Expiscornovus

Discover the new

Retrieve users from nested AAD Groups

by · September 10, 2022

It is possible to nest Azure Active Directory Security Groups. In this blog I will you how to retrieve all users from these nested groups via the Graph API in Power Automate.

Inspiration

This question from IDonknowwhay:

Is there a way in Power Automate / Power Flow where I can get all the users which belongs to a AAD security group (All_of_IT) and nested groups within the group?

Power Users Community thread: PowerAutomate Loop through an AAD Security Group to find all Users.

List group transitive members

The challenge with this is that an action like the Get Group members only lists a first level of members of an Azure Active Directory Group. That means you would have to include several loops in your flow to get all members. An approach I wanted to avoid.

getgroupmembers

Luckily, Graph API has the List group transitive members method. This method is transitive and returns a flat list of all nested members. Exactly what I wanted 🙂

Flow setup

Update 10-09-22: Shortly after publishing this post I figured out that you could also use a microsoft.graph.user OData cast to filter for the users directly in the Send an HTTP request action, making the Filter Array action unneccessary/optional 😉.

getnestedgroupmembers07

1. Add a Manually trigger a flow action.

manuallytriggeraflow

2. Add a Initialize variable action (optional).
This action is not necessary. You could also directly insert the Group ID as text in the other actions.

getnestedgroupmembers02

a. Provide a Name, I used Object_Id
b. Select String as type
c. Provide a value, the Group Id, which is a GUID.

3. Add a Send an HTTP request action.

getnestedgroupmembers_filterarrayobsolete

a. Use the URI from the code snippet below

b. Use the GET method
c. Add the ConsistencyLevel: eventual text to the CustomHeader1 field

4. Add a Create CSV table action.

getnestedgroupmembers08

a. Use the expression from the code snippet below in the From.

5. Add a Create File action.

getnestedgroupmembers06

a. Select your preferred site in the Site Address
b. Select a Folder Path
c. In File Name provide a preferred name for you new file. I used a file name with an expression like in the code snippet below:

d. In File Content use the Output of the CSV table action

Happy testing!

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.