Post
Ask Question

AAD Group - Read Member Summary Using C#

Is there a way to read Azure Active directory Group (Service or Microsoft 365) programmatically?
 
Yes, there are different ways to do it, and one of them is through C-sharp with the help of AAD-App with required permissions. 
 
Let's see with the following example.
 
Pre-requisite
  • Create an AAD App
  • Get the AAD Group Member Reader & User Read All permission through Microsoft Graph (application permission)
  • Create a client secret (we'll use this to access your AAD Group information in the context of AAD App)
  • Create a CSharp project (detail mentioned below)

Create an AAD App with AAD GroupMember read & user read all permission

 
Step 1
 
Create an aad app: Login to azure portal
 
=> Azure Active Directory
=> App registration
=> Create a new app
 
Step 2
 
Once AAD App is created (e.g.: AADGroupReader)
 
Open it.
 
Go to its API Permissions.
 
AAD Group - Read Member Summary Using C#
 
Click on Add Permission.

From right-hand side select "Microsoft Graph"
 
AAD Group - Read Member Summary Using C#
 
Now you have to search with Keyword "User" and select "User.Read.All"
 
AAD Group - Read Member Summary Using C#
 
And also search for keyword "Group" and select "GroupMember.ReadWrite.All"
 
AAD Group - Read Member Summary Using C#
 
Once you've selected both, click "Add permission."
 
Now on the API permission, you can see both "User.Read.All" & "GroupMember.Read.All" got added.
 
But you will notice that status is "Not granted for default...."
 
AAD Group - Read Member Summary Using C#
 
If you're AAD Admin you can Grant admin consent.
 
If you're not AAD Admin you may have to contact your admin to grant admin consent.
 
If you are the AAD admin, you can grant the consent like this.
 
Click on "Grant admin consent for default directory" And click "Yes" from the pop-up like this.
 
AAD Group - Read Member Summary Using C#
 
Once admin consent is granted, you can see a status bar with Green check-mark.
 
AAD Group - Read Member Summary Using C#
 
Now let's create the client secret and save the created client secret in a safe place (e.g.: Key vault).
 
Click on "Certificates & secretes"
 
AAD Group - Read Member Summary Using C#
 
New client secret
 
AAD Group - Read Member Summary Using C#
 
Copy the client secret and save it at a safe place.
 
AAD Group - Read Member Summary Using C#
 
With this, we're good with accessing our AAD Group and its user detail using AAD App context (SPN context).
 
Now use CSharp and get the AAD group member detail with the help of created AAD App,
 
Step 1
 
Open Visual Studio
 
Step 2
 
Create a console app.
 
Step 3
 
Install these libraries through Nuget package.
 
Install these 3 libraries using NuGet package manager
  • Microsoft.Graph;
  • Microsoft.Graph.Auth; // at this time it's in Preview mode.
  • Microsoft.Identity.Client;
Step 4
 
Write an AADGroupReader class like this.
 
In this code snipped replace your ClientId, TenantId & clientSecret of your own app & group.
 
Step 5
 
Assume that we have an AAD Group with the name "testaddgroup" having one user with the name "Test User"
 
Code snipped to read the AAD Group & fetch the user summary.
 
Utility method to get the group member 
  1. public List GetGroupMembers(string groupName)  
  2.         {  
  3.             var userList = new List();  
  4.             try  
  5.             {  
  6.                 var clientId = "your-aad-app-client-id";  
  7.                 var tenantId = "your-tenant-id";  
  8.                 var secret = "your-aad-app-client-secret";  
  9.                 IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder  
  10.                                                                                    .Create(clientId)  
  11.                                                                                    .WithTenantId(tenantId)  
  12.                                                                                    .WithClientSecret(secret)  
  13.                                                                                    .Build();  
  14.   
  15.                 IAuthenticationProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);  
  16.                 GraphServiceClient graphClient = new GraphServiceClient(authProvider);  
  17.   
  18.                 var groupsDetails = graphClient.Groups.Request()  
  19.                     .Filter($"startswith(displayName,'{groupName}')")  // TODO: optimize this filter criteria based on your need
  20.                     .GetAsync()  
  21.                      .ConfigureAwait(false)  
  22.                        .GetAwaiter()  
  23.                        .GetResult()  
  24.                        .ToList()  
  25.                        .Where(x => string.Equals(x.DisplayName, groupName, StringComparison.InvariantCultureIgnoreCase))  
  26.                        .FirstOrDefault();  
  27.   
  28.   
  29.                 var groupObjectId = groupsDetails.Id;  
  30.                 var groupMembers = graphClient.Groups[groupObjectId]  
  31.                        .TransitiveMembers  // To get the recursive members (if there is another member group, it will also get that groups member list)
  32.                        //.Members  // just to get the direct member  
  33.                        .Request()  
  34.                        .GetAsync()  
  35.                        .ConfigureAwait(false)  
  36.                        .GetAwaiter()  
  37.                        .GetResult();  
  38.   
  39.   
  40.                 foreach (var mem in groupMembers.ToList())  
  41.                 {  
  42.                     //var memType = mem.GetType();  
  43.                     if (mem.GetType() == typeof(User))  
  44.                     {  
  45.                         var myUser = graphClient.Users[mem.Id].Request().GetAsync()  
  46.                        .ConfigureAwait(false)  
  47.                        .GetAwaiter()  
  48.                        .GetResult();  
  49.   
  50.                         User forUser = (User)mem;  
  51.   
  52.                         userList.Add(new AadGroupMember  
  53.                         {  
  54.                             ObjectId = forUser.Id,  
  55.                             UserPrincipalName = forUser.UserPrincipalName,  
  56.                             Name = forUser.DisplayName,  
  57.                             Email = forUser.Mail,  
  58.   
  59.                         });  
  60.                     }  
  61.                 }  
  62.   
  63.                 return userList;  
  64.             }  
  65.             catch (Exception ex)  
  66.             {  
  67.                 throw;  
  68.             }  
  69.         }  
  70.     
Helping entity:
  1. public class AadGroupMember  
  2.     {  
  3.         public string ObjectId { getset; }  
  4.         public string Name { getset; }  
  5.         public string UserPrincipalName { getset; }  
  6.         public string Email { getset; } //UserPrincipalName  
  7.     }  
Working code can be found on GitHub "AzureActiveDirectory" repo.  
Next Recommended Reading Read Table In Word Document Using C#