Share via

Does GraphAPI /groups results include UniversalSecurityGroup?

David Beyda 21 Reputation points Microsoft Employee
2025-02-05T21:24:57.6033333+00:00

One of the few pieces of information I could find about UniversalSecurityGroup in Microsoft is the article below.

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/use-cloud-groups-in-on-premises-active-directory-with-group-writeback/3118023

I understand that UniversalSecurityGroups will live in the on-prem AD and will mirror an original group from AAD.

If this is true, when I query graphAPI for GET /groups, will it return both groups or only the AAD counterpart?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,311 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 45,841 Reputation points
    2025-02-06T01:39:30.7766667+00:00

    Hi @David Beyda

    When using the Microsoft Graph API to query GET /groups, the results will not directly include Universal Security Groups (USGs) from on-premises Active Directory (AD). The Graph API primarily returns groups from Azure Active Directory (AAD).

    If Universal Security Groups have been synchronized to AAD through the group writeback feature, these groups will appear as security groups in AAD. Therefore, when you query GET /groups, you will see the corresponding entries in AAD, not the original groups from on-premises AD.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.