Azure AD – Retrieving Group Members

Recently I needed to query Azure AD from a web api to retrieve members of an AD group, this was prototyped in a console app – C#.

Got the following packages from Nuget…

using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Azure.ActiveDirectory.GraphClient.Extensions;

Declared my constants – I created a new application from within the Azure Management Portal (Active Directory Area), this allowed me to get a client ID and client Secret – required for authentication.

public class Constants
public const string auth = "";
public const string clientID = "client ID GUID";
public const string clientSecret = "client SECRET GUID";
public const string azureGraphAPI = "";
public const string serviceRoot = "";

Created a method to instantiate ActiveDirectoryClient – essentially creating a connection to Azure AD.

private static async Task<string> GetAzureAdToken()
AuthenticationContext authenticationContext = new AuthenticationContext(Constants.auth, true);
ClientCredential clientCred = new ClientCredential(Constants.clientID, Constants.clientSecret);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(Constants.azureGraphAPI, clientCred);
return authenticationResult.AccessToken;

And wrote another two methods allowing me to get a single user by querying using a UPN, and another method to allow me to retrieve a group and its members based on the group name.

private static async Task<string> GetUser(ActiveDirectoryClient adClient, string Upn)
var userLookupTask = adClient.Users.Where(x => x.UserPrincipalName.Equals(Upn, StringComparison.CurrentCultureIgnoreCase)).ExecuteSingleAsync();

User me = (User)await userLookupTask;
return me.DisplayName;

private static async Task<string> GetGroup(ActiveDirectoryClient adClient, string GroupName)
var groupLookup = adClient.Groups.Where(x => x.DisplayName.Equals(GroupName, StringComparison.CurrentCultureIgnoreCase)).ExecuteSingleAsync();

Group grp = (Group)await groupLookup;
IGroupFetcher groupFetcher = (IGroupFetcher)grp;
IPagedCollection<IDirectoryObject> members = groupFetcher.Members.ExecuteAsync().Result;

List<IDirectoryObject> directoryObjects = members.CurrentPage.ToList();
foreach (IDirectoryObject member in directoryObjects)
if (member is User)
User usr = member as User;
Console.WriteLine("user: {0} : {1} : {2}", usr.DisplayName, usr.TelephoneNumber, usr.Mobile);
members = members.MorePagesAvailable ? members = members.GetNextPageAsync().Result : null;

} while (members != null);

return grp.DisplayName;

Within my Main method, it was a case of connecting to Azure AD, and calling the methods…

class Program
static void Main(string[] args)
Uri serviceRoot = new Uri(Constants.serviceRoot);
ActiveDirectoryClient adContext = new ActiveDirectoryClient(serviceRoot,async () => await GetAzureAdToken());

var user = GetUser(adClient, "");
var group = GetGroup(adContext, "IT Solutions");

catch (AuthenticationException ex)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s