Get group members

Retrieves all members of a group.

GET ~/api/directoryObjects/groupMembers?<parameters>

Query parameters

  • Name

  • Required

  • Type

  • Description

  • group

  • True

  • string

  • The identifier of the group whose members to retrieve. A group can be identified by:

     Distinguished name (DN)
    # Example
    CN=My Group,CN=Groups,DC=example,DC=com
    
     Globally unique identifier (GUID)
    # Example
    a7b63270-b8a4-4c34-b830-7e0d09f2e021
    
     Security identifier (SID)
    # Example
    S-1-5-21-3625849556-2655411187-3268999566-9847
    
  • includeIndirect

  • False

  • bool

  • Set to true to retrieve both, direct members and indirect members (i.e. members of nested groups). If not specified, defaults to false.

  • properties

  • False

  • string

  • A comma-separated list of LDAP property names without whitespaces e.g. manager,department. Each retrieved object will contain the values of specified properties. If not specified, objects will be retrieved with the default property set.

     Default property set
    • guid
    • dn
    • displayName
    • objectType
    • objectTypeCode
    • domainName
    • directoryType
  • sizeLimit

  • False

  • integer

  • The maximum number of objects to retrieve. If not specified, every group member will be retrieved.

Request headers

  • Name

  • Required

  • Description

  • Adm-Authorization

  • True

  • Specify the security token obtained during authentication.

Request body

Do not send a body with this request.

Responses

  • If successful, returns 200 OK status code and an array of directory objects in the response body.
  • If successful, and there are no objects to retrieve, returns 200 OK status code and an empty array in the response body.
  • If unsuccessful, returns one of the common HTTP error codes and an error description in the response body.

Only objects that the authenticated user has the permissions to view will be included in the response. All permissions in Adaxes are granted by security roles.

Examples

 Example 1 – Retrieve group members

The following code sample retrieves all members of a specific group, including indirect members due to group nesting.

Request

PowerShell
$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/groupMembers"

# Request parameters
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = YOUR-SECURITY-TOKEN}
$queryParams = @{
    "group" = "CN=My Group,OU=Groups,DC=example,DC=com";
    "includeIndirect" = $true
}

# Make request
Invoke-RestMethod -Method GET -Headers $requestHeaders -Uri $requestUrl -Body $queryParams
C#
using System;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        const string baseUrl = "https://host.example.com";
        const string endpoint = "/restApi/api/directoryObjects/groupMembers";
        
        // Request parameters
        const string groupIdentifier = "CN=My Group,OU=Groups,DC=example,DC=com";
        UriBuilder requestUrl = new()
        {
            Host = baseUrl + endpoint,
            Query = $"?group={groupIdentifier}" + "&includeIndirect=true"
        };

        // Initialize HTTP client
        using HttpClient client = new();
        client.DefaultRequestHeaders.Add("Adm-Authorization", YOUR-SECURITY-TOKEN);

        // Make request
        string response = await client.GetStringAsync(requestUrl.ToString());
        Console.WriteLine(response);
    }
}
cURL
curl  --header 'Adm-Authorization: YOUR-SECURITY-TOKEN' \
--get -X GET 'https://host.example.com/restApi/api/directoryObjects/groupMembers' \
--data-urlencode 'group=CN=My Group,OU=Groups,DC=example,DC=com' \
--data-urlencode 'includeIndirect=true'
node.js
var https = require('https');

// Request parameters
var groupIdentifier = encodeURIComponent("CN=My Group,OU=Groups,DC=example,DC=com");
var requestPath = "/restApi/api/directoryObjects/groupMembers"
    + `?group=${groupIdentifier}`
    + "&includeIndirect=true";
    
var options = {
    'method': 'GET',
    'hostname': 'host.example.com',
    'path': requestPath,
    'headers': {'Adm-Authorization': 'YOUR-SECURITY-TOKEN'}
};

// Make request
var req = https.request(options, res => {
    var data = [];

    res.on("data", chunk => {
        data.push(chunk);
    });

    res.on("end", () => {
        var body = Buffer.concat(data);
        console.log(body.toString());
    });

    res.on("error", error => {
        console.error(error);
    });
});
req.end();
Python
import requests
import json

baseUrl = "https://host.example.com/restApi"
endpoint = "/api/directoryObjects/groupMembers"

# Request parameters
requestUrl = baseUrl + endpoint
requestHeaders = {"Adm-Authorization": YOUR-SECURITY-TOKEN}
queryParams = {
    "group": "CN=My Group,OU=Groups,DC=example,DC=com",
    "includeIndirect": True
}   

# Make request
request = requests.get(requestUrl, headers=requestHeaders, params=queryParams)
response = json.loads(request.content)
print(response)

Response

HTTP Status code: 200 OK
Response body:

