https://graph.microsoft.com/v1.0/groups ---> Unable to fetch DN and Managed by information frm Azure

rBh · ‎05-29-2025

Hello Team,

Its very critical, can someone help me on this

We have setup azure integration through Rest message ( O auth token authentication ) and i am able to fetch user information ( name, EmailID, UserPrincipalName ) through below API endpoint

https://graph.microsoft.com/v1.0/users

How ever we need to fetch "dn" and "Managed by" information for DL and shared mailbox so we are using "https://graph.microsoft.com/v1.0/groups" endpoint but unable to fetch the dn and managedby info

Please help me guys, we need to store all these details in the custom table in servicenow

Regards,

Bhavana

rBh · ‎05-29-2025

Hi @Muhammad Salar : can we please connect for 10 or 15 mins, i need some guidance, i will explain you the requirement and you can guide me based on that, I will setup zoom meeting when you are available ( if ok please send me your mailID )

Please help me.

Muhammad Salar · ‎05-30-2025

Hi, @rBh ,
You can send your contact info, i will contact you tomorrow, today i am at client and i can't join any external meeting.

FYI: Your integration is successful, you just need to send request to correct endpoint for the required data, either see azure documentation and Chatpgt little about requirement, you will find an answer surely.

Regards

rBh · ‎05-30-2025

on process level i need some suggestions

Azure team mentioned that "dn"( distinguished name is not fetchable through graph api and hence they asked to fetch dn value through LDAP from onprem AD)

In your case how did u handle.

deepak45 · ‎05-30-2025

Make sure you have p1 p2 licence and there might be some security restrictions on the field from azure side. Please check otherwise it will return all the group object details. Try to execute your url on explore graph api

SasiChanthati · ‎05-30-2025

The issue: You can successfully fetch user information using the /users endpoint, but you're unable to retrieve the "dn" (distinguished name) and "managedBy" attributes for groups/distribution lists using the /groups endpoint.

Key points from the thread:

Azure team has indicated that "dn" (distinguished name) is not directly available through Graph API
They've suggested using LDAP to fetch this from on-premises AD instead
You need to store this information in a custom ServiceNow table

Recommendations:

For the "managedBy" attribute:
- This should be available through Graph API using: https://graph.microsoft.com/v1.0/groups/{group-id}?$select=id,displayName,managedBy
- You might need to use $expand=owners to get detailed information about the managers
For the "dn" (distinguished name):
- As confirmed by your Azure team, this attribute isn't directly exposed in Graph API
- Options include: a) Set up an LDAP connection from ServiceNow to your on-premises AD b) Create a middleware service that queries AD via LDAP and exposes this data to ServiceNow c) Use Azure AD Connect to sync additional attributes to Azure AD that might be queryable
Alternative approaches:
- Check if the "onPremisesDistinguishedName" attribute is available in Graph API for synchronized objects
- Use PowerShell scripts to extract this data periodically and import to ServiceNow
- Consider if you can use another identifier instead of DN for your use case

I recommend testing your queries in the Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer) to see exactly what data is available for your groups before proceeding with integration development.

Also, ensure you have the appropriate permissions in your OAuth scope to access group data (e.g., Group.Read.All or Directory.Read.All).