azuread logo
Azure Active Directory (Azure AD) v5.36.0, Mar 7 23

azuread.getGroups

Gets Object IDs or Display Names for multiple Azure Active Directory groups.

API Permissions

The following API permissions are required in order to use this data source.

When authenticated with a service principal, this data source requires one of the following application roles: Group.Read.All or Directory.Read.All

When authenticated with a user principal, this data source does not require any additional roles.

Example Usage

Look up by group name

using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var example = AzureAD.GetGroups.Invoke(new()
    {
        DisplayNames = new[]
        {
            "group-a",
            "group-b",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
			DisplayNames: []string{
				"group-a",
				"group-b",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AzureadFunctions.getGroups(GetGroupsArgs.builder()
            .displayNames(            
                "group-a",
                "group-b")
            .build());

    }
}
import pulumi
import pulumi_azuread as azuread

example = azuread.get_groups(display_names=[
    "group-a",
    "group-b",
])
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = azuread.getGroups({
    displayNames: [
        "group-a",
        "group-b",
    ],
});
variables:
  example:
    fn::invoke:
      Function: azuread:getGroups
      Arguments:
        displayNames:
          - group-a
          - group-b

Look up by display name prefix

using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var sales = AzureAD.GetGroups.Invoke(new()
    {
        DisplayNamePrefix = "sales-",
    });

});
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
			DisplayNamePrefix: pulumi.StringRef("sales-"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var sales = AzureadFunctions.getGroups(GetGroupsArgs.builder()
            .displayNamePrefix("sales-")
            .build());

    }
}
import pulumi
import pulumi_azuread as azuread

sales = azuread.get_groups(display_name_prefix="sales-")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const sales = azuread.getGroups({
    displayNamePrefix: "sales-",
});
variables:
  sales:
    fn::invoke:
      Function: azuread:getGroups
      Arguments:
        displayNamePrefix: sales-

Look up all groups

using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var all = AzureAD.GetGroups.Invoke(new()
    {
        ReturnAll = true,
    });

});
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
			ReturnAll: pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var all = AzureadFunctions.getGroups(GetGroupsArgs.builder()
            .returnAll(true)
            .build());

    }
}
import pulumi
import pulumi_azuread as azuread

all = azuread.get_groups(return_all=True)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const all = azuread.getGroups({
    returnAll: true,
});
variables:
  all:
    fn::invoke:
      Function: azuread:getGroups
      Arguments:
        returnAll: true

Look up all mail-enabled groups

using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var mailEnabled = AzureAD.GetGroups.Invoke(new()
    {
        MailEnabled = true,
        ReturnAll = true,
    });

});
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
			MailEnabled: pulumi.BoolRef(true),
			ReturnAll:   pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var mailEnabled = AzureadFunctions.getGroups(GetGroupsArgs.builder()
            .mailEnabled(true)
            .returnAll(true)
            .build());

    }
}
import pulumi
import pulumi_azuread as azuread

mail_enabled = azuread.get_groups(mail_enabled=True,
    return_all=True)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const mailEnabled = azuread.getGroups({
    mailEnabled: true,
    returnAll: true,
});
variables:
  mailEnabled:
    fn::invoke:
      Function: azuread:getGroups
      Arguments:
        mailEnabled: true
        returnAll: true

Look up all security-enabled groups that are not mail-enabled

using System.Collections.Generic;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var securityOnly = AzureAD.GetGroups.Invoke(new()
    {
        MailEnabled = false,
        ReturnAll = true,
        SecurityEnabled = true,
    });

});
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := azuread.GetGroups(ctx, &azuread.GetGroupsArgs{
			MailEnabled:     pulumi.BoolRef(false),
			ReturnAll:       pulumi.BoolRef(true),
			SecurityEnabled: pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var securityOnly = AzureadFunctions.getGroups(GetGroupsArgs.builder()
            .mailEnabled(false)
            .returnAll(true)
            .securityEnabled(true)
            .build());

    }
}
import pulumi
import pulumi_azuread as azuread

security_only = azuread.get_groups(mail_enabled=False,
    return_all=True,
    security_enabled=True)
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const securityOnly = azuread.getGroups({
    mailEnabled: false,
    returnAll: true,
    securityEnabled: true,
});
variables:
  securityOnly:
    fn::invoke:
      Function: azuread:getGroups
      Arguments:
        mailEnabled: false
        returnAll: true
        securityEnabled: true

Using getGroups

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getGroups(args: GetGroupsArgs, opts?: InvokeOptions): Promise<GetGroupsResult>
function getGroupsOutput(args: GetGroupsOutputArgs, opts?: InvokeOptions): Output<GetGroupsResult>
def get_groups(display_name_prefix: Optional[str] = None,
               display_names: Optional[Sequence[str]] = None,
               ignore_missing: Optional[bool] = None,
               mail_enabled: Optional[bool] = None,
               object_ids: Optional[Sequence[str]] = None,
               return_all: Optional[bool] = None,
               security_enabled: Optional[bool] = None,
               opts: Optional[InvokeOptions] = None) -> GetGroupsResult
def get_groups_output(display_name_prefix: Optional[pulumi.Input[str]] = None,
               display_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
               ignore_missing: Optional[pulumi.Input[bool]] = None,
               mail_enabled: Optional[pulumi.Input[bool]] = None,
               object_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
               return_all: Optional[pulumi.Input[bool]] = None,
               security_enabled: Optional[pulumi.Input[bool]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetGroupsResult]
func GetGroups(ctx *Context, args *GetGroupsArgs, opts ...InvokeOption) (*GetGroupsResult, error)
func GetGroupsOutput(ctx *Context, args *GetGroupsOutputArgs, opts ...InvokeOption) GetGroupsResultOutput

> Note: This function is named GetGroups in the Go SDK.

public static class GetGroups 
{
    public static Task<GetGroupsResult> InvokeAsync(GetGroupsArgs args, InvokeOptions? opts = null)
    public static Output<GetGroupsResult> Invoke(GetGroupsInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetGroupsResult> getGroups(GetGroupsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: azuread:index/getGroups:getGroups
  arguments:
    # arguments dictionary

The following arguments are supported:

DisplayNamePrefix string

A common display name prefix to match when returning groups.