[
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T14:18:48.974886Z",
            "expirationStatus": 0,
            "expirationDate": "2023-05-30T14:18:48.974886Z"
        },
        "guid": "13ce39d7-183d-41d7-9a6e-ad1ba85b4be3",
        "dn": "CN=Nick Johnston,OU=Sales,DC=example,DC=com",
        "displayName": "Nick Johnston",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "directoryType": 1,
        "properties": {}
    },
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T11:45:12.1312415Z",
            "expirationStatus": 0,
            "expirationDate": "2022-02-22T11:45:12.1312415Z"
        },
        "guid": "073ea181-87a7-46ea-8f4e-c0e3345c7bb8",
        "dn": "CN=Laura Webb,OU=Sales,DC=example,DC=com",
        "displayName": "Laura Webb",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "directoryType": 1,
        "properties": {}
    }
]
 Example 2 – Retrieve group members with their department and account expiration date

The following code sample retrieves all direct members of a specific group and their values of the following properties:

  • Department
  • Account expires

Request

PowerShell
$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/groupMembers"

# Request parameters
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = YOUR-SECURITY-TOKEN}
$queryParams = @{
    "group" = "a7b63270-b8a4-4c34-b830-7e0d09f2e021";
    "properties" = "department,accountExpires"
}

# Make request
Invoke-RestMethod -Method GET -Headers $requestHeaders -Uri $requestUrl -Body $queryParams
C#
using System;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        const string baseUrl = "https://host.example.com";
        const string endpoint = "/restApi/api/directoryObjects/groupMembers";            
        
        // Request parameters
        const string groupIdentifier = "a7b63270-b8a4-4c34-b830-7e0d09f2e021";
        const string propertiesToGet = "department,accountExpires";
        UriBuilder requestUrl = new()
        {
            Host = baseUrl + endpoint,
            Query = $"?group={groupIdentifier}" + $"&properties={propertiesToGet}"
        };            

        // Initialize HTTP client
        using HttpClient client = new();
        client.DefaultRequestHeaders.Add("Adm-Authorization", YOUR-SECURITY-TOKEN);

        // Make request
        string response = await client.GetStringAsync(requestUrl.ToString());
        Console.WriteLine(response);
    }
}
cURL
curl  --header 'Adm-Authorization: YOUR-SECURITY-TOKEN' \
--get -X GET 'https://host.example.com/restApi/api/directoryObjects/groupMembers' \
--data-urlencode 'group=a7b63270-b8a4-4c34-b830-7e0d09f2e021' \
--data-urlencode 'properties=department,accountExpires'
node.js
var https = require('https');

// Request parameters
var groupIdentifier = "a7b63270-b8a4-4c34-b830-7e0d09f2e021";
var propertiesToGet = "department,accountExpires";
var requestPath = "/restApi/api/directoryObjects"
    + `?directoryobject=${groupIdentifier}`
    + `&properties=${propertiesToGet}`;
    
var options = {
    'method': 'GET',
    'hostname': 'host.example.com',
    'path': requestPath,
    'headers': {'Adm-Authorization': 'YOUR-SECURITY-TOKEN'}
};

// Make request
var req = https.request(options, res => {
    var data = [];

    res.on("data", chunk => {
        data.push(chunk);
    });

    res.on("end", () => {
        var body = Buffer.concat(data);
        console.log(body.toString());
    });

    res.on("error", error => {
        console.error(error);
    });
});
req.end();
Python
import requests
import json

baseUrl = "https://host.example.com/restApi"
endpoint = "/api/directoryObjects/groupMembers"

# Request parameters
requestUrl = baseUrl + endpoint
requestHeaders = {"Adm-Authorization": YOUR-SECURITY-TOKEN}
queryParams = {
    "group": "CN=My Group,OU=Groups,DC=example,DC=com",
    "properties": "department,accountExpires"
}   

# Make request
request = requests.get(requestUrl, headers=requestHeaders, params=queryParams)
response = json.loads(request.content)
print(response)

Response

HTTP Status code: 200 OK
Response body:

[
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T14:18:48.974886Z",
            "expirationStatus": 0,
            "expirationDate": "2023-05-30T14:18:48.974886Z"
        },
        "guid": "13ce39d7-183d-41d7-9a6e-ad1ba85b4be3",
        "dn": "CN=Nick Johnston,OU=Sales,DC=example,DC=com",
        "displayName": "Nick Johnston",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "directoryType": 1,
        "properties": {
            "department": [
                "Sales"
            ],
            "accountexpires": [
                "never"
            ]
        }
    },
    {
        "accountStatus": {
            "isDisabled": false,
            "isLocked": false,
            "expirationDate": null
        },
        "passwordStatus": {
            "whenChanged": "2020-09-03T11:45:12.1312415Z",
            "expirationStatus": 0,
            "expirationDate": "2022-02-22T11:45:12.1312415Z"
        },
        "guid": "073ea181-87a7-46ea-8f4e-c0e3345c7bb8",
        "dn": "CN=Laura Webb,OU=Sales,DC=example,DC=com",
        "displayName": "Laura Webb",
        "objectType": "user",
        "objectTypeCode": 2,
        "domainName": "example.com",
        "directoryType": 1,
        "properties": {
            "department": [
                "Marketing"
            ],
            "accountexpires": [
                "2020-12-12T11:39:38.9936927Z"
            ]
        }
    }
]

See also