Group members request gives an incomplete list #1223
Description
Describe the bug
I am trying to use Ansible to update membership of an Entra group with managed identities in it. It is misbehaving because the list of members it gets back from the GraphServiceClient is incomplete - in my case, only 20 of the 35 members listed in the Azure portal actually show up, even with the msgraph_beta SDK.
Expected behavior
A list of all the users in the Direct Members section of the group in the Azure portal.
How to reproduce
SP is created with:
az identity create -g {{ resource_group }} -n {{ application_name }}-mi -o json
Attached is a minimal(ish) test example to get members from a group and also fetch a single service principal (that should be in the group but isn't) by object_id. The SP does exist, with odata_type='#microsoft.graph.servicePrincipal'
import asyncio
from msgraph_beta.generated.groups.groups_request_builder import GroupsRequestBuilder
from msgraph_beta.generated.models.group import Group
from msgraph_beta.generated.groups.item.transitive_members.transitive_members_request_builder import \
TransitiveMembersRequestBuilder
from msgraph_beta.generated.groups.item.group_item_request_builder import GroupItemRequestBuilder
from msgraph_beta.generated.models.reference_create import ReferenceCreate
from msgraph_beta.generated.users.item.user_item_request_builder import UserItemRequestBuilder
from msgraph_beta.generated.service_principals.service_principals_request_builder import ServicePrincipalsRequestBuilder
from msgraph_beta import GraphServiceClient
from azure.identity import DefaultAzureCredential
class Blah:
def __init__(self):
self.azure_credential_track2 = DefaultAzureCredential()
self._client = self.get_msgraph_client()
def get_msgraph_client(self):
return GraphServiceClient(self.azure_credential_track2)
async def get_raw_group_members(self, group_id, filters=None):
request_configuration = GroupItemRequestBuilder.GroupItemRequestBuilderGetRequestConfiguration(
query_parameters=GroupItemRequestBuilder.GroupItemRequestBuilderGetQueryParameters(
# this ensures service principals are returned
# see https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
expand=["members"]
),
)
if filters:
request_configuration.query_parameters.filter = filters
group = await self._client.groups.by_group_id(group_id).get(request_configuration=request_configuration)
return group.members
async def get_user(self, user_id):
req = ServicePrincipalsRequestBuilder.ServicePrincipalsRequestBuilderGetRequestConfiguration(
query_parameters=ServicePrincipalsRequestBuilder.ServicePrincipalsRequestBuilderGetRequestConfiguration()
)
user = await self._client.service_principals.by_service_principal_id(user_id).get(request_configuration=req)
return user
def test(self, group_id):
ret = asyncio.get_event_loop().run_until_complete(self.get_raw_group_members(group_id))
current_members = [(object.id, object.display_name, object.odata_type) for object in ret]
return current_members
def test2(self, user_id):
ret = asyncio.get_event_loop().run_until_complete(self.get_user(user_id=user_id))
print(ret)
def main():
group_id = "XXXXXX-YYYY-4e07-a3ab-6de8cbd4e560"
user_id = "XXXXXX-YYYY-4b39-9842-0a1e617f6497"
t = Blah()
cm = t.test(group_id)
print("========================")
for c in cm:
print(f" {c[0]} {c[2]} {c[1]}")
t.test2(user_id)
if __name__ == "__main__":
main()SDK Version
No response
Latest version known to work for scenario above?
No response
Known Workarounds
No response
Debug output
Click to expand log
```</details>
### Configuration
- Linux (ubuntu 24.04) on x64
- Python 3.12 (same in 3.11)
- msgraph-beta-sdk 1.33.0
- msgraph-core 1.3.3
- msgraph-sdk 1.6.0
### Other information
_No response_