azure ad
2 TopicsUnable to create Azure AD user using Graph API
Note I'm somewhat new to using the Graph API, so please forgive me (and correct me) if my terminology is wrong 👍 As I understand, https://docs.microsoft.com/en-us/graph/api/user-post-users documents that it should be possible for an Application to call the API and specifies the required permissions, headers and body to create a new Azure AD user account. Using PowerShell, I've tried a POST to both the v1.0 and beta endpoints with an authorization token that has the appropriate permissions assigned to create a new user account, but in both cases I see the following error: Invoke-RestMethod : The remote server returned an error: (400) Bad Request. The parameters I passed are a variation of those from https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-1-create-a-user (with the user principal name amended to have the appropriate suffix for the tenant in question, and a different password). When I run the following try { Invoke-RestMethod -Headers $header -Uri $uri -Method "POST" -Body $userparams -ErrorAction Stop } catch [System.Net.WebException] { if ($_.Exception.Response -eq $null) { throw } $streamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream()) $streamReader.BaseStream.Position = 0 $streamReader.ReadToEnd() | ConvertFrom-Json } I see the "(400) Bad Request" error is apparently due to an invalid passwordProfile: @{code=Request_BadRequest; message=Invalid property 'PasswordProfile'.; innerError=} Amending the properties of the passwordProfile object according to https://docs.micerosoft.com/en-us/graph/api/resources/passwordprofile?view=graph-rest-1.0 hasn't helped. If I entirely remove the passwordProfile parameter from the body of my POST I get a slight variation on the exception.response inasmuch as it says: @{code=Request_BadRequest; message=A password must be specified to create a new user.; innerError=} Having checked, I am also unable to create a new user account when using a Delegated (work or school account) to call the same API and specify the same headers and body, with the same resulting errors. Note, I am able to create a new user account using https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.users/new-mguser?view=graph-powershell-beta (version https://www.powershellgallery.com/packages/Microsoft.Graph.Users/1.9.2) using exactly the same body parameters, so I have hope that the parameters are defined correctly after all Can anyone help me understand what I need to do to be able to create users using the Graph API, ideally with Application permissions?Solved5.2KViews0likes1Comment
Any REST APIs to get security questions of Azure Active Directory user
We have a requirement to get security questions for a user registered on Active Directory. We used graph API(https://graph.microsoft.com/v1.0/users/ {Id})to get users details. However we failed to see security questions in that API response. Request to share any info which programmatically gets and validates user's security questions. Thanks in advance.1.1KViews0likes1Comment
