Azure AD Graph API reference
The Azure Active Directory (AD) Graph API is an OData 3.0 compliant service that you can use to read and modify objects such as users, groups, and contacts in a tenant. Azure AD Graph API exposes REST endpoints that you send HTTP requests to in order to perform operations using the service. The reference topics in this guide show you how to perform specific operations against the resources exposed by the Graph API. Many of the topics are interactive. They expose a Try It feature that you can use to change the parameters of selected operations and observe the responses that are returned from a demo tenant.
We strongly recommend that you use Microsoft Graph instead of Azure AD Graph API to access Azure Active Directory resources. Our development efforts are now concentrated on Microsoft Graph and no further enhancements are planned for Azure AD Graph API. There are a very limited number of scenarios for which Azure AD Graph API might still be appropriate; for more information, see the Microsoft Graph or the Azure AD Graph blog post in the Office Dev Center.
Click the appropriate link below to see the documentation and example for a specific operation. For more general information about the Graph API and its supported features, as well as advanced topics such as differential query, batch processing, directory schema extensions, and others, see Graph API concepts.
Signed-in user (me) operations
User operations overview | Get users | Get a user | Create users (work or school account) | Create user (local account) | Update user | Reset a user's password | Delete user | Get manager | Assign manager | Get direct reports | Get memberships | Invalidate all refresh tokens | User functions and actions
Directory Role operations
Directory roles operations overview | Get directory roles | Get a directory role | Get directory role templates | Activate a directory role | Get members | Add members | Delete member | Directory role functions and actions
Domains operations overview | Get domains | Get a domain | Create a domain | Update a domain | Delete a domain | Get domain verification records | Get domain service configuration records | Domain functions and actions
Policy overview | Get policy | Create policy | List policies | Update policy | Delete policy | Assign policy | List applications and service principals with specific policy assigned | List policies assigned to application or service principal
Functions and actions
assignLicense | changePassword | checkMemberGroups | getAvailableExtensionProperties | getMemberGroups | getMemberObjects | getObjectsByObjectIds | isMemberOf | servicePrincipalsByAppId | restore | verify
Entities and complex types
Application | AppRoleAssignment | Contact | Contract | Device | DirectoryLinkChange | DirectoryObject | DirectoryRole | DirectoryRoleTemplate | Domain | DomainDnsRecord | DomainDnsCnameRecord | DomainDnsMxRecord | DomainDnsSrvRecord | DomainDnsTxtRecord | DomainDnsUnavailableRecord | ExtensionProperty | Group | LicenseDetail | OAuth2PermissionGrant | Policy | ServiceEndpoint | ServicePrincipal | SubscribedSku | TenantDetail | TrustedCAsForPasswordlessAuth | User
AddIn | AlternativeSecurityId | AppRole | AssignedLicense | AssignedPlan | CertificateAuthorityInformation | KeyCredential | KeyValue | LicenseUnitsDetail | OAuth2Permission | PasswordCredential | PasswordProfile | ProvisionedPlan | ProvisioningError | RequiredResourceAccess | ResourceAccess | ServicePlanInfo | ServicePrincipalAuthenticationPolicy | SignInName | VerifiedDomain