Addressing Entities and Operations in the Graph API
This topic discusses different addressing alternatives that you can use when addressing directory entities, calling directory functions, performing queries against the directory, or performing operations on directory entities and resource sets using Azure AD Graph API. For more detailed information about performing specific operations or queries, addressing directory entities, or calling functions, see the appropriate operations topic in the Azure AD Graph API reference documentation.
For information about performing queries against the directory, see Azure AD Graph API Supported Queries, Filters, and Paging Options.
For information about directory entities and the operations that can be performed on them as well as about functions that are exposed by Graph, see the relevant topic in the Azure AD Graph REST API Reference.
Important
Azure Active Directory (Azure AD) Graph is deprecated. Going forward, we will make no further investment in Azure AD Graph, and Azure AD Graph APIs have no SLA or maintenance commitment beyond security-related fixes. Investments in new features and functionalities will only be made in Microsoft Graph.
June 30, 2023 will mark the end of the three-year deprecation period for Azure AD Graph. Before June 30, 2023, existing applications using Azure AD Graph will not be impacted. After June 30, 2023, Azure AD Graph will enter its retirement phase where we will retire it in incremental steps to allow you sufficient time to migrate your applications to Microsoft Graph APIs. The first step in this plan, and at a later date that we will announce, we will block the creation of any new applications using Azure AD Graph.
For more details on the latest announcement, see Important: Azure AD Graph Retirement and Powershell Module Deprecation.
Tenant Addressing
You can address your tenant in one of three ways:
By tenant object ID. This is a GUID that was assigned when the tenant was created. It is equivalent to the objectId property of the [TenantDetail] object. The following URL shows how to address the top-level resources of a tenant’s directory by using the object ID:
https://graph.windows.net/12345678-9abc-def0-1234-56789abcde/?api-version=1.6.By verified (registered) domain name. This is one of the domain names that are registered for the tenant. These can be found in the verifiedDomains property of the [TenantDetail] object. The following URL shows how to address the top-level resources of a tenant that has the domain contoso.com:
https://graph.windows.net/contoso.com/?api-version=1.6.By using the “MyOrganization” alias. This alias is only available when using OAuth Authorization Code Grant type (3-legged) authentication. The alias is not case sensitive. It replaces the object ID or tenant domain in the URL. When the alias is used, Graph API derives the tenant from the claims presented in the token attached to the request. The following URL shows how to address the top-level resources of a tenant using this alias:
https://graph.windows.net/myorganization/?api-version=1.6.By using the “Me” alias. This alias is only available when using OAuth Authorization Code Grant type (3-legged) authentication. The alias is not case sensitive. It replaces the object ID or tenant domain in the URL. When the alias is used, Graph API derives the user from the claims presented in the token attached to the request. The following URL can be used to call the [getMemberGroups] function to return the transitive group memberships of the current user:
https://graph.windows.net/me/getMemberGroups?api-version=1.6. (Note: a request body must also be supplied with the POST request.)
See Also
Azure AD Graph API Supported Queries, Filters, and Paging Options