administrativeUnit resource type

Namespace: microsoft.graph

An administrative unit provides a conceptual container for user, group, and device directory objects. With administrative units, a company administrator can now delegate administrative responsibilities to manage the users, groups, and devices contained within or scoped to an administrative unit to a regional or departmental administrator. For more information about administrative units, see Administrative units in Microsoft Entra ID.

This resource is an open type that allows other properties to be passed in.

This resource supports:

Methods

Method Return Type Description
Create administrativeUnit Create a new administrative unit.
List administrativeUnit collection List properties of all administrativeUnits.
Get administrativeUnit Read properties and relationships of a specific administrativeUnit object.
Update administrativeUnit Update administrativeUnit object.
Delete None Delete administrativeUnit object.
Memberships
Add member directoryObject Add a member (user, group, or device).
List members directoryObject collection Get the list of (user, group, or device) members.
Get member directoryObject Get a specific member.
Remove member directoryObject Remove a member.
Role assignments
List role assignments with scope scopedRoleMembership collection List Microsoft Entra role assignments with administrative unit scope.
Assign role with scope scopedRoleMembership Assign a Microsoft Entra role with administrative unit scope.
Get role assignment with scope scopedRoleMembership Get a Microsoft Entra role assignment with administrative unit scope.
Remove role assignment with scope scopedRoleMembership Remove a Microsoft Entra role assignment with administrative unit scope.
Deleted items
List directoryObject collection Retrieve a list of recently deleted administrative units from a collection of directory objects.
Get directoryObject Retrieve the properties of a recently deleted administrative unit object.
Restore directoryObject Restore a recently deleted administrative unit object.

Properties

Important

Specific usage of $filter and the $search query parameter is supported only when you use the ConsistencyLevel header set to eventual and $count. For more information, see Advanced query capabilities on directory objects.

Property Type Description
description String An optional description for the administrative unit. Supports $filter (eq, ne, in, startsWith), $search.
displayName String Display name for the administrative unit. Maximum length is 256 characters. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderby.
id String Unique identifier for the administrative unit. Read-only. Supports $filter (eq).
membershipRule String The dynamic membership rule for the administrative unit. For more information about the rules you can use for dynamic administrative units and dynamic groups, see Manage rules for dynamic membership groups in Microsoft Entra ID.
membershipRuleProcessingState String Controls whether the dynamic membership rule is actively processed. Set to On to activate the dynamic membership rule, or Paused to stop updating membership dynamically.
membershipType String Indicates the membership type for the administrative unit. The possible values are: dynamic, assigned. If not set, the default value is null and the default behavior is assigned.
visibility String Controls whether the administrative unit and its members are hidden or public. Can be set to HiddenMembership. If not set, the default value is null and the default behavior is public. When set to HiddenMembership, only members of the administrative unit can list other members of the administrative unit.

Tip

Directory extensions and associated data are returned by default while schema extensions and associated data returned only on $select.

Relationships

Relationship Type Description
members directoryObject collection Users and groups that are members of this administrative unit. Supports $expand.
extensions extension collection The collection of open extensions defined for this administrative unit. Nullable.
scopedRoleMembers scopedRoleMembership collection Scoped-role members of this administrative unit.

JSON representation

The following JSON representation shows the resource type.

{
  "description": "String",
  "displayName": "String",
  "id": "String (identifier)",
  "membershipRule": "String",
  "membershipRuleProcessingState": "String",
  "membershipType": "String",
  "visibility": "String"
}