Strange 403 error on trying to get metadata for Office 365 groups

0
votes

We're trying to get Office 365 group metadata, by doing http request : https://graph.microsoft.com/v1.0/groups/?$select=description,displayName,groupTypes,mail,mailEnabled,mailNickname,onPremisesLastSyncDateTime,onPremisesSecurityIdentifier,onPremisesSyncEnabled,proxyAddresses,securityEnabled,visibility,allowExternalSenders,autoSubscribeNewMembers,isSubscribedByMail,unseenCount

while on some customer accounts it's working fine, on another we're getting : ERROR 403 - ErrorAccessDenied ,message:Unified groups aren't supported where user credentials that used to call belongs to the group admin.

Any thoughts ?

Thanks

1
office365microsoft-graph-apioffice365api
Check to see if there are any group creation policies in place that might be restricting this user's ability to work with groups.Jason Johnston
Can it be in this case, where user is group owner?SlavaG
Yes. They may be that group's owner, but not have permissions to create new groups.Jason Johnston
But, in our case we're not trying to create groups, just trying to retrieve it metadata.SlavaG
Interesting, if I remove from the request allowExternalSenders,autoSubscribeNewMembers,isSubscribedByMail it passes without any issue, MS guys , any comment on this ? Should you return permissions issue on 3 properties ? Is it related to the permissions or it's jus tnot correct error message ? And why it's failed , when I have those 3 properties in the request ? ThanksSlavaG

1 Answers

0
votes

I tested the http request listed above, and it appears including properties after "visibility" cause the request to fail. I think you may be hitting the maximum character limit that can be served in the OData request. Removing the additional parameters brings you below the character threshold, which might be why it succeeds.