Create Office 365 group for existing Team site

%3CLINGO-SUB%20id%3D%22lingo-sub-211662%22%20slang%3D%22en-US%22%3ECreate%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-211662%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20having%20issues%20calling%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fmicrosoft.online.sharepoint.tenantadministration.tenant.creategroupforsite.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETenant.CreateGroupForSite%3C%2FA%3E%26nbsp%3Busing%20Azure%20AD%20App%20Only%20client%20context.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20receiving%20the%20following%20exception.%3C%2FP%3E%3CP%3E%3CEM%3E%7B%22odata.error%22%3A%7B%22code%22%3A%22Authorization_RequestDenied%22%2C%22message%22%3A%7B%22lang%22%3A%22en%22%2C%22value%22%3A%22Insufficient%20privileges%20to%20complete%20the%20operation.%22%7D%2C%22requestId%22%3A%22c9e74c5a-c5bf-4f2f-ae4e-5d2c29b619d6%22%2C%22date%22%3A%222018-07-03T11%3A50%3A08%22%7D%7D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%3E%3CSPAN%20class%3D%22lia-message-image-wrapper%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20549px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F37042i1F265E4120413665%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BI've%20given%20consent%20to%20delegated%20permission%20Group.ReadWrite.All.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%3E%3CSPAN%20class%3D%22lia-message-image-wrapper%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20398px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F37043i00C901A8A72B8B87%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3BWhat%20am%20I%20missing%3F%20Isn't%20it%20supported%20to%20use%20an%20App%20Only%20context.%20It%20works%20fine%20in%20a%20user%20context.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-211662%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212716%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212716%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20a%20multi%20tenant%20solution%20running%20against%20hundreds%20of%20customers%2C%20so%20can't%20use%20username%2Fpassword.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212537%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212537%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Michael%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETrue%20it%20is%20not%20possibble%20yet%20but%20with%20the%20solution%20of%20John%20you%20could%20create%20a%20account%20which%20only%20can%20do%20what%20you%20want.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EKind%20regards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPaul%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212421%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212421%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%40Deleted%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20it%2C%20however%20I%20don't%20see%20that%20there's%20an%20API%20for%20this%20in%20the%20Graph.%20Sure%20you%20can%20create%20a%20Group%2C%20but%20I%20need%20to%20%22groupify%22%20an%20existing%20SharePoint%20site%20collection.%3C%2FP%3E%3CP%3EThe%20SharePoint%20API%20is%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%7BsiteUrl%7D%2F_api%2FGroupSiteManager%2FCreateGroupForSite%3C%2FP%3E%3CP%3EBut%20again%2C%20it%20cannot%20be%20called%20using%20AppOnly%20context.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20guess%20the%20conclusion%20is%20that%20it%20is%20not%20possible%20yet.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212277%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212277%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20take%20a%20look%20at%20the%20site%20of%20John%20as%20he%20managed%20to%20do%20this%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2Fjohnliu.net%2Fblog%2F2017%2F1%2Fcreate-many-o365-groups-with-powershell-resource-owner-granttype-and-microsoft-graph%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fjohnliu.net%2Fblog%2F2017%2F1%2Fcreate-many-o365-groups-with-powershell-resource-owner-granttype-and-microsoft-graph%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212054%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212054%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20added%20Application%20permission%26nbsp%3B%3CSPAN%3ERead%20and%20write%20directory%20data%20(Directory.ReadWrite.All)%2C%20but%20it%20doesn't%20make%20a%20difference.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EGroup.ReadWrite.All%20is%20added%20as%20Delegated%20permission%20as%20it%20doesn't%20exist%20as%20Application%20permission.%20Does%20this%20mean%20that%20it%20isn't%20possible%26nbsp%3Bto%20use%20an%20AppOnly%20context%20(no%20user%20context).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20541px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F37083i530B394B9C7444A4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212022%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212022%22%20slang%3D%22en-US%22%3E%3CP%3Edo%20you%20have%20the%20Active%20directory%20read%20and%20write%20permissions%20in%20the%20app%20only%20context%3F%20as%20you%20need%20them%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I'm having issues calling Tenant.CreateGroupForSite using Azure AD App Only client context. 

 

I'm receiving the following exception.

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"c9e74c5a-c5bf-4f2f-ae4e-5d2c29b619d6","date":"2018-07-03T11:50:08"}}


image.png

 

 I've given consent to delegated permission Group.ReadWrite.All.image.png

 What am I missing? Isn't it supported to use an App Only context. It works fine in a user context.

7 Replies

do you have the Active directory read and write permissions in the app only context? as you need them as well.

I've added Application permission Read and write directory data (Directory.ReadWrite.All), but it doesn't make a difference.

 

Group.ReadWrite.All is added as Delegated permission as it doesn't exist as Application permission. Does this mean that it isn't possible to use an AppOnly context (no user context).

image.png

 

 

 

Thanks @Deleted

 

Appreciate it, however I don't see that there's an API for this in the Graph. Sure you can create a Group, but I need to "groupify" an existing SharePoint site collection.

The SharePoint API is

 

{siteUrl}/_api/GroupSiteManager/CreateGroupForSite

But again, it cannot be called using AppOnly context. 

 

I guess the conclusion is that it is not possible yet. 

Hi Michael,

 

True it is not possibble yet but with the solution of John you could create a account which only can do what you want.

 

Kind regards,

 

 

Paul

It is a multi tenant solution running against hundreds of customers, so can't use username/password.

@Michael Schau Did you find any solution meanwhile? I have same requirement i.e. I want to use CreateGroupForSite method with App Only Context.