Get group members

Retrieves all members of a group.

GET ~/api/directoryObjects/groupMembers?<parameters>

Query parameters

  • Name

  • Required

  • Type

  • Description

  • group

  • True

  • string

  • The identifier of the group whose members to retrieve. A group can be identified by:

     Distinguished name (DN) {.black}
    # Example
    CN=My Group,CN=Groups,DC=example,DC=com
    
     Globally unique identifier (GUID) {.black}
    # Example
    a7b63270-b8a4-4c34-b830-7e0d09f2e021
    
     Security identifier (SID) {.black}
    # Example
    S-1-5-21-3625849556-2655411187-3268999566-9847
    
  • includeIndirect

  • False

  • bool

  • Set to true to retrieve both, direct members and indirect members (i.e. members of nested groups). If not specified, defaults to false.

  • properties

  • False

  • string

  • A comma-separated list of LDAP property names without whitespaces e.g. manager,department. Each retrieved object will contain the values of specified properties. If not specified, objects will be retrieved with the default property set.

     Default property set {.black}
    • guid
    • dn
    • displayName
    • objectType
    • objectTypeCode
    • domainName
  • sizeLimit

  • False

  • integer

  • The maximum number of objects to be retrieved. If not specified, defaults to 1000.

Request headers

  • Name

  • Required

  • Description

  • Adm-Authorization

  • True

  • Specify the security token obtained during authentication.

Request body

Do not send a body with this request.

Responses

  • If successful, returns 200 OK status code and an array of directory objects in the response body.
  • If successful, and there are no objects to retrieve, returns 200 OK status code and an empty array in the response body.
  • If unsuccessful, returns one of the common HTTP error codes and an error description in the response body.

Tip

Only objects that the authenticated user has the permissions to view will be included in the response. All permissions in Adaxes are granted by security roles.

Examples

 Example 1: Retrieve group members

The following code sample retrieves all members of a specific group, including indirect members due to group nesting.

Request

PowerShell
$groupIdentifier = "CN=My Group,OU=Groups,DC=example,DC=com"

$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/groupMembers"
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD"}
$requestParams = @{
    group = $groupIdentifier;
    includeIndirect = $True
}

# Make request
Invoke-RestMethod -Method GET -Headers $requestHeaders -Uri $requestUrl -Body $requestParams
C#
using System;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        string groupIdentifier = "CN=My Group,OU=Groups,DC=example,DC=com";
        const string token = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD";

        UriBuilder requestUrl = new UriBuilder(
            "https://host.example.com/restApi/api/directoryObjects/groupMembers");
        requestUrl.Query += $"?group={groupIdentifier}";
        requestUrl.Query += "&includeIndirect=true";

        // Initialize HTTP client
        using (HttpClient client = new HttpClient())
        {
            client.DefaultRequestHeaders.Add("Adm-Authorization", token);

            // Make request
            string response = await client.GetStringAsync(requestUrl.ToString());
            Console.WriteLine(response);
        }
    }
}
cURL
curl  --header 'Adm-Authorization: HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD' \
--get -X GET 'https://host.example.com/restApi/api/directoryObjects/groupMembers' \
--data-urlencode 'group=CN=My Group,OU=Groups,DC=example,DC=com' \
--data-urlencode 'includeIndirect=true'
node.js
var groupIdentifier = encodeURIComponent("CN=My Group,OU=Groups,DC=example,DC=com");

var https = require("https");

// Request parameters and headers
var requestPath = "/restApi/api/directoryObjects/groupMembers"
    + `?group=${groupIdentifier}`
    + "&includeIndirect=true";
    
var options = {
    'method': 'GET',
    'hostname': 'host.example.com',
    'path': requestPath,
    'headers': {
        "Adm-Authorization": "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD",
    }
};

// Make request
var req = https.request(options, function (res) {
    var chunks = [];

    res.on("data", function (chunk) {
        chunks.push(chunk);
    });

    res.on("end", function (chunk) {
        var body = Buffer.concat(chunks);
        console.log(body.toString());
    });

    res.on("error", function (error) {
        console.error(error);
    });
});

req.end();

Response

HTTP Status code: 200 OK
Response body:

