Search code examples

Microsoft Graph - getting a specific user and his AD group memberships using the Graph SDK code base

Dipping my toes into using the Microsoft Graph API to handle finding data in our MS cloud - and I'm stuck. There's so much documentation - but never the right one....

I'm trying to use the C# Graphi client SDK, and what I'm trying to do is read a given user's details including its AD group memberships.

I've registered my app in Azure AD, and I'm able to get the IPublicClientApplication up and running and authentication works, too:

IPublicClientApplication app = PublicClientApplicationBuilder

UsernamePasswordProvider authProvider = new UsernamePasswordProvider(app, scopes);

// creating Graph SDK client 
GraphServiceClient graphClient = new GraphServiceClient(authProvider);

string userName = "......";
var securePassword = new SecureString();

// filling secure password here.....

var users = graphClient.Users
                       .WithUsernamePassword(userName, securePassword)
                       .Filter("userPrincipalName eq ''")

This works - I do get back the basic user details about the user specified in the filter.

Two things:

  1. I don't like the fact I have to add .WithUsernamePassword seemingly to every single call to the client - isn't there a way to include that information in the graphClient once and be done with it, up to the point I log out?

  2. I'm trying to get the group memberships. I can do this in the Graph Explorer by adding a /MemberOf to my query string - but I haven't been able to get this to work in the Graph SDK client scenario.

I see lots of blog showing how to get the currently logged in user's groups using


but I don't want my group memberships - I want those of the user I specified in the search filter as shown above.

Trying to simply add .Expand("memberOf") doesn't seem to help - the user object returned still has no values in its MemberOf property.

What am I missing? I can't believe this should be this tricky and hard?? Or do I really need to resort back to making HTTP GET requests against the REST API?? Seems odd if MS is providing a SDK and client code..... I'd prefer to use that, quite frankly.


  • To get the membership of a specific user you can make a call like this

    await client.Users[""].MemberOf.Request().GetAsync();

    You can iterate through the list of users and replace the in the snippet above with the user.UserPrincipalName property.

    You can also use a different provider so that you only provide credentials once and it used for the lifetime of the app. For example, the code below uses the InteractiveAuthenticationProvider which will create a browser pop up and you will login once and your credentials used for the rest of the requests in your app.

    IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
    InteractiveAuthenticationProvider authProvider = new InteractiveAuthenticationProvider(publicClientApplication, scopes);
    GraphServiceClient client = new GraphServiceClient(authProvider);
    var users = await client.Users.Request().GetAsync();
    foreach (var user in users)
        var result = await client.Users[user.UserPrincipalName].MemberOf.Request().GetAsync();

    You can use this page as reference for a bunch of auth providers based on your scenario.