Forum Discussion
Unable to create Azure AD user using Graph API
I think I may have worked out (part of) the answer to my question. The password I had created was 20 characters long random mix of only lower case letters, upper case letters, and numbers.
When I amended the password to match the example from https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-1-create-a-user the new user was created using my Application.
I subsequently tried to create a new user with an 8-character long password containing two each of: lower case letters, upper case letters, numbers, and symbols. I then see an error:
@{code=Request_BadRequest; message=The specified password does not comply with password complexity requirements. Please provide a different password.; innerError=}
At least that's clearer than the error I had before. However, I'm still confused as to why that original 20-character random password didn't work altogether and I'm also intrigued that the 8-character password didn't work as both of those matched the minimum requirements listed at https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts.
8-character password used for testing: 4k3qC$B!20-character password used for testing: sU4NOuX3skjNQGx3Uk3n
To check I wasn't going crazy, I then tried again creating a new user account with that original 20-character password and this time the account was created - great (odd it didn't work before though)!
As I had run these tests on a new dev tenant, I checked and Get-MsolPasswordPolicy returns:ExtensionData : System.Runtime.Serialization.ExtensionDataObject NotificationDays : 14 ValidityPeriod : 2147483647
Hopefully at least this post helps someone else if they run into the same issues.
I think I may have worked out (part of) the answer to my question. The password I had created was 20 characters long random mix of only lower case letters, upper case letters, and numbers.
When I amended the password to match the example from https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-1-create-a-user the new user was created using my Application.
I subsequently tried to create a new user with an 8-character long password containing two each of: lower case letters, upper case letters, numbers, and symbols. I then see an error:
@{code=Request_BadRequest; message=The specified password does not comply with password complexity requirements. Please provide a different password.; innerError=}
At least that's clearer than the error I had before. However, I'm still confused as to why that original 20-character random password didn't work altogether and I'm also intrigued that the 8-character password didn't work as both of those matched the minimum requirements listed at https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts.
8-character password used for testing: 4k3qC$B!
20-character password used for testing: sU4NOuX3skjNQGx3Uk3n
To check I wasn't going crazy, I then tried again creating a new user account with that original 20-character password and this time the account was created - great (odd it didn't work before though)!
As I had run these tests on a new dev tenant, I checked and Get-MsolPasswordPolicy returns:
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
NotificationDays : 14
ValidityPeriod : 2147483647
Hopefully at least this post helps someone else if they run into the same issues.