[
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T14:18:48.974886Z",
            "expirationStatus": 0,
            "expirationDate": "2023-05-30T14:18:48.974886Z"
        },
        "guid": "13ce39d7-183d-41d7-9a6e-ad1ba85b4be3",
        "dn": "CN=Nick Johnston,OU=Sales,DC=example,DC=com",
        "displayName": "Nick Johnston",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "properties": {}
    },
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T11:45:12.1312415Z",
            "expirationStatus": 0,
            "expirationDate": "2022-02-22T11:45:12.1312415Z"
        },
        "guid": "073ea181-87a7-46ea-8f4e-c0e3345c7bb8",
        "dn": "CN=Laura Webb,OU=Sales,DC=example,DC=com",
        "displayName": "Laura Webb",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "properties": {}
    }
]
 Example 2: Retrieve group members with their department and account expiration date

The following code sample retrieves all direct members of a specific group and their values of the following properties:

  • Department
  • Account expires

Request

PowerShell
$groupIdentifier = "a7b63270-b8a4-4c34-b830-7e0d09f2e021"
$propertiesToGet = "department,accountExpires"

$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/groupMembers"
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD"}
$requestParams = @{
    group = $groupIdentifier;
    properties = $propertiesToGet
}

# Make request
Invoke-RestMethod -Method GET -Headers $requestHeaders -Uri $requestUrl -Body $requestParams
C#
using System;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        string groupIdentifier = "a7b63270-b8a4-4c34-b830-7e0d09f2e021";
        const string propertiesToGet = "department,accountExpires";
        const string token = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD";
        
        UriBuilder requestUrl = new UriBuilder(
            "https://host.example.com/restApi/api/directoryObjects/groupMembers");
        requestUrl.Query += $"?group={groupIdentifier}";
        requestUrl.Query += $"&properties={propertiesToGet}";

        // Initialize HTTP client
        using (HttpClient client = new HttpClient())
        {
            client.DefaultRequestHeaders.Add("Adm-Authorization", token);

            // Make request
            string response = await client.GetStringAsync(requestUrl.ToString());
            Console.WriteLine(response);
        }
    }
}
cURL
curl  --header 'Adm-Authorization: HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD' \
--get -X GET 'https://host.example.com/restApi/api/directoryObjects/groupMembers' \
--data-urlencode 'group=a7b63270-b8a4-4c34-b830-7e0d09f2e021' \
--data-urlencode 'properties=department,accountExpires'
node.js
var groupIdentifier = "a7b63270-b8a4-4c34-b830-7e0d09f2e021";
var propertiesToGet = "department,accountExpires";

var https = require("https");

// Request parameters and headers
var requestPath = "/restApi/api/directoryObjects"
    + `?directoryobject=${groupIdentifier}`
    + `&properties=${propertiesToGet}`;
    
var options = {
    'method': 'GET',
    'hostname': 'host.example.com',
    'path': requestPath,
    'headers': {
        "Adm-Authorization": "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD",
    }
};

// Make request
var req = https.request(options, function (res) {
    var chunks = [];

    res.on("data", function (chunk) {
        chunks.push(chunk);
    });

    res.on("end", function (chunk) {
        var body = Buffer.concat(chunks);
        console.log(body.toString());
    });

    res.on("error", function (error) {
        console.error(error);
    });
});

req.end();

Response

HTTP Status code: 200 OK
Response body:

[
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T14:18:48.974886Z",
            "expirationStatus": 0,
            "expirationDate": "2023-05-30T14:18:48.974886Z"
        },
        "guid": "13ce39d7-183d-41d7-9a6e-ad1ba85b4be3",
        "dn": "CN=Nick Johnston,OU=Sales,DC=example,DC=com",
        "displayName": "Nick Johnston",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "properties": {
            "department": [
                "Sales"
            ],
            "accountexpires": [
                "never"
            ]
        }
    },
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T11:45:12.1312415Z",
            "expirationStatus": 0,
            "expirationDate": "2022-02-22T11:45:12.1312415Z"
        },
        "guid": "073ea181-87a7-46ea-8f4e-c0e3345c7bb8",
        "dn": "CN=Laura Webb,OU=Sales,DC=example,DC=com",
        "displayName": "Laura Webb",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "properties": {
            "department": [
                "Marketing"
            ],
            "accountexpires": [
                "2020-12-12T11:39:38.9936927Z"
            ]
        }
    }
]

See also