Retrieve users from nested AAD Groups
It is possible to nest Azure Active Directory Security Groups. In this blog I will you how to retrieve all users from these nested groups via the Graph API in Power Automate.
Inspiration
This question from IDonknowwhay:
Is there a way in Power Automate / Power Flow where I can get all the users which belongs to a AAD security group (All_of_IT) and nested groups within the group?
Power Users Community thread: PowerAutomate Loop through an AAD Security Group to find all Users.
List group transitive members
The challenge with this is that an action like the Get Group members only lists a first level of members of an Azure Active Directory Group. That means you would have to include several loops in your flow to get all members. An approach I wanted to avoid.
Luckily, Graph API has the List group transitive members method. This method is transitive and returns a flat list of all nested members. Exactly what I wanted 🙂
Flow setup
Update 10-09-22: Shortly after publishing this post I figured out that you could also use a microsoft.graph.user OData cast to filter for the users directly in the Send an HTTP request action, making the Filter Array action unneccessary/optional 😉.
1. Add a Manually trigger a flow action.
2. Add a Initialize variable action (optional).
This action is not necessary. You could also directly insert the Group ID as text in the other actions.
a. Provide a Name, I used Object_Id
b. Select String as type
c. Provide a value, the Group Id, which is a GUID.
3. Add a Send an HTTP request action.
a. Use the URI from the code snippet below
b. Use the GET method
c. Add the ConsistencyLevel: eventual text to the CustomHeader1 field
4. Add a Create CSV table action.
a. Use the expression from the code snippet below in the From.
5. Add a Create File action.
a. Select your preferred site in the Site Address
b. Select a Folder Path
c. In File Name provide a preferred name for you new file. I used a file name with an expression like in the code snippet below:
d. In File Content use the Output of the CSV table action
Happy testing!
Hi Dennis! Thank you for your solution, for a very beginner like me it was very helpful and works perfectly 🙂
I have a question about Microsoft Graph. Do you know if it is possible to list user names together with all the groups they are members of?
I needed extra columns so I use this URI: https://graph.microsoft.com/v1.0/groups//transitiveMembers/microsoft.graph.user?$count=true&$select=Id, displayName, Department, JobTitle, Mail, MailNickName
but I also need information about all groups that the listed users are members of and have no idea how to implement this..
how do you get this to be solution aware? I keep getting a big red banner that will not allow me to import the connection / connection reference.
Hi Alexandria,
Normally I create and add the connection references to the solution first before I start building the cloud flow and reuse those connection references in the actions. Which approach did you take to create this flow in a solution?