Match SPO "users" that are SecurityGroups with AAD groups


  • Hi,

    I have a "user" in my SPO tenant that is actually a AAD security Group. I want to resolve it and see which users are inside this group. 

    How this can be simply achieved?

    The only thing that seems to uniquely match is the:

    SPO side (csom) -> Microsoft.SharePoint.Client.User -> LoginName (in format that need to be parsed because its like "c:0o.c|federateddirectoryclaimprovider|13429680-03e6-4530-8941-b798d83d5746"

    AAD side (AAD graph API) -> Microsoft.DirectoryServices.Group -> objectId

    But nevertheless there are some SPO groups that DOES NOT exists in AAD like:

    1. groups that has loginName guid postfixed with "_o"

    2. groups like Everyone except external users

    Please help me :)

    Tuesday, March 7, 2017 7:43 PM