List createdObjects
Namespace: microsoft.graph
Get a list of directory objects that were created by the user. This API returns only those directory objects that were created by a user who isn't in any administrator role; otherwise, it returns an empty object.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | User.Read | Directory.Read.All, Directory.ReadWrite.All, User.Read.All, User.ReadWrite, User.ReadWrite.All |
Delegated (personal Microsoft account) | User.Read | User.ReadWrite |
Application | User.Read.All | Directory.Read.All, Directory.ReadWrite.All, User.ReadWrite.All |
Important
When an application queries a relationship that returns a directoryObject type collection, if it doesn't have permission to read a certain resource type, members of that type are returned but with limited information. For example, only the @odata.type property for the object type and the id is returned, while other properties are indicated as null
. With this behavior, applications can request the least privileged permissions they need, rather than rely on the set of Directory.* permissions. For details, see Limited information returned for inaccessible member objects.
HTTP request
GET /users/{id | userPrincipalName}/createdObjects
GET /me/createdObjects
Optional query parameters
This method supports the OData Query Parameters to help customize the response.
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Content-Type | application/json |
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK
response code and collection of directoryObject objects in the response body.
Example
Request
GET https://graph.microsoft.com/v1.0/me/createdObjects
Response
The following example shows the response. From the response, the user created a Microsoft 365 group, an application, and its service principal.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"@odata.type": "#microsoft.graph.group",
"id": "92f3d47b-86cc-4b90-953e-8ec7f83ef45f",
"displayName": "Contoso volunteer roster",
"groupTypes": [
"Unified"
],
"mail": "[email protected]",
"mailEnabled": true,
"mailNickname": "volunteers"
},
{
"@odata.type": "#microsoft.graph.application",
"id": "5847962e-c746-4707-a657-f80b5b71f429",
"appId": "254e989a-1b8c-4f8c-84e8-9dea78e9d283",
"displayName": "ConVol",
"publisherDomain": "contoso.com",
"signInAudience": "AzureADMyOrg"
},
{
"@odata.type": "#microsoft.graph.servicePrincipal",
"id": "ea6a54da-62be-4cdc-9860-3ed68a43d8f6",
"accountEnabled": true,
"appDisplayName": "ConVol",
"appDescription": null,
"appId": "254e989a-1b8c-4f8c-84e8-9dea78e9d283",
"displayName": "ConVol",
"servicePrincipalNames": [
"254e989a-1b8c-4f8c-84e8-9dea78e9d283"
],
"servicePrincipalType": "Application",
"signInAudience": "AzureADMyOrg",
}
]
}