在Azure中,我可以找到用于获取组详细信息的API,如下所示
https://graph.microsoft.com/v1.0/groups
这将给我所有组的详细信息,如下所示
{
"value": [
{
"id": "/groups/53c765632095310385020001",
"name": "Administrators",
"description": "Administrators is a built-in group. Its membership is managed by the system. Microsoft Azure subscription administrators fall into this group.",
"builtIn": true,
"type": "system",
"externalId": null
},
{
"id": "/groups/53c765632095310385020002",
"name": "Developers",
"description": "Developers is a built-in group. Its membership is managed by the system. Signed-in users fall into this group.",
"builtIn": true,
"type": "system",
"externalId": null
},
{
"id": "/groups/53c765632095310385020003",
"name": "Guests",
"description": "Guests is a built-in group. Its membership is managed by the system. Unauthenticated users visiting the developer portal fall into this group.",
"builtIn": true,
"type": "system",
"externalId": null
}
],
"count": 3,
"nextLink": null
}
但问题是我还需要组所有者的详细信息以及组详细信息。目前我调用另一个API,如下所示,以获取组所有者的详细信息
https://graph.microsoft.com/v1.0/groups/{groupId}/owners
是否有任何API或任何其他方式我可以在azure中一次性获取组所有者详细信息以及组详细信息
Microsoft Graph API支持一些可选的查询参数,如选择,过滤,扩展,搜索等,这些参数有助于控制您为响应查询而返回的数据。你可以读一下here
expand parameter可能对您的用例有所帮助。
我很快从Microsoft Graph Explorer尝试了下面的查询,它返回组信息以及每个组的所有者集合。
https://graph.microsoft.com/v1.0/groups?$expand=owners
免责声明:Microsoft Docs for expand参数有一个说明如下的注释
对于源自directoryObject的Azure AD资源(如用户和组),$ expand仅支持beta版,并且通常为扩展关系返回最多20个项。
虽然,上面提到的查询,使用v1.0确实对我至少从Graph explorer工作。因此,在开始依赖它之前,尽可能多地测试(具有大量的组)。我还会更新,以防我找到更多关于相同的最新文档。
以下是我上面提到的查询的确切响应。它非常大,我只是包括了2组并删除了其他组,所以你得到了一个主意。
重要的是要注意所有者收集与群组一起出现。请注意,第一个组没有分配所有者,但第二个组有2个用户作为所有者。
请求
GET https://graph.microsoft.com/v1.0/groups?$expand=owners
响应
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"value": [
{
"id": "xxxx-redacted-49b4e13fcf0f",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-09-26T04:41:10Z",
"creationOptions": [],
"description": null,
"displayName": "Business",
"groupTypes": [],
"mail": null,
"mailEnabled": false,
"mailNickname": "xxxx-redacted-88df-adf033b7f545",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"proxyAddresses": [],
"renewedDateTime": "2018-09-26T04:41:10Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"visibility": null,
"onPremisesProvisioningErrors": [],
"owners": []
},
{
"id": "xxxx-redacted-9316-a5acea4412d8",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-09-26T04:19:29Z",
"creationOptions": [],
"description": null,
"displayName": "DevOps",
"groupTypes": [],
"mail": null,
"mailEnabled": false,
"mailNickname": "xxxx-redacted-4f18-b2b1-e5a7b80d19ea",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"proxyAddresses": [],
"renewedDateTime": "2018-09-26T04:19:29Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"visibility": null,
"onPremisesProvisioningErrors": [],
"owners": [
{
"@odata.type": "#microsoft.graph.user",
"id": "xxxx-redacted-8000-8cb9f0d497c9",
"deletedDateTime": null,
"accountEnabled": true,
"ageGroup": null,
"businessPhones": [],
"city": "xxxx",
"companyName": null,
"consentProvidedForMinor": null,
"country": "xxxx",
"createdDateTime": null,
"department": "Human Resources",
"displayName": "Adam G",
"employeeId": null,
"faxNumber": null,
"givenName": "Adam",
"jobTitle": "Senior Human Resource Manager",
