Create Office 365 group for existing Team site

%3CLINGO-SUB%20id%3D%22lingo-sub-211662%22%20slang%3D%22en-US%22%3ECreate%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-211662%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20having%20issues%20calling%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fmicrosoft.online.sharepoint.tenantadministration.tenant.creategroupforsite.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ETenant.CreateGroupForSite%3C%2FA%3E%26nbsp%3Busing%20Azure%20AD%20App%20Only%20client%20context.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20receiving%20the%20following%20exception.%3C%2FP%3E%3CP%3E%3CEM%3E%7B%22odata.error%22%3A%7B%22code%22%3A%22Authorization_RequestDenied%22%2C%22message%22%3A%7B%22lang%22%3A%22en%22%2C%22value%22%3A%22Insufficient%20privileges%20to%20complete%20the%20operation.%22%7D%2C%22requestId%22%3A%22c9e74c5a-c5bf-4f2f-ae4e-5d2c29b619d6%22%2C%22date%22%3A%222018-07-03T11%3A50%3A08%22%7D%7D%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%3E%3CSPAN%20class%3D%22lia-message-image-wrapper%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20549px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F37042i1F265E4120413665%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BI've%20given%20consent%20to%20delegated%20permission%20Group.ReadWrite.All.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%3E%3CSPAN%20class%3D%22lia-message-image-wrapper%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20398px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F37043i00C901A8A72B8B87%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3BWhat%20am%20I%20missing%3F%20Isn't%20it%20supported%20to%20use%20an%20App%20Only%20context.%20It%20works%20fine%20in%20a%20user%20context.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-211662%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212716%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212716%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20a%20multi%20tenant%20solution%20running%20against%20hundreds%20of%20customers%2C%20so%20can't%20use%20username%2Fpassword.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212537%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212537%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Michael%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETrue%20it%20is%20not%20possibble%20yet%20but%20with%20the%20solution%20of%20John%20you%20could%20create%20a%20account%20which%20only%20can%20do%20what%20you%20want.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EKind%20regards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPaul%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212421%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212421%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%40Deleted%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20it%2C%20however%20I%20don't%20see%20that%20there's%20an%20API%20for%20this%20in%20the%20Graph.%20Sure%20you%20can%20create%20a%20Group%2C%20but%20I%20need%20to%20%22groupify%22%20an%20existing%20SharePoint%20site%20collection.%3C%2FP%3E%3CP%3EThe%20SharePoint%20API%20is%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%7BsiteUrl%7D%2F_api%2FGroupSiteManager%2FCreateGroupForSite%3C%2FP%3E%3CP%3EBut%20again%2C%20it%20cannot%20be%20called%20using%20AppOnly%20context.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20guess%20the%20conclusion%20is%20that%20it%20is%20not%20possible%20yet.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212277%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212277%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20take%20a%20look%20at%20the%20site%20of%20John%20as%20he%20managed%20to%20do%20this%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2Fjohnliu.net%2Fblog%2F2017%2F1%2Fcreate-many-o365-groups-with-powershell-resource-owner-granttype-and-microsoft-graph%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fjohnliu.net%2Fblog%2F2017%2F1%2Fcreate-many-o365-groups-with-powershell-resource-owner-granttype-and-microsoft-graph%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212054%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212054%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20added%20Application%20permission%26nbsp%3B%3CSPAN%3ERead%20and%20write%20directory%20data%20(Directory.ReadWrite.All)%2C%20but%20it%20doesn't%20make%20a%20difference.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EGroup.ReadWrite.All%20is%20added%20as%20Delegated%20permission%20as%20it%20doesn't%20exist%20as%20Application%20permission.%20Does%20this%20mean%20that%20it%20isn't%20possible%26nbsp%3Bto%20use%20an%20AppOnly%20context%20(no%20user%20context).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20541px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F37083i530B394B9C7444A4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-212022%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20Office%20365%20group%20for%20existing%20Team%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-212022%22%20slang%3D%22en-US%22%3E%3CP%3Edo%20you%20have%20the%20Active%20directory%20read%20and%20write%20permissions%20in%20the%20app%20only%20context%3F%20as%20you%20need%20them%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I'm having issues calling Tenant.CreateGroupForSite using Azure AD App Only client context. 

 

I'm receiving the following exception.

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"c9e74c5a-c5bf-4f2f-ae4e-5d2c29b619d6","date":"2018-07-03T11:50:08"}}


image.png

 

 I've given consent to delegated permission Group.ReadWrite.All.image.png

 What am I missing? Isn't it supported to use an App Only context. It works fine in a user context.

6 Replies
Highlighted

do you have the Active directory read and write permissions in the app only context? as you need them as well.

Highlighted

I've added Application permission Read and write directory data (Directory.ReadWrite.All), but it doesn't make a difference.

 

Group.ReadWrite.All is added as Delegated permission as it doesn't exist as Application permission. Does this mean that it isn't possible to use an AppOnly context (no user context).

image.png

 

 

 

Highlighted
Highlighted

Thanks @Deleted

 

Appreciate it, however I don't see that there's an API for this in the Graph. Sure you can create a Group, but I need to "groupify" an existing SharePoint site collection.

The SharePoint API is

 

{siteUrl}/_api/GroupSiteManager/CreateGroupForSite

But again, it cannot be called using AppOnly context. 

 

I guess the conclusion is that it is not possible yet. 

Highlighted

Hi Michael,

 

True it is not possibble yet but with the solution of John you could create a account which only can do what you want.

 

Kind regards,

 

 

Paul

Highlighted

It is a multi tenant solution running against hundreds of customers, so can't use username/password.