Add User To Group
Adds a user as a member to a group in Azure Active Directory.
Common Properties
- Name - The custom name of the node.
- Color - The custom color of the node.
- Delay Before (sec) - Waits in seconds before executing the node.
- Delay After (sec) - Waits in seconds after executing node.
- Continue On Error - Automation will continue regardless of any error. The default value is false.
info
If ContinueOnError property is true, no error is caught when the project is executed even if Catch node is used.
Inputs
- Access Id - The access ID from the Connect node. Optional if using direct credentials.
- Group Object Id - Group object ID of the target group. Example:
12345678-1234-1234-1234-123456789012 - User Id - User ID (object ID) of the user to add to the group. Must be the object ID, not email address.
Options
Direct Credentials (optional - alternative to using Connect node):
- Tenant Id - Azure AD tenant ID (optional if using Access ID)
- Client Id - Azure AD application client ID (optional if using Access ID)
- Client Secret - Azure AD application client secret credential (optional if using Access ID)
Output
- Result - Operation result message, typically "Added Successfully." if the operation succeeded.
How It Works
The Add User To Group node:
- Authenticates using either the access ID or direct credentials
- Sends a POST request to Microsoft Graph API to add the member
- Azure AD adds the user to the group
- Returns a success message
note
You must use the user's object ID (GUID), not the user principal name (email). Use Get User to get the object ID from an email address.
Examples
Add User to Group
Add a user to a group using object IDs:
// Using Connect node
access_id = message.access_id
group_object_id = "12345678-1234-1234-1234-123456789012"
user_id = "abcdef12-3456-7890-abcd-ef1234567890"
// Add User To Group node executes
// Output
result = "Added Successfully."
Add User by Email
Get user object ID from email, then add to group:
access_id = message.access_id
user_email = "john.doe@contoso.onmicrosoft.com"
group_id = "12345678-1234-1234-1234-123456789012"
// Step 1: Get user object ID
// Get User node
// User Id: user_email
user_object_id = result.id
// Step 2: Add to group
// Add User To Group node
// Group Object Id: group_id
// User Id: user_object_id
console.log("Added " + user_email + " to group")
Add Multiple Users to Group
Add several users to the same group:
group_id = "12345678-1234-1234-1234-123456789012"
// User emails to add
user_emails = [
"user1@contoso.onmicrosoft.com",
"user2@contoso.onmicrosoft.com",
"user3@contoso.onmicrosoft.com"
]
added_users = []
failed_users = []
// Loop through users
for (email of user_emails) {
try {
// Get user object ID
// Get User node
// User Id: email
user_obj_id = result.id
// Add to group
// Add User To Group node
// Group Object Id: group_id
// User Id: user_obj_id
added_users.push(email)
console.log("Added: " + email)
// Delay between additions
// Wait 0.5 seconds
} catch (error) {
failed_users.push({email: email, error: error.message})
console.log("Failed: " + email)
}
}
console.log("Added: " + added_users.length)
console.log("Failed: " + failed_users.length)
Add User to Multiple Groups
Add a single user to multiple groups:
user_email = "john.doe@contoso.onmicrosoft.com"
// Get user object ID first
// Get User node
// User Id: user_email
user_obj_id = result.id
// Groups to add user to
group_ids = [
"12345678-1234-1234-1234-123456789012",
"abcdef12-3456-7890-abcd-ef1234567890",
"fedcba98-7654-3210-fedc-ba9876543210"
]
// Add to each group
for (group_id of group_ids) {
try {
// Add User To Group node
// Group Object Id: group_id
// User Id: user_obj_id
console.log("Added to group: " + group_id)
// Delay
// Wait 0.5 seconds
} catch (error) {
console.log("Failed for group: " + group_id)
}
}
Onboarding Automation
Automatically add new employees to standard groups:
// New employee data
new_employee_email = "new.hire@contoso.onmicrosoft.com"
department = "Engineering"
// Get user object ID
// Get User node
// User Id: new_employee_email
user_obj_id = result.id
// Standard groups for all employees
all_employee_groups = [
"all-employees-group-id",
"company-announcements-group-id"
]
// Department-specific groups
department_groups = {
"Engineering": ["engineering-group-id", "developers-group-id"],
"Sales": ["sales-group-id"],
"Marketing": ["marketing-group-id"]
}
// Add to all employee groups
for (group_id of all_employee_groups) {
// Add User To Group node
// Group Object Id: group_id
// User Id: user_obj_id
}
// Add to department groups
if (department_groups[department]) {
for (group_id of department_groups[department]) {
// Add User To Group node
// Group Object Id: group_id
