未找到包含使用直接授权时指定的外部目录对象ID的邮箱

Question

当我使用使用我的工作帐户登录的Graph Explorer访问Graph API时，以下REST调用可以正常运行

https://graph.microsoft.com/v1.0/groups('42bc2ab5-230f-475c-8663-7c319d0b6696')/conversations?expand=threads(expand=posts)

GUID是Office 365组的ID

当我尝试使用直接授权访问时，我使用以下指南配置我的Windows控制台应用

https://azure.microsoft.com/en-gb/documentation/articles/active-directory-v2-protocols-oauth-client-creds/

使用以下JSON响应返回以下404错误。

{
  "error": {
    "code": "ErrorNonExistentMailbox",
    "message": "No mailbox was found that includes the external directory object ID that was specified.",
    "innerError": {
      "request-id": "e8a5f034-3e8c-496c-896e-250acea6fe1c",
      "date": "2016-10-26T10:16:27"
    }
  }
}

如果我使用以下REST调用直接访问该组，则可以正常工作

https://graph.microsoft.com/v1.0/groups('42bc2ab5-230f-475c-8663-7c319d0b6696')

但是当我尝试访问对话时，会返回上面的错误。

我的应用使用https://apps.dev.microsoft.com

配置了以下权限

委派权限

Mail.Read，Mail.Read.Shared，User.Read，Group.Read.All（仅限管理员），Group.ReadWrite.All（仅限管理员）

申请权限

Group.Read.All（仅限管理员），Group.ReadWrite.All（仅限管理员），Mail.Read（仅限管理员），User.Read.All（仅限管理员）

这是我在控制台应用中使用的代码

class Program
    {
        private const string AUTHORITY_FORMAT = "https://login.microsoftonline.com/{0}/v2.0";
        private const string GRAPH_SCOPE = "https://graph.microsoft.com/.default";
        private const string GROUP_ATTACHMENTS_GRAPH_QUERY = "https://graph.microsoft.com/v1.0/groups('42bc2ab5-230f-475c-8663-7c319d0b6696')/conversations?expand=threads(expand=posts)";
        static void Main(string[] args)
        {
            ScanGroupConversations().Wait();

            Console.WriteLine("Press any key to continue...");
            Console.Read();
        }

        static async Task ScanGroupConversations()
        {
            // Get a token for the Microsoft Graph
            ConfidentialClientApplication daemonClient =
                new ConfidentialClientApplication(
                    String.Format(AUTHORITY_FORMAT, ConfigurationManager.AppSettings["tennantId"]),
                    ConfigurationManager.AppSettings["clientId"], ConfigurationManager.AppSettings["redirectUri"],
                    new ClientCredential(ConfigurationManager.AppSettings["clientSecret"]), new TokenCache());

            AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new string[] { GRAPH_SCOPE }, null);

            // Query for list of users in the tenant
            HttpClient client = new HttpClient();

            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, GROUP_ATTACHMENTS_GRAPH_QUERY);

            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.Token);
            HttpResponseMessage response = await client.SendAsync(request);

            if (!response.IsSuccessStatusCode)
            {
                var responseString = await response.Content.ReadAsStringAsync();

                Console.WriteLine(response.StatusCode + "Content: " + responseString);
                //throw new HttpResponseException(response.StatusCode);
            }

            // Record users in the data store (note that this only records the first page of users)
            string json = await response.Content.ReadAsStringAsync();


        }
    }