Forum Discussion

Christoph Weste's avatar
Christoph Weste
Copper Contributor
Apr 13, 2021

create group / team is failing with error 400 bad request

hey Guys,

I hope someone can push me into the right direction.

 

I having trouble to create a MS teams team via the graph API. I constantly get error 400 Bad request.

the wired thing is that I only have this problem in one tenant my other tenants are working with the same code example without any problem.

 

As an sidenote I switched of group creation for everyone. I used this script to do so

 

https://docs.microsoft.com/en-us/microsoft-365/solutions/manage-creation-of-groups?view=o365-worldwide

 

As for my understanding this should not interfear with my application. But only to be 100% sure I added my application to the security group which is allowed to create unified groups ...

 

But I still have this Bad request Error...

 

My code is looking like this

function get-access ()
{
  $connectionDetails = @{
    'TenantId'        = 'domain.tld'
    'ClientId'        = 'xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxx'
    'ClientCertificate' = Get-Item -Path 'Cert:\CurrentUser\My\9DA37xxxxxxxx'
  }



  $token = Get-MsalToken @connectionDetails

  $authHeader = @{
    'Authorization' = $token.CreateAuthorizationHeader()
  }
  return $authHeader
}

function get-id ($upn)
{
  $URL = "https://graph.microsoft.com/v1.0/users/$upn"
  $ResultOwner = Invoke-RestMethod -Headers $headers -Uri $URL -Method Get
  return $ResultOwner.id
}

function create-team ($owner_upn, $team_displayname ,$team_description)
{
  $ownerid = get-id $owner_upn

  $requestBody = @"
{
    "template@odata.bind": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
    "displayName": "$team_displayname",
    "description": "$team_description",
    "visibility": "Private",
    "owners@odata.bind": [
                            "https://graph.microsoft.com/v1.0/users/$ownerid"
                           ]
}
"@
  $requestBody

  $result = Invoke-WebRequest -Method POST -Uri 'https://graph.microsoft.com/beta/teams' -Body $requestBody -Headers $headers



  return $result.headers.Location
}

$headers = get-access
$result = create-team -owner upn_user@domain.tld -team_displayname "test-team0815" -team_description "test team description"

 

And as mentioned this  example is working in one tenant and not in my other tenant ... And i have no idea why this is the case ....

 

Thanks for helping me out 

 

Have a nice day

 

Christoph

 

  • taylosa's avatar
    taylosa
    Copper Contributor
    Hi Christoph,

    Interestingly I am also experiencing this issue within our M365 tenant. This has only been a problem for the last few days aswell, which would indicate an issue being present.

    Would be interested to hear what Microsoft have to say about this.

    Kind regards,

    Sam
    • Christoph Weste's avatar
      Christoph Weste
      Copper Contributor

      taylosa 

       

      hey Sam,
      its working now! I think there was a problem in the backend. I got the advice to look deeper into that error response which is not so easy in PowerShell.

       

      So used postman to see if I could get more information.
      If I used my custom template, I got the following error

       

      A template with id 'myTemplateID' and locale 'en-US' could not be found

       

      Even if I changed the ID to standard I got an error ... very odd.

       

      And this behavior is gone since  yesterday ..  So for me its working as expected .

       

      I am not sure if you are using Powershell for your post but I do and I  forgot to put -ContentType "application/json" into my invoke-webrequest 

       

      Also not sure why this was needed for one tenant but not for the other... make no sence 

       

      $requestBody = @"
      {
          "template@odata.bind": "https://graph.microsoft.com/v1.0/teamsTemplates('f78f97a1-7e03-47db-90e9-421859bc7d71')",
          "displayName": "$team_displayname",
          "description": "$team_description",
          "visibility": "Public",
          "owners@odata.bind": [
                                  "https://graph.microsoft.com/v1.0/users/<ownerID>"
                                 ]
      }
      "@
      
      
      $result = Invoke-WebRequest -Method POST -Uri "https://graph.microsoft.com/beta/teams" -Body $requestBody -Headers $headers -ContentType "application/json"

       

      So my advice give it a shot on your end  again 🙂

       

      Have a nice weekend

       

      Christoph

Resources