Unified Group creation fails using Microsoft Graph app-only calls when group naming policy is set.

%3CLINGO-SUB%20id%3D%22lingo-sub-2035443%22%20slang%3D%22en-US%22%3EUnified%20Group%20creation%20fails%20using%20Microsoft%20Graph%20app-only%20calls%20when%20group%20naming%20policy%20is%20set.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2035443%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20running%20into%20an%20issue%20trying%20to%20create%20Unified%20groups%20in%20our%20custom%20provisioning%20process%20(c%23%20based)%20if%20there%20is%20a%20group%20naming%20policy%20set%20up.%20We%20are%20using%20Microsoft%20Graph%20in%20app-only%20context%20through%20the%20PnP%20Core%20library%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-Sites-Core%2Fblob%2Fd5f95c7189bd5b96fa2bb1690c95195b2215ed6d%2FCore%2FOfficeDevPnP.Core%2FFramework%2FGraph%2FUnifiedGroupsUtility.cs%23L125%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECreateUnifiedGroup()%20method%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bwhich%2C%20in%20turn%2C%20uses%20the%20standard%20.NET%20Graph%20client%20and%20similar%20issue%20comes%20when%20we%20use%20graph%20api%20call.%3C%2FSPAN%3E%3C%2FP%3E%3CPRE%3E%3CSPAN%20class%3D%22hljs-selector-tag%22%3Eawait%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22hljs-selector-tag%22%3EgraphClient%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-selector-class%22%3E.Groups%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-selector-class%22%3E.Request%3C%2FSPAN%3E()%3CSPAN%20class%3D%22hljs-selector-class%22%3E.AddAsync%3C%2FSPAN%3E(%3CSPAN%20class%3D%22hljs-selector-tag%22%3EnewGroup%3C%2FSPAN%3E)%3B%3C%2FPRE%3E%3CPRE%3E%3CSTRONG%3ECurrent%20Policy%3A%3C%2FSTRONG%3E%3CBR%20%2F%3E%26lt%3BGroup%20name%26gt%3B(%26lt%3BCompany%26gt%3B)%20%20-%20Here%20Company%20is%20azure%20ad%20user%20attribute%3C%2FPRE%3E%3CPRE%3E%3CSTRONG%3EError%20Message%3A%3C%2FSTRONG%3E%3CBR%20%2F%3ECode%3A%20Request_BadRequest%0AMessage%3A%20The%20property%20is%20missing%20a%20required%20prefix%2Fsuffix%20per%20your%20organization's%20Group%20naming%20requirements.%0ADetails%3A%0A%20Detail0%3A%0A%20%20Code%3A%20MissingPrefixSuffix%0A%20%20Target%3A%20displayName%0A%20%20AdditionalData%3A%0A%20suggestedPropertyValue%20%3A%20sid-12-18-2021(MyCompany)()%3C%2FPRE%3E%3CP%3E%3CSTRONG%3E%26nbsp%3BPayload%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Payload.png%22%20style%3D%22width%3A%20929px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F244496iBF3C2F13D84BB716%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Payload.png%22%20alt%3D%22Payload.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EThe%20prefix%20and%20suffix%20requirement%20setting%20is%20set%20as%20follows%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fi.stack.imgur.com%2FpFhmj.png%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EPrefix%20and%20Suffix%20requirement%3C%2FA%3E.%20I%20discovered%20the%20issue%20only%20occurs%20when%20the%20group%20naming%20policy%20uses%20User%20fields%20tokens%20(e.g.%20%5BDepartment%5D%2C%20%5BCompany%5D%2C%20...).%20If%20I%20don't%20use%20then%2C%20then%20the%20check%20passes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegistered%20azure%20App%20have%20enough%20permission%20set%20to%20create%20a%20groups.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20would%20be%20the%20root%20cause%20of%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3EBR.%20Sid%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2035443%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EGraph%20API%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Egroup%20naming%20policy%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

We are running into an issue trying to create Unified groups in our custom provisioning process (c# based) if there is a group naming policy set up. We are using Microsoft Graph in app-only context through the PnP Core library CreateUnifiedGroup() method which, in turn, uses the standard .NET Graph client and similar issue comes when we use graph api call.

await graphClient.Groups.Request().AddAsync(newGroup);
Current Policy:
<Group name>(<Company>) - Here Company is azure ad user attribute
Error Message:
Code: Request_BadRequest Message: The property is missing a required prefix/suffix per your organization's Group naming requirements. Details: Detail0: Code: MissingPrefixSuffix Target: displayName AdditionalData: suggestedPropertyValue : sid-12-18-2021(MyCompany)()

 Payload

Payload.png

The prefix and suffix requirement setting is set as follows Prefix and Suffix requirement. I discovered the issue only occurs when the group naming policy uses User fields tokens (e.g. [Department], [Company], ...). If I don't use then, then the check passes.

 

Registered azure App have enough permission set to create a groups.

 

What would be the root cause of the issue.

 

Thanks.

BR. Sid

 

 

0 Replies