Graph API not returning dynamic groups for a user

Question

When I query the group via the API or Graph Explorer, I see the user listed as the first user. This is a dynamic security group.

https://graph.microsoft.com/v1.0/groups/{groupId}?$expand=members

However, when I query the user to get all of their group memberships, this dynamic group is not included in the list of groups.

I have tried both memberOf and transitiveMemberOf

https://graph.microsoft.com/v1.0/users/{userId}?$expand=transitiveMemberOf https://graph.microsoft.com/v1.0/users/{userId}?$expand=memberOf

I do get back other groups for the user, just not this dynamic group. Is there something I am missing to get it to include all the user's dynamic groups?

Answer 1

If you are ok with using a call specifically for getting group membership (instead of the user profile itself), you can use this url instead:

https://graph.microsoft.com/v1.0/users/{userid}/memberOf

I just tested it myself, and was able to grab groups that were dynamic. I'm not totally sure about the difference in just using the $expand parameter vs the /memberOf endpoint, but that should get you what you're looking for.

Update: This url will list only DynamicMembership groups, to simplify validating the expected response. It also uses te beta api instead of v1.0.

https://graph.microsoft.com/beta/users/{user id}/memberOf/microsoft.graph.group?$count=true&$orderby=displayName&$filter= groupTypes/any(c:c+eq+'DynamicMembership')&$Select=displayName,groupTypes,membershipRule