// User Id: user_obj_id
}
}
console.log("Onboarding complete for: " + new_employee_email)
Sync Group Membership
Ensure users are members of required groups:
// Required group memberships
required_memberships = [
{
email: "user1@contoso.onmicrosoft.com",
groups: ["group-id-1", "group-id-2"]
},
{
email: "user2@contoso.onmicrosoft.com",
groups: ["group-id-1", "group-id-3"]
}
]
// Process each user
for (membership of required_memberships) {
// Get user object ID
// Get User node
// User Id: membership.email
user_obj_id = result.id
// Check each required group
for (group_id of membership.groups) {
// List Group Members node
// Group Object Id: group_id
// Check if already member
is_member = false
for (member of result.value) {
if (member.id === user_obj_id) {
is_member = true
break
}
}
if (!is_member) {
// Add User To Group node
// Group Object Id: group_id
// User Id: user_obj_id
console.log("Added " + membership.email + " to group")
}
}
}
Add Users from CSV
Bulk add users to groups from CSV file:
// CSV structure: Email, GroupID
// Read CSV node
// File: "group_memberships.csv"
// Process each row
for (row of csv_data) {
try {
// Get user object ID
// Get User node
// User Id: row.Email
user_obj_id = result.id
// Add to group
// Add User To Group node
// Group Object Id: row.GroupID
// User Id: user_obj_id
console.log("Added " + row.Email + " to group " + row.GroupID)
// Delay
// Wait 1 second
} catch (error) {
console.log("Error: " + row.Email + " - " + error.message)
}
}
Check and Add if Not Member
Add user only if not already a member:
user_email = "john.doe@contoso.onmicrosoft.com"
group_id = "12345678-1234-1234-1234-123456789012"
// Get user object ID
// Get User node
// User Id: user_email
user_obj_id = result.id
// List Group Members node
// Group Object Id: group_id
// Check if already member
is_member = false
for (member of result.value) {
if (member.id === user_obj_id) {
is_member = true
break
}
}
if (!is_member) {
// Add User To Group node
// Group Object Id: group_id
// User Id: user_obj_id
console.log("User added to group")
} else {
console.log("User already a member")
}
Tips for Effective Use
- Object ID required: Must use user object ID, not email address
- Get user first: Use Get User node to convert email to object ID
- Error handling: Use Try-Catch to handle already-member errors
- Idempotent: Adding an existing member may return an error
- Check first: List members before adding to avoid errors
- Bulk operations: Add delays between operations
- Logging: Log all membership changes for audit
- Verification: List members after adding to verify success
Common Errors and Solutions
"Group Id cannot be empty"
Cause: The Group Object Id input was not provided.
Solution: Provide a valid group object ID:
group_object_id = "12345678-1234-1234-1234-123456789012"
"User Id cannot be empty"
Cause: The User Id input was not provided.
Solution: Provide a valid user object ID:
user_id = "abcdef12-3456-7890-abcd-ef1234567890"
"Response Status is not OK - User is already a member"
Cause: The user is already a member of the group.
Solution: Check membership before adding:
// List Group Members node first
// Check if user is already a member
// Only add if not already a member
"Invalid user ID format"
Cause: Used email address instead of object ID.
Solution: Get object ID first:
// Get User node
// User Id: "john.doe@contoso.onmicrosoft.com"
user_obj_id = result.id
// Now use object ID
// Add User To Group node
// User Id: user_obj_id
"Either Client Secret with Tenant ID and Client ID, or Access ID must be provided"
Cause: Neither access ID nor complete credentials were provided.
Solution:
// Option 1: Use Connect node
access_id = message.access_id
// Option 2: Provide all credentials
tenant_id = "your-tenant-id"
client_id = "your-client-id"
// Set Client Secret option from vault
Best Practices
- Get object ID: Always use Get User to convert email to object ID
- Check membership: List members before adding to avoid errors
- Error handling: Use Try-Catch for graceful error handling
- Logging: Log all membership additions for audit trails
- Bulk operations: Add delays to avoid throttling
- Verification: Verify group and user exist before adding
- Idempotency: Design flows to handle already-member scenarios
- Testing: Test with a small group before bulk operations
- Rollback plan: Have a process to remove users if needed
- Documentation: Document group membership policies
Related Nodes
- Connect - Establish Azure AD connection
- Get User - Get user object ID from email
- Get Group - Verify group exists
- List Group Members - Check current members
- Delete User From Group - Remove members
- List All Groups - Find group IDs