DisplayNames List<string>

The display names of the groups.

IgnoreMissing bool

Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with return_all. Defaults to false.

MailEnabled bool

Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to true ensures all groups are mail-enabled, and setting to false ensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

ObjectIds List<string>

The object IDs of the groups.

ReturnAll bool

A flag to denote if all groups should be fetched and returned. Cannot be specified wth ignore_missing. Defaults to false.

SecurityEnabled bool

Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to true ensures all groups are security-enabled, and setting to false ensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

DisplayNamePrefix string

A common display name prefix to match when returning groups.

DisplayNames []string

The display names of the groups.

IgnoreMissing bool

Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with return_all. Defaults to false.

MailEnabled bool

Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to true ensures all groups are mail-enabled, and setting to false ensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

ObjectIds []string

The object IDs of the groups.

ReturnAll bool

A flag to denote if all groups should be fetched and returned. Cannot be specified wth ignore_missing. Defaults to false.

SecurityEnabled bool

Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to true ensures all groups are security-enabled, and setting to false ensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

displayNamePrefix String

A common display name prefix to match when returning groups.

displayNames List<String>

The display names of the groups.

ignoreMissing Boolean

Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with return_all. Defaults to false.

mailEnabled Boolean

Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to true ensures all groups are mail-enabled, and setting to false ensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

objectIds List<String>

The object IDs of the groups.

returnAll Boolean

A flag to denote if all groups should be fetched and returned. Cannot be specified wth ignore_missing. Defaults to false.

securityEnabled Boolean

Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to true ensures all groups are security-enabled, and setting to false ensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

displayNamePrefix string

A common display name prefix to match when returning groups.

displayNames string[]

The display names of the groups.

ignoreMissing boolean

Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with return_all. Defaults to false.

mailEnabled boolean

Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to true ensures all groups are mail-enabled, and setting to false ensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

objectIds string[]

The object IDs of the groups.

returnAll boolean

A flag to denote if all groups should be fetched and returned. Cannot be specified wth ignore_missing. Defaults to false.

securityEnabled boolean

Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to true ensures all groups are security-enabled, and setting to false ensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

display_name_prefix str

A common display name prefix to match when returning groups.

display_names Sequence[str]

The display names of the groups.

ignore_missing bool

Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with return_all. Defaults to false.

mail_enabled bool

Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to true ensures all groups are mail-enabled, and setting to false ensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

object_ids Sequence[str]

The object IDs of the groups.

return_all bool

A flag to denote if all groups should be fetched and returned. Cannot be specified wth ignore_missing. Defaults to false.

security_enabled bool

Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to true ensures all groups are security-enabled, and setting to false ensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

displayNamePrefix String

A common display name prefix to match when returning groups.

displayNames List<String>

The display names of the groups.

ignoreMissing Boolean

Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with return_all. Defaults to false.

mailEnabled Boolean

Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to true ensures all groups are mail-enabled, and setting to false ensures that all groups are not mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

objectIds List<String>

The object IDs of the groups.

returnAll Boolean

A flag to denote if all groups should be fetched and returned. Cannot be specified wth ignore_missing. Defaults to false.

securityEnabled Boolean

Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to true ensures all groups are security-enabled, and setting to false ensures that all groups are not security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with object_ids.

getGroups Result

The following output properties are available:

DisplayNamePrefix string
DisplayNames List<string>

The display names of the groups.

Id string

The provider-assigned unique ID for this managed resource.

MailEnabled bool
ObjectIds List<string>

The object IDs of the groups.

SecurityEnabled bool
IgnoreMissing bool
ReturnAll bool
DisplayNamePrefix string
DisplayNames []string

The display names of the groups.

Id string

The provider-assigned unique ID for this managed resource.

MailEnabled bool
ObjectIds []string

The object IDs of the groups.

SecurityEnabled bool
IgnoreMissing bool
ReturnAll bool
displayNamePrefix String
displayNames List<String>

The display names of the groups.

id String

The provider-assigned unique ID for this managed resource.

mailEnabled Boolean
objectIds List<String>

The object IDs of the groups.

securityEnabled Boolean
ignoreMissing Boolean
returnAll Boolean
displayNamePrefix string
displayNames string[]

The display names of the groups.

id string

The provider-assigned unique ID for this managed resource.

mailEnabled boolean
objectIds string[]

The object IDs of the groups.

securityEnabled boolean
ignoreMissing boolean
returnAll boolean
display_name_prefix str
display_names Sequence[str]

The display names of the groups.

id str

The provider-assigned unique ID for this managed resource.

mail_enabled bool
object_ids Sequence[str]

The object IDs of the groups.

security_enabled bool
ignore_missing bool
return_all bool
displayNamePrefix String
displayNames List<String>

The display names of the groups.

id String

The provider-assigned unique ID for this managed resource.

mailEnabled Boolean
objectIds List<String>

The object IDs of the groups.

securityEnabled Boolean
ignoreMissing Boolean
returnAll Boolean

Package Details

Repository
Azure Active Directory (Azure AD) pulumi/pulumi-azuread
License
Apache-2.0
Notes

This Pulumi package is based on the azuread Terraform Provider.