Azure AD

3 Topics

Unable to create Azure AD user using Graph API
Note I'm somewhat new to using the Graph API, so please forgive me (and correct me) if my terminology is wrong 👍 As I understand, https://docs.microsoft.com/en-us/graph/api/user-post-users documents that it should be possible for an Application to call the API and specifies the required permissions, headers and body to create a new Azure AD user account. Using PowerShell, I've tried a POST to both the v1.0 and beta endpoints with an authorization token that has the appropriate permissions assigned to create a new user account, but in both cases I see the following error: Invoke-RestMethod : The remote server returned an error: (400) Bad Request. The parameters I passed are a variation of those from https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-1-create-a-user (with the user principal name amended to have the appropriate suffix for the tenant in question, and a different password). When I run the following try { Invoke-RestMethod -Headers $header -Uri $uri -Method "POST" -Body $userparams -ErrorAction Stop } catch [System.Net.WebException] { if ($_.Exception.Response -eq $null) { throw } $streamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream()) $streamReader.BaseStream.Position = 0 $streamReader.ReadToEnd() | ConvertFrom-Json } I see the "(400) Bad Request" error is apparently due to an invalid passwordProfile: @{code=Request_BadRequest; message=Invalid property 'PasswordProfile'.; innerError=} Amending the properties of the passwordProfile object according to https://docs.microsoft.com/en-us/graph/api/resources/passwordprofile?view=graph-rest-1.0 hasn't helped. If I entirely remove the passwordProfile parameter from the body of my POST I get a slight variation on the exception.response inasmuch as it says: @{code=Request_BadRequest; message=A password must be specified to create a new user.; innerError=} Having checked, I am also unable to create a new user account when using a Delegated (work or school account) to call the same API and specify the same headers and body, with the same resulting errors. Note, I am able to create a new user account using https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.users/new-mguser?view=graph-powershell-beta (version https://www.powershellgallery.com/packages/Microsoft.Graph.Users/1.9.2) using exactly the same body parameters, so I have hope that the parameters are defined correctly after all Can anyone help me understand what I need to do to be able to create users using the Graph API, ideally with Application permissions?
Solved
rs_oakford
Jan 31, 2022 Place Microsoft Graph
5.9KViews
0likes
1Comment
Any REST APIs to get security questions of Azure Active Directory user
We have a requirement to get security questions for a user registered on Active Directory. We used graph API(https://graph.microsoft.com/v1.0/users/ {Id})to get users details. However we failed to see security questions in that API response. Request to share any info which programmatically gets and validates user's security questions. Thanks in advance.
Ujwal1997
Mar 17, 2021 Place Microsoft Graph
1.2KViews
0likes
1Comment
Missing Building Codes in Microsoft Search
We're attempting to upload office floorplans into Microsoft Search, but we are hitting a snafu in the building code selection. Despite the fact that the chosen employees have an Office field such as DC/001 in Azure AD, the wizard still indicates that the building code is incorrect. The office field we're using is in line with the Microsoft Docs example, such as B1/1001, so it's not a formatting error. Is there some sort of directory where building codes have to be defined? Our location data is proper, yet we still cannot proceed past this step despite having a proper building code. Any and all ideas would be appreciated.
skasab001
Jan 20, 2020 Place Microsoft Search
1.2KViews
1like
1Comment