在 Azure 中,我可以找到一个用于获取组详细信息的 API,如下所示
https://graph.microsoft.com/v1.0/groups
这将为我提供所有组详细信息,如下所示
{
"value": [
{
"id": "/groups/53c765632095310385020001",
"name": "Administrators",
"description": "Administrators is a built-in group. Its membership is managed by the system. Microsoft Azure subscription administrators fall into this group.",
"builtIn": true,
"type": "system",
"externalId": null
},
{
"id": "/groups/53c765632095310385020002",
"name": "Developers",
"description": "Developers is a built-in group. Its membership is managed by the system. Signed-in users fall into this group.",
"builtIn": true,
"type": "system",
"externalId": null
},
{
"id": "/groups/53c765632095310385020003",
"name": "Guests",
"description": "Guests is a built-in group. Its membership is managed by the system. Unauthenticated users visiting the developer portal fall into this group.",
"builtIn": true,
"type": "system",
"externalId": null
}
],
"count": 3,
"nextLink": null
}
但问题是我还需要群组所有者详细信息以及群组详细信息。目前我调用另一个API(如下所示)来获取群组所有者详细信息
https://graph.microsoft.com/v1.0/groups/{groupId}/owners
是否有任何 API 或任何其他方式可以让我在 azure 中一次性获取群组所有者详细信息以及群组详细信息
最佳答案
Microsoft Graph API 支持一些可选查询参数,例如选择、筛选、扩展、搜索等,这有助于控制响应查询而返回的数据。您可以阅读有关它们的信息 here
<强> expand parameter 可能对您的用例有所帮助。
我很快就从 Microsoft Graph Explorer 尝试了如下查询:它返回组信息以及每个组的所有者集合。
https://graph.microsoft.com/v1.0/groups?$expand=owners
免责声明:用于扩展参数的 Microsoft 文档有一条注释,内容类似于
With Azure AD resources that derive from directoryObject, like user and group, $expand is only supported for beta and typically returns a maximum of 20 items for the expanded relationship.
不过,上面提到的使用 v1.0 的查询至少在图形浏览器中对我来说工作得很好。因此,在开始依赖它之前,请尽可能多地进行测试(也进行大量的组测试)。如果我找到更多相关的最新文档,我也会更新。
这是我对上面提到的查询得到的确切答复。它相当大,我只包含了 2 组并删除了其他组,以便您了解。
重要的是要注意所有者集合与组一起存在。请注意,第一组没有分配所有者,但第二组有 2 个用户作为所有者。
请求
GET https://graph.microsoft.com/v1.0/groups?$expand=owners
回应
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"value": [
{
"id": "xxxx-redacted-49b4e13fcf0f",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-09-26T04:41:10Z",
"creationOptions": [],
"description": null,
"displayName": "Business",
"groupTypes": [],
"mail": null,
"mailEnabled": false,
"mailNickname": "xxxx-redacted-88df-adf033b7f545",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"proxyAddresses": [],
"renewedDateTime": "2018-09-26T04:41:10Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"visibility": null,
"onPremisesProvisioningErrors": [],
"owners": []
},
{
"id": "xxxx-redacted-9316-a5acea4412d8",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-09-26T04:19:29Z",
"creationOptions": [],
"description": null,
"displayName": "DevOps",
"groupTypes": [],
"mail": null,
"mailEnabled": false,
"mailNickname": "xxxx-redacted-4f18-b2b1-e5a7b80d19ea",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"proxyAddresses": [],
"renewedDateTime": "2018-09-26T04:19:29Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"visibility": null,
"onPremisesProvisioningErrors": [],
"owners": [
{
"@odata.type": "#microsoft.graph.user",
"id": "xxxx-redacted-8000-8cb9f0d497c9",
"deletedDateTime": null,
"accountEnabled": true,
"ageGroup": null,
"businessPhones": [],
"city": "xxxx",
"companyName": null,
"consentProvidedForMinor": null,
"country": "xxxx",
"createdDateTime": null,
"department": "Human Resources",
"displayName": "Adam G",
"employeeId": null,
"faxNumber": null,
"givenName": "Adam",
"jobTitle": "Senior Human Resource Manager",
"legalAgeGroupClassification": null,
"mail": null,
"mailNickname": "adamg",
"mobilePhone": "xxxx",
"onPremisesDistinguishedName": null,
"onPremisesDomainName": null,
