Using the Azure Active Directory Graph Client, I can successfully query the AD for its user roles with the ff. code:
var activeDirectoryClient = new ActiveDirectoryClient(); // Instantiate the Graph Client here.
var adRoles = await activeDirectoryClient.DirectoryRoles.ExecuteAsync();
Is it possible, however, to get:
In this case, my definition of an admin would be users under the Company Administrator role, or those who would be able to authorize an application (via the auth request URL with format https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=xxx-xxx&resource=yyy-yyy&redirect_uri=zzz-zzz&prompt=admin_consent)
There are a couple of ways you can do this and let's look at the REST API as a starting point.
You can get a list of groups and roles per USER using making a GET request to: https://graph.windows.net/myorganization/users/{user_id}/$links/memberOf?api-version
On success, returns a collection of links to the Group's and DirectoryRole's that this user is a member of
ref: Get a user's group and directory role memberships
To get the membership of a group you would make a GET request to: https://graph.windows.net/myorganization/groups/{object_id}/$links/members?api-version
ref: Get a group's direct members
However per the docs:
No functions or actions may be called on directory roles
This has to be done from the USER object. The SDK will reflect this.
IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync();
The GraphAPI console app has some great examples that should show you how to complete these actions: Program.cs