使用https://graph.microsoft.com和ActiveDirectoryClient将用户添加到Azure Active Directory

时间:2019-05-30 22:18:02

标签: azure azure-active-directory microsoft-graph azure-ad-graph-api

我正在尝试将用户添加到我的Azure租户的Active Directory中。

我正在使用Microsoft Graph API。通过Graph Explorer here公开的那个。

问题在于,无论我通过什么serviceRoot URI ,我都会遇到异常。

我已成功通过GetTokenForApplication方法获得令牌:

ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
                      async () => await GetTokenForApplication());

但是,当我打电话给我时:

await activeDirectoryClient.Users.AddUserAsync(aadUser);

它抛出此异常:

 "{\r\n
    \"error\": {\r\n
                   \"code\": \"BadRequest\",\r\n
                   \"message\": \"Query parameter api-version not allowed\",\r\n    
                   \"innerError\": {\r\n
                                    \"request-id\": \"57327a85-8320-4363-b5f9-aeacdf782861\",\r\n
                                    \"date\": \"2019-05-30T21:59:55\"\r\n
                                   }\r\n
               }\r\n
}"

这是我正在使用的serviceRoot URI :“ https://graph.microsoft.com/v1.0

我应该在 serviceRoot 中传递什么URI?

ActiveDirectoryClientMicrosoft Graph兼容吗?我问是因为看到ActiveDirectoryClient的示例正在使用Azure AD Graph API

blog post显示了旧Azure AD Graph API与新Microsoft Graph API之间的区别。顺便说一句:Microsoft建议我们使用Microsoft Graph API,因为所有新开发都将集中于此。

1 个答案:

答案 0 :(得分:1)

我认为您正在尝试使用较新的Microsoft Graph API(https://graph.microsoft.com),但将客户端库用于较旧的Azure AD Graph API(https://graph.windows.net

您可以在此处详细了解比较-Microsoft Graph or the Azure AD Graph

以下是nuget包和类的详细信息:

Microsoft Graph API

  • Microsoft.Graph nuget包-与Microsoft Graph API一起使用并使用GraphServiceClient类。

Azure AD Graph API

  • Microsoft.Azure.ActiveDirectory.GraphClient nuget程序包-与Azure AD Graph API一起使用并使用ActiveDirectoryClient类。

Microsoft Graph API客户端的代码

Microsoft文档-Create User - SDK Sample Code

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var user = new User
{
    AccountEnabled = true,
    DisplayName = "displayName-value",
    MailNickname = "mailNickname-value",
    UserPrincipalName = "upn-value@tenant-value.onmicrosoft.com",
    PasswordProfile = new PasswordProfile
    {
        ForceChangePasswordNextSignIn = true,
        Password = "password-value"
    }
};

await graphClient.Users
    .Request()
    .AddAsync(user);