GroupMembers
Provides a list of members within Microsoft Exchange groups. This includes user identifiers and membership roles, supporting scenarios like group management and access control.
Table Specific Information
Groups require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the GroupMember.Read.All and the GroupMember.ReadWrite.All permissions. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com.
To authorize GroupMembers permissions, an administrator must grant the GroupMembers permissions for your organization at large. This can be done via the
administrator authorization endpoint. Simply have the administrator navigate to the following web page and grant permissions. Then
run the OAuth authorization as normal afterwards.
https://login.microsoftonline.com/common/adminconsent?client_id=[YourClientId]&redirect_uri=http://localhost:33333
Note that if your organization has multiple tenants, you may replace the /common/ in the url with the tenant id to indicate which tenant to grant permissions for.
Select
The provider uses the Microsoft Exchange API to process WHERE clause conditions. The rest of the filter is executed client-side in the provider.
For example, the following query is processed server-side:
SELECT * FROM GroupMembers
Columns
| Name | Type | Description |
| Id [KEY] | String | Unique identifier of the group member record. This ID is used to distinguish each individual entry in the system. |
| GroupId | String | Identifier of the group to which the member belongs. This links the member to a specific Microsoft 365 group. |
| AssistantName | String | The name of the assistant associated with the group member, if applicable. Often used in organizational hierarchy contexts. |
| BusinessPhones | String | A list of business phone numbers associated with the group member. Each number is separated by a comma and can include multiple entries. |
| Classification | String | The classification label applied to the group for data governance purposes, such as 'Confidential' or 'Internal'. |
| CreatedDateTime | Datetime | The date and time when the group member record was created. Stored in UTC and used for auditing or chronological analysis. |
| CreationOptions | String | A list of options or flags applied during group creation, such as 'HideGroupInOutlook' or 'SubscribeMembersToCalendarEvents'. |
| DeletedDateTime | Datetime | Timestamp indicating when the group member was deleted, if applicable. Null if the record is active. |
| Description | String | A descriptive summary of the group or member role, intended to provide context about its purpose or function. |
| DisplayName | String | The display name of the group member, commonly used in user interfaces and address books. |
| ExpirationDateTime | Datetime | The date and time when the group or membership is set to expire. Used to manage lifecycle policies. |
| GivenName | String | The given (first) name of the group member. Typically used in user identity or directory listings. |
| GroupTypes | String | A list of group types associated with the member's group, such as 'Unified' or 'DynamicMembership'. |
| IsAssignableToRole | Boolean | Indicates whether the group can be assigned to administrative roles within Azure Active Directory. |
| JobTitle | String | The job title of the group member, often used in organizational charts or personnel records. |
| String | Primary email address associated with the group member. Used for communication and notifications. | |
| MailEnabled | Bool | Indicates whether the group is enabled to send and receive email. True for mail-enabled groups. |
| MailNickname | String | The email alias or nickname for the group, used to generate the group's email address. |
| MembershipRule | String | The rule used to dynamically assign members to the group based on user attributes, applicable only to dynamic groups. |
| MembershipRuleProcessingState | String | Indicates the current state of membership rule processing for the group member, such as whether dynamic group rules are being evaluated or are in an error state. |
| MobilePhone | String | The mobile phone number associated with the group member's user account, typically used for contact or authentication purposes. |
| OfficeLocation | String | The physical office location assigned to the group member, such as a room number, building name, or campus designation. |
| OnPremisesDomainName | String | Specifies the domain name from the on-premises Active Directory to which the group member belongs, if synchronized from an on-premises environment. |
| OnPremisesLastSyncDateTime | Datetime | The date and time when the group member's account was last synchronized from the on-premises Active Directory to Azure Active Directory. |
| OnPremisesNetBiosName | String | The NetBIOS name of the on-premises domain associated with the group member's account, typically used for legacy systems or compatibility scenarios. |
| OnPremisesProvisioningErrors | String | A list of provisioning errors that occurred during the synchronization process for this user, separated by commas. Each entry describes a specific issue encountered. |
| OnPremisesSamAccountName | String | The Security Account Manager (SAM) account name of the group member as defined in the on-premises Active Directory, used in environments requiring legacy logon names. |
| OnPremisesSecurityIdentifier | String | The on-premises Security Identifier (SID) that uniquely identifies the group member in the domain, used for access control and permissions. |
| OnPremisesSyncEnabled | Bool | A boolean value that specifies whether directory synchronization is enabled for the group member from an on-premises environment. |
| PreferredDataLocation | String | The geographical data residency preference for the group member, typically aligned with regional compliance or regulatory requirements. |
| PreferredLanguage | String | The language and locale preference set by the group member, used to localize content and communications in Exchange and other Microsoft services. |
| ProxyAddresses | String | A list of proxy addresses associated with the group member, such as SMTP and SIP addresses, separated by commas with 1 space after each comma. |
| RenewedDateTime | Datetime | The date and time when the group member's membership or account was last renewed or revalidated, typically in recurring validation scenarios. |
| SecurityEnabled | Bool | A boolean value indicating whether the group member is part of a security-enabled group that can be used to assign access permissions. |
| Surname | String | The last name or family name of the group member, typically used in directory listings and user displays. |
| UserPrincipalName | String | The User Principal Name (UPN) of the group member, which is typically in the format user@domain and used for login and authentication. |
| Visibility | String | Specifies the visibility setting of the group member's directory object, such as Public, Private, or HiddenMembership, which controls who can view membership details. |