SOLVED

Variable in Graph Request Body (PowerShell)

Frequent Contributor

Working off the following URL: https://docs.microsoft.com/en-us/graph/api/passwordauthenticationmethod-resetpassword?view=graph-res...

 

 

When I execute the following command in my PowerShell script it works flawlessly

$PWCBody = '{
"newPassword" : "ssd$$FGW!!",
"forceChangePasswordNextSignIn" : true
}'


$PWCURI = "https://graph.microsoft.com/beta/users/XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/authentication/password..."
$PWChange = Invoke-RestMethod -Uri $PWCURI -Headers $HeaderDelegate -body $PWCbody -Method POST -ContentType "application/json"

 

However, when I change the Request Body newPassword to variable I get a (403) Bad Request. 

 

$PWCBody = '{

"newPassword" : $password,
"forceChangePasswordNextSignIn" : true
}'

 

How can i handle a variable in a Requested Body that's surrounded by single quotes?

 

Thank You,

 

-Larry 

 

6 Replies
Try this:

$PWCBody = @{
"newPassword" = $password
}
Thank You for responding Vasil...
I tried using that format
$PWCBody = @{
"newPassword" = $password
}

Still getting the following message "Invoke-RestMethod : The remote server returned an error: (400) Bad Request."

Thank You,

-Larry
Yeah, they have terrible error handling on that endpoint. Bad request can mean anything from "you provided an invalid password" to "user is blocked" to "you are using application permissions and they don't work here". If it's still not working, capture the proper error message as detailed here: https://www.michev.info/Blog/Post/3298/unable-to-reset-the-password-for-a-disabled-account

again thanks for responding to my post...

I'm able to successfully change user's password using the end point in my PowerShell script if the Requested Body for password is in string format
$PWCBody = '{"Password" : "ADC123", "forceChangePasswordNextSignIn" : true}'

I get the 400 Bad Request when I try change the Requested Body password from a string value to a variable.
$PWCBody = '{"Password" : $NewPassword, "forceChangePasswordNextSignIn" : true}'

 

FYI: None of the accounts i trying to change their password in not disable in AD or Azure AD.

 

Also, I using the following permission:

Directory.AccessAsUser.All - Delegated - Access directory as the signed in user
UserAuthenticationMethod.ReadWrite.All - Delegated - Read and write all users' authentication methods.
UserAuthenticationMethod.Read.All - Delegated - Read all users' authentication methods

 

The service service account has the Role: Authentication administrator

 

Thank You,

-Larry

best response confirmed by Larry Jones (Frequent Contributor)
Solution
SOLUTION: I had to add " | ConvertTo-Json" at the end Request Body
$PWCBody = @{
newPassword = $password
forceChangePasswordNextSignIn = $true
} | ConvertTo-Json
Took ages looking for this.. Thanks Larry!