Retrieve users from nested AAD Groups
It is possible to nest Azure Active Directory Security Groups. In this blog I will you how to retrieve all users from these nested groups via the Graph API in Power Automate.
Luckily, Graph API has the List group transitive members method. This method is transitive and returns a flat list of all nested members. Exactly what I wanted 🙂
1. Add a Manually trigger a flow action.
2. Add a Initialize variable action (optional).
This action is not necessary. You could also directly insert the Group ID as text in the other actions.
a. Provide a Name, I used Object_Id
b. Select String as type
c. Provide a value, the Group Id, which is a GUID.
3. Add a Send an HTTP request action.
a. Use the URI from the code snippet below
b. Use the GET method
c. Add the ConsistencyLevel: eventual text to the CustomHeader1 field
4. Add a Create CSV table action.
a. Use the expression from the code snippet below in the From.
5. Add a Create File action.
a. Select your preferred site in the Site Address
b. Select a Folder Path
c. In File Name provide a preferred name for you new file. I used a file name with an expression like in the code snippet below:
d. In File Content use the Output of the CSV table action
Happy testing!
Inspiration
This question from IDonknowwhay:Is there a way in Power Automate / Power Flow where I can get all the users which belongs to a AAD security group (All_of_IT) and nested groups within the group?Power Users Community thread: PowerAutomate Loop through an AAD Security Group to find all Users.
List group transitive members
The challenge with this is that an action like the Get Group members only lists a first level of members of an Azure Active Directory Group. That means you would have to include several loops in your flow to get all members. An approach I wanted to avoid.
Luckily, Graph API has the List group transitive members method. This method is transitive and returns a flat list of all nested members. Exactly what I wanted 🙂
Flow setup
Update 10-09-22: Shortly after publishing this post I figured out that you could also use a microsoft.graph.user OData cast to filter for the users directly in the Send an HTTP request action, making the Filter Array action unneccessary/optional 😉.
1. Add a Manually trigger a flow action.
2. Add a Initialize variable action (optional).
This action is not necessary. You could also directly insert the Group ID as text in the other actions.
a. Provide a Name, I used Object_Id
b. Select String as type
c. Provide a value, the Group Id, which is a GUID.
3. Add a Send an HTTP request action.
a. Use the URI from the code snippet below
b. Use the GET method
c. Add the ConsistencyLevel: eventual text to the CustomHeader1 field
4. Add a Create CSV table action.
a. Use the expression from the code snippet below in the From.
5. Add a Create File action.
a. Select your preferred site in the Site Address
b. Select a Folder Path
c. In File Name provide a preferred name for you new file. I used a file name with an expression like in the code snippet below:
d. In File Content use the Output of the CSV table action
Happy testing!
Hi Dennis! Thank you for your solution, for a very beginner like me it was very helpful and works perfectly 🙂
I have a question about Microsoft Graph. Do you know if it is possible to list user names together with all the groups they are members of?
I needed extra columns so I use this URI: https://graph.microsoft.com/v1.0/groups//transitiveMembers/microsoft.graph.user?$count=true&$select=Id, displayName, Department, JobTitle, Mail, MailNickName
but I also need information about all groups that the listed users are members of and have no idea how to implement this..
how do you get this to be solution aware? I keep getting a big red banner that will not allow me to import the connection / connection reference.
Hi Alexandria,
Normally I create and add the connection references to the solution first before I start building the cloud flow and reuse those connection references in the actions. Which approach did you take to create this flow in a solution?
Hi, how to make “Send an HTTP request V2” to “Create CSV table” return more than 100 rows. In CSV file always 100 rows…