我无法在具有自定义身份的Azure Active Directory中创建用户。我的请求内容如下:
{
"passwordProfile": {
"password": "password-value"
},
"accountEnabled": true,
"displayName": "FIRSTNAME LASTNAME",
"passwordPolicies": "DisablePasswordExpiration",
"creationType": "LocalAccount",
"identities": [
{
"issuerAssignedId": "avalid@email.com",
"signInType": "emailAddress",
"issuer": "my_tenant.onmicrosoft.com"
}
]
}
我还尝试了一个请求版本,其中我指定了mailNickname和userPrincipalName。在每种情况下,创建都会失败,并显示以下错误:
{
"error": {
"innerError": {
"date": "2020-02-20T17:23:48",
"request-id": "c5a7c8da-35bd-4ae2-9ae8-6714b672f035"
},
"message": "One or more properties contains invalid values.",
"code": "Request_BadRequest"
}
}
C#文档中有一个code snippet,表明应该可行。
我想念什么?
答案 0 :(得分:1)
Microsoft Graph通过在Microsoft Graph API中提供创建,读取,更新和删除方法,允许您在Azure AD B2C目录中manage user accounts。您可以将现有用户存储迁移到Azure AD B2C租户,并通过调用Microsoft Graph API执行其他用户帐户管理操作。
如果您尝试将此Azure AD Graph API请求用于普通Azure AD租户,它将获得与您相同的错误提示。
因此,确保您要查询的租户是B2C租户。
尝试使用B2C tenant的全局管理员(例如username@b2ctenant.onmicrosoft.com)来获取令牌。然后在头部使用令牌来使用API: 请求:
POST https://graph.windows.net/myorganization/users?api-version=1.6
正文内容类型:application / json:
{
"passwordProfile": {
"password": "password-value"
},
"accountEnabled": true,
"displayName": "FIRSTNAME LASTNAME",
"mailNickname": "mspcai",
"passwordPolicies": "DisablePasswordExpiration",
"creationType": "LocalAccount",
"identities": [
{
"issuerAssignedId": "avalid@email.com",
"signInType": "emailAddress",
"issuer": "my_tenant.onmicrosoft.com"
}
]
}
答案 1 :(得分:-1)
好像您指的是 beta 代码段,请尝试以下端点:
https://graph.microsoft.com/beta/users