"onPremisesImmutableId": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSamAccountName": null,
"onPremisesSyncEnabled": null,
"onPremisesUserPrincipalName": null,
"otherMails": [],
"passwordPolicies": "DisablePasswordExpiration",
"passwordProfile": null,
"officeLocation": "131/1105",
"postalCode": "98052",
"preferredLanguage": "en-US",
"proxyAddresses": [],
"refreshTokensValidFromDateTime": "2018-09-19T03:34:39Z",
"imAddresses": [],
"isResourceAccount": null,
"showInAddressList": null,
"state": "MH",
"streetAddress": "xxxxxxxe",
"surname": "Gily",
"usageLocation": "US",
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fa9b9e9b979dba8282828282d49594979399889589959c8ed4999597" rel="noreferrer noopener nofollow">[email protected]</a>",
"userType": "Member",
"assignedLicenses": [],
"assignedPlans": [],
"onPremisesProvisioningErrors": [],
"onPremisesExtensionAttributes": {
"extensionAttribute1": null,
"extensionAttribute2": null,
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
},
"provisionedPlans": []
},
{
"@odata.type": "#microsoft.graph.user",
"id": "xxxx-redacted-4824-8013-4325f68e275d",
"deletedDateTime": null,
"accountEnabled": true,
"ageGroup": null,
"businessPhones": [],
"city": null,
"companyName": null,
"consentProvidedForMinor": null,
"country": null,
"createdDateTime": null,
"department": null,
"displayName": "groupownertest",
"employeeId": null,
"faxNumber": null,
"givenName": null,
"jobTitle": null,
"legalAgeGroupClassification": null,
"mail": null,
"mailNickname": "groupownertest",
"mobilePhone": null,
"onPremisesDistinguishedName": null,
"onPremisesDomainName": null,
"onPremisesImmutableId": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSamAccountName": null,
"onPremisesSyncEnabled": null,
"onPremisesUserPrincipalName": null,
"otherMails": [],
"passwordPolicies": null,
"passwordProfile": null,
"officeLocation": null,
"postalCode": null,
"preferredLanguage": null,
"proxyAddresses": [],
"refreshTokensValidFromDateTime": "2019-01-23T18:56:43Z",
"imAddresses": [],
"isResourceAccount": null,
"showInAddressList": null,
"state": null,
"streetAddress": null,
"surname": null,
"usageLocation": null,
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="761104190306190118130402130502362e2e2e2e2e5819181b1f150419051910025815191b" rel="noreferrer noopener nofollow">[email protected]</a>",
"userType": "Member",
"assignedLicenses": [],
"assignedPlans": [],
"onPremisesProvisioningErrors": [],
"onPremisesExtensionAttributes": {
"extensionAttribute1": null,
"extensionAttribute2": null,
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
},
"provisionedPlans": []
}
]
}
]
}
更新1(回答评论中的疑问)
成员和所有者都是导航属性/关系,而不是组的直接属性。您一次只能扩展一个。我将向您展示 3 个可以从 Microsoft Graph Explorer 进行测试的快速 API 调用。
仅扩展成员 - 这将按预期工作并返回组以及每个组的成员。
GET https://graph.microsoft.com/v1.0/groups?$expand=members
仅扩展所有者 - 这将按预期工作并返回组以及每个组的所有者。上面已经显示了示例响应。
GET https://graph.microsoft.com/v1.0/groups?$expand=owners
通过一次调用即可扩展成员和所有者
GET https://graph.microsoft.com/v1.0/groups?$expand=members,owners
回应
您只能在一次调用中展开一个导航属性。查看错误消息,它非常直观:
{
"error": {
"code": "Request_BadRequest",
"message": "The result of parsing $expand contained at least 2 items, but the maximum allowed is 1.",
"innerError": {
"request-id": "119cf794-af56-48a0-b415-4d52c2e60e98",
"date": "2019-02-13T02:57:13"
}
}
}
更新2(回答有关从评论中展开和选择的查询)
我认为您无法在查询中仅 $select 几列以及 $expand 。这似乎是一个已知的限制。有关更多背景信息,请参阅下面的两个链接
- Query Parameter Limitations - Microsoft Docs
- Another SO post 具体来说,在这篇文章中查看来自 Marc LaFleur 的评论以及 Dan Kershaw - MSFT 的回答
关于rest - Microsoft Graph API - 获取组所有者详细信息以及 azure 中的组详细信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54642708/