"legalAgeGroupClassification": null,
"mail": null,
"mailNickname": "adamg",
"mobilePhone": "xxxx",
"onPremisesDistinguishedName": null,
"onPremisesDomainName": null,
"onPremisesImmutableId": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSamAccountName": null,
"onPremisesSyncEnabled": null,
"onPremisesUserPrincipalName": null,
"otherMails": [],
"passwordPolicies": "DisablePasswordExpiration",
"passwordProfile": null,
"officeLocation": "131/1105",
"postalCode": "98052",
"preferredLanguage": "en-US",
"proxyAddresses": [],
"refreshTokensValidFromDateTime": "2018-09-19T03:34:39Z",
"imAddresses": [],
"isResourceAccount": null,
"showInAddressList": null,
"state": "MH",
"streetAddress": "xxxxxxxe",
"surname": "Gily",
"usageLocation": "US",
"userPrincipalName": "[email protected]",
"userType": "Member",
"assignedLicenses": [],
"assignedPlans": [],
"onPremisesProvisioningErrors": [],
"onPremisesExtensionAttributes": {
"extensionAttribute1": null,
"extensionAttribute2": null,
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
},
"provisionedPlans": []
},
{
"@odata.type": "#microsoft.graph.user",
"id": "xxxx-redacted-4824-8013-4325f68e275d",
"deletedDateTime": null,
"accountEnabled": true,
"ageGroup": null,
"businessPhones": [],
"city": null,
"companyName": null,
"consentProvidedForMinor": null,
"country": null,
"createdDateTime": null,
"department": null,
"displayName": "groupownertest",
"employeeId": null,
"faxNumber": null,
"givenName": null,
"jobTitle": null,
"legalAgeGroupClassification": null,
"mail": null,
"mailNickname": "groupownertest",
"mobilePhone": null,
"onPremisesDistinguishedName": null,
"onPremisesDomainName": null,
"onPremisesImmutableId": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSamAccountName": null,
"onPremisesSyncEnabled": null,
"onPremisesUserPrincipalName": null,
"otherMails": [],
"passwordPolicies": null,
"passwordProfile": null,
"officeLocation": null,
"postalCode": null,
"preferredLanguage": null,
"proxyAddresses": [],
"refreshTokensValidFromDateTime": "2019-01-23T18:56:43Z",
"imAddresses": [],
"isResourceAccount": null,
"showInAddressList": null,
"state": null,
"streetAddress": null,
"surname": null,
"usageLocation": null,
"userPrincipalName": "[email protected]",
"userType": "Member",
"assignedLicenses": [],
"assignedPlans": [],
"onPremisesProvisioningErrors": [],
"onPremisesExtensionAttributes": {
"extensionAttribute1": null,
"extensionAttribute2": null,
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
},
"provisionedPlans": []
}
]
}
]
}
更新1(回答评论中的查询)
成员和所有者都是导航属性/关系,而不是组的直接属性。您一次只能展开一个。我将向您展示3个快速api调用,可以从Microsoft Graph Explorer进行测试。
仅扩展成员 - 这按预期工作,并返回组以及每个组的成员。
GET https://graph.microsoft.com/v1.0/groups?$expand=members
仅扩展所有者 - 这可以按预期工作,并返回组以及每个组的所有者。上面显示了示例响应。
GET https://graph.microsoft.com/v1.0/groups?$expand=owners
在一次通话中扩展成员和所有者
GET https://graph.microsoft.com/v1.0/groups?$expand=members,owners
响应
你只能在一次调用中扩展一个导航属性..看看错误信息它非常直观:
{
"error": {
"code": "Request_BadRequest",
"message": "The result of parsing $expand contained at least 2 items, but the maximum allowed is 1.",
"innerError": {
"request-id": "119cf794-af56-48a0-b415-4d52c2e60e98",
"date": "2019-02-13T02:57:13"
}
}
}
更新2(回答关于展开的查询并从评论中一起选择)
我认为你不能在查询中只选择几个列以及$ expand。这似乎是一个已知的限制。有关更多上下文,请参阅以下两个链接