03:34:39Z",
                    "imAddresses": [],
                    "isResourceAccount": null,
                    "showInAddressList": null,
                    "state": "MH",
                    "streetAddress": "xxxxxxxe",
                    "surname": "Gily",
                    "usageLocation": "US",
                    "userPrincipalName": "adamg@xxxxx.onmicrosoft.com",
                    "userType": "Member",
                    "assignedLicenses": [],
                    "assignedPlans": [],
                    "onPremisesProvisioningErrors": [],
                    "onPremisesExtensionAttributes": {
                        "extensionAttribute1": null,
                        "extensionAttribute2": null,
                        "extensionAttribute3": null,
                        "extensionAttribute4": null,
                        "extensionAttribute5": null,
                        "extensionAttribute6": null,
                        "extensionAttribute7": null,
                        "extensionAttribute8": null,
                        "extensionAttribute9": null,
                        "extensionAttribute10": null,
                        "extensionAttribute11": null,
                        "extensionAttribute12": null,
                        "extensionAttribute13": null,
                        "extensionAttribute14": null,
                        "extensionAttribute15": null
                    },
                    "provisionedPlans": []
                },
                {
                    "@odata.type": "#microsoft.graph.user",
                    "id": "xxxx-redacted-4824-8013-4325f68e275d",
                    "deletedDateTime": null,
                    "accountEnabled": true,
                    "ageGroup": null,
                    "businessPhones": [],
                    "city": null,
                    "companyName": null,
                    "consentProvidedForMinor": null,
                    "country": null,
                    "createdDateTime": null,
                    "department": null,
                    "displayName": "groupownertest",
                    "employeeId": null,
                    "faxNumber": null,
                    "givenName": null,
                    "jobTitle": null,
                    "legalAgeGroupClassification": null,
                    "mail": null,
                    "mailNickname": "groupownertest",
                    "mobilePhone": null,
                    "onPremisesDistinguishedName": null,
                    "onPremisesDomainName": null,
                    "onPremisesImmutableId": null,
                    "onPremisesLastSyncDateTime": null,
                    "onPremisesSecurityIdentifier": null,
                    "onPremisesSamAccountName": null,
                    "onPremisesSyncEnabled": null,
                    "onPremisesUserPrincipalName": null,
                    "otherMails": [],
                    "passwordPolicies": null,
                    "passwordProfile": null,
                    "officeLocation": null,
                    "postalCode": null,
                    "preferredLanguage": null,
                    "proxyAddresses": [],
                    "refreshTokensValidFromDateTime": "2019-01-23T18:56:43Z",
                    "imAddresses": [],
                    "isResourceAccount": null,
                    "showInAddressList": null,
                    "state": null,
                    "streetAddress": null,
                    "surname": null,
                    "usageLocation": null,
                    "userPrincipalName": "groupownertest@XXXXX.onmicrosoft.com",
                    "userType": "Member",
                    "assignedLicenses": [],
                    "assignedPlans": [],
                    "onPremisesProvisioningErrors": [],
                    "onPremisesExtensionAttributes": {
                        "extensionAttribute1": null,
                        "extensionAttribute2": null,
                        "extensionAttribute3": null,
                        "extensionAttribute4": null,
                        "extensionAttribute5": null,
                        "extensionAttribute6": null,
                        "extensionAttribute7": null,
                        "extensionAttribute8": null,
                        "extensionAttribute9": null,
                        "extensionAttribute10": null,
                        "extensionAttribute11": null,
                        "extensionAttribute12": null,
                        "extensionAttribute13": null,
                        "extensionAttribute14": null,
                        "extensionAttribute15": null
                    },
                    "provisionedPlans": []
                }
            ]
        }
    ]
}

更新 1(回答评论中的查询)

成员和所有者都是导航属性 properties/relationships 而不是组的直接属性。一次只能扩展一个。我将向您展示 3 个快速 api 调用,它们可以从 Microsoft Graph Explorer 进行测试。

仅扩展成员 - 这按预期工作,returns 组以及每个组的成员。

GET https://graph.microsoft.com/v1.0/groups?$expand=members

仅扩展所有者 - 这按预期工作,returns 组以及每个组的所有者。上面已经显示了示例响应。

GET https://graph.microsoft.com/v1.0/groups?$expand=owners

一次调用即可扩展成员和所有者

GET https://graph.microsoft.com/v1.0/groups?$expand=members,owners

回应

一次调用只能展开一个导航属性..看错误信息很直观:

{
    "error": {
        "code": "Request_BadRequest",
        "message": "The result of parsing $expand contained at least 2 items, but the maximum allowed is 1.",
        "innerError": {
            "request-id": "119cf794-af56-48a0-b415-4d52c2e60e98",
            "date": "2019-02-13T02:57:13"
        }
    }
}

更新 2(从评论中回答关于扩展和 select 的查询)

我不认为您将能够在查询中仅使用 $select 几个列以及 $expand。这似乎是一个已知的限制。有关更多上下文,请参阅下面的两个链接

  1. Query Parameter Limitations - Microsoft Docs
  2. 具体来说,在此 SO post 中查看来自 Marc LaFleur and an answer from Dan Kershaw - MSFT
  3. 的评论