Share via

How to Retrieve Security Group Owners Using Microsoft Graph API?

Aamir Ansari 20 Reputation points
2024-11-22T05:00:09.3+00:00

I am trying to retrieve the owners of a security group using the Microsoft Graph API. I used the following endpoint:

GET https://graph.microsoft.com/v1.0/groups/{id}/owners

However, the response is an empty array, even though I know the group has owners. Here's what I have checked so far:

  1. I have all the necessary scopes granted, including Group.Read.All, GroupMember.Read.All, and Directory.Read.All.
  2. The group exists, and I can retrieve its details using the /groups/{id} endpoint.
  3. I have verified that the group has owners via the Azure portal.

Is there something I'm missing? Is this behavior expected for security groups, or is there a different approach to retrieve the owners of a security group?

Any help or guidance would be appreciated!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,375 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 6,965 Reputation points Microsoft Vendor
    2024-11-22T07:09:47.31+00:00

    Hello Aamir Ansari,

    Thank you for reaching out to Microsoft Support!

    After our test, the endpoint is no problem, can get the security group owner, for you get the security group owner is empty, please check the following points:

    According to the document, Owners are currently not available in Microsoft Graph for groups that were created in Exchange, distribution groups, or groups that are synchronized from an on-premises environment.

    And currently, service principals are not listed as group owners due to the staged rollout of service principals to the Microsoft Graph v1.0 endpoint. If your group owner is a service principal, the null case is the expected behavior.

    Finally, when using delegated permissions, the logged-in user needs to be granted a role, as follows:

    User's image

    You can also retrieve the owners of other security groups to see if the same situation occurs.

    Reference document:

    https://learn.microsoft.com/en-us/graph/api/group-list-owners?view=graph-rest-1.0&tabs=http

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments
  2. Hitesh Pachipulusu - MSFT 3,235 Reputation points Microsoft Vendor
    2024-11-22T07:27:49.0366667+00:00

    Hello Aamir Ansari,

    Thank you for reaching to Microsoft Support!

    I have tested the same Graph API endpoint and able to fetch the owners of a group. No issue with Graph API.

    Please check below for possible reasons:

    1. Group Type: Ensure that the group is not one of the types for which owners are not available via Microsoft Graph. Owners are currently not available for groups created in Exchange, distribution groups, or groups synchronized from an on-premises environment. Please refer documentation.
    2. Permissions: Double-check that the permissions are correctly granted and that the token used in the request has the necessary scopes. Sometimes, permissions might not propagate correctly.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.