Using the Azure Active Directory Graph Client, I can successfully query the AD for its user roles with the ff. code:
var activeDirectoryClient = new ActiveDirectoryClient(); // Instantiate the Graph Client here.
var adRoles = await activeDirectoryClient.DirectoryRoles.ExecuteAsync();
Is it possible, however, to get:
- A list of roles that are admin roles?, and
- A list of users who fall under the admin roles?
In this case, my definition of an admin would be users under the Company Administrator role, or those who would be able to authorize an application (via the auth request URL with format https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=xxx-xxx&resource=yyy-yyy&redirect_uri=zzz-zzz&prompt=admin_consent)