Skip to main content

List Group Members

Retrieves a list of all members of a specific group from Azure Active Directory.

Common Properties

  • Name - The custom name of the node.
  • Color - The custom color of the node.
  • Delay Before (sec) - Waits in seconds before executing the node.
  • Delay After (sec) - Waits in seconds after executing node.
  • Continue On Error - Automation will continue regardless of any error. The default value is false.
info

If ContinueOnError property is true, no error is caught when the project is executed even if Catch node is used.

Inputs

  • Access Id - The access ID from the Connect node. Optional if using direct credentials.
  • Group Object Id - Group object ID of the group to list members from. Example: 12345678-1234-1234-1234-123456789012

Options

Direct Credentials (optional - alternative to using Connect node):

  • Tenant Id - Azure AD tenant ID (optional if using Access ID)
  • Client Id - Azure AD application client ID (optional if using Access ID)
  • Client Secret - Azure AD application client secret credential (optional if using Access ID)

Output

  • Result - Object containing an array of member objects in the value property. Each member object includes:
    • id - Member's unique object ID
    • displayName - Member's display name
    • userPrincipalName - Member's email (for users)
    • @odata.type - Type of member (e.g., "#microsoft.graph.user")
    • Other properties depending on member type

How It Works

The List Group Members node:

  1. Authenticates using either the access ID or direct credentials
  2. Sends a GET request to Microsoft Graph API to retrieve group members
  3. Returns a list of all members (users, groups, service principals, etc.)
  4. Result contains value array with member objects

Examples

List All Group Members

Get all members of a group:

// Using Connect node
access_id = message.access_id
group_object_id = "12345678-1234-1234-1234-123456789012"

// List Group Members node executes

// Output
result = {
    "value": [
        {
            "@odata.type": "#microsoft.graph.user",
            "id": "user-id-1",
            "displayName": "John Doe",
            "userPrincipalName": "john.doe@contoso.onmicrosoft.com"
        },
        {
            "@odata.type": "#microsoft.graph.user",
            "id": "user-id-2",
            "displayName": "Jane Smith",
            "userPrincipalName": "jane.smith@contoso.onmicrosoft.com"
        }
    ]
}

Count Group Members

Get the total number of members in a group:

// List Group Members node
group_object_id = "12345678-1234-1234-1234-123456789012"

// Count members
member_count = result.value.length
console.log("Total members: " + member_count)

Extract Member Emails

Get email addresses of all group members:

// List Group Members node

// Extract emails (only for user members)
member_emails = []
for (member of result.value) {
    if (member["@odata.type"] === "#microsoft.graph.user") {
        member_emails.push(member.userPrincipalName)
    }
}

console.log("Member emails: " + member_emails.join(", "))

Check if User is Member

Verify if a specific user is a member of the group:

// List Group Members node
group_object_id = "12345678-1234-1234-1234-123456789012"

// Check for specific user
user_email = "john.doe@contoso.onmicrosoft.com"
is_member = false

for (member of result.value) {
    if (member.userPrincipalName === user_email) {
        is_member = true
        break
    }
}

if (is_member) {
    console.log(user_email + " is a member")
} else {
    console.log(user_email + " is NOT a member")
}

Generate Member Report

Create a report of group membership:

// List Group Members node

// Prepare report data
csv_data = []
csv_data.push(["Name", "Email", "Member ID"])

for (member of result.value) {
    if (member["@odata.type"] === "#microsoft.graph.user") {
        csv_data.push([
            member.displayName,
            member.userPrincipalName,
            member.id
        ])
    }
}

// Write CSV node
// Data: csv_data
// File: "group_members_report.csv"

Filter Members by Type

Separate users from other member types:

// List Group Members node

users = []
groups = []
others = []

for (member of result.value) {
    if (member["@odata.type"] === "#microsoft.graph.user") {
        users.push(member)
    } else if (member["@odata.type"] === "#microsoft.graph.group") {
        groups.push(member)
    } else {
        others.push(member)
    }
}

console.log("Users: " + users.length)
console.log("Groups: " + groups.length)
console.log("Others: " + others.length)

Audit Group Membership

Compare expected members with actual members:

// Expected members
expected_members = [
    "john.doe@contoso.onmicrosoft.com",
    "jane.smith@contoso.onmicrosoft.com",
    "bob.johnson@contoso.onmicrosoft.com"
]

// List Group Members node

// Get actual members
actual_members = []
for (member of result.value) {
    if (member["@odata.type"] === "#microsoft.graph.user") {
        actual_members.push(member.userPrincipalName)
    }
}

// Find missing members
missing = expected_members.filter(email => !actual_members.includes(email))

// Find unexpected members
unexpected = actual_members.filter(email => !expected_members.includes(email))

console.log("Missing members: " + missing.join(", "))
console.log("Unexpected members: " + unexpected.join(", "))

Sync Group Membership

Ensure specific users are members of the group:

// Required members
required_members = [
    "user1@contoso.onmicrosoft.com",
    "user2@contoso.onmicrosoft.com"
]

// List Group Members node
group_object_id = "12345678-1234-1234-1234-123456789012"

// Get current members
current_members = []
for (member of result.value) {
    if (member["@odata.type"] === "#microsoft.graph.user") {
        current_members.push(member.userPrincipalName)
    }
}

// Add missing members
for (email of required_members) {
    if (!current_members.includes(email)) {
        // Get user ID first
        // Get User node: user_id = email
        // Add User To Group node
        // Group Object Id: group_object_id
        // User Id: result.id
        console.log("Added: " + email)
    }
}

Tips for Effective Use

  • Result structure: Members are in the value array property
  • Member types: Check @odata.type to identify member type (user, group, etc.)
  • User properties: Only user members have userPrincipalName
  • Performance: Listing members is efficient even for large groups
  • Membership check: This is the way to verify group membership
  • Nested groups: Groups can be members of other groups
  • Caching: Store results if checking membership multiple times

Common Errors and Solutions

"Group Object Id cannot be empty"

Cause: The Group Object Id input was not provided.

Solution: Provide a valid group object ID:

group_object_id = "12345678-1234-1234-1234-123456789012"

"Response Status is not OK - Group not found"

Cause: No group exists with the specified object ID.

Solution:

  • Verify the group object ID is correct
  • Use List All Groups to find the correct ID

"Either Client Secret with Tenant ID and Client ID, or Access ID must be provided"

Cause: Neither access ID nor complete credentials were provided.

Solution:

// Option 1: Use Connect node
access_id = message.access_id

// Option 2: Provide all credentials
tenant_id = "your-tenant-id"
client_id = "your-client-id"
// Set Client Secret option from vault

Empty Members List

Cause: The group has no members.

Solution:

Best Practices

  1. Error handling: Wrap List Group Members in Try-Catch blocks
  2. Type checking: Always check member @odata.type before accessing user-specific properties
  3. Null safety: Check if properties exist before accessing them
  4. Caching: Store results if checking membership multiple times
  5. Logging: Log membership queries for audit purposes
  6. Performance: This is efficient; use freely for membership verification
  7. Auditing: Use for regular group membership audits
  8. Sync operations: Compare with expected members to maintain compliance