如何使用 Microsoft Graph 更新云用户的扩展属性 API

Question

Microsoft's documentation states微软的文档说明

For an onPremisesSyncEnabled user, the source of authority for this set of properties is the on-premises and is read-only.对于 onPremisesSyncEnabled 用户，这组属性的权限来源是本地，并且是只读的。 For a cloud-only user (where onPremisesSyncEnabled is false), these properties may be set during creation or update.对于纯云用户（其中 onPremisesSyncEnabled 为 false），可以在创建或更新期间设置这些属性。 These extension attributes are also known as Exchange custom attributes 1-15.这些扩展属性也称为 Exchange 自定义属性 1-15。

I have confirmed that this user is not sync nor has ever been synced我已确认此用户未同步，也从未同步过

{
    "onPremisesDistinguishedName": null,
    "onPremisesDomainName": null,
    "onPremisesImmutableId": null,
    "onPremisesLastSyncDateTime": null,
    "onPremisesSecurityIdentifier": null,
    "onPremisesSamAccountName": null,
    "onPremisesSyncEnabled": null,
    "onPremisesUserPrincipalName": null,
}

Here is my request这是我的要求

Server: graph.microsoft.com
Path: /beta/users/<user id removed>
Method: PATCH

Body:
{
    "onPremisesExtensionAttributes": {
        "extensionAttribute14": "8500005",
        "extensionAttribute15": "008500005"
    }
}

Response回复

{
    "error": {
        "code": "Request_BadRequest",
        "message": "Unable to update the specified properties for objects that have originated within an external service.",
        "innerError": {
            "date": "...",
            "request-id": "...",
            "client-request-id": "..."
        }
    }
}

Answer 1

Recently we faced this issue with a client.最近我们遇到了一个客户这个问题。 where old accounts were throwing this error "Unable to update the specified properties for objects that have originated within an external service" when we are trying to use Graph API or Power Automate.当我们尝试使用 Graph API 或 Power Automate 时，旧帐户抛出此错误“无法更新源自外部服务的对象的指定属性”。

We confirmed with client if they were earlier synced on-premises but IT team had no information of past.我们与客户确认他们是否早些时候在本地同步，但 IT 团队没有过去的信息。 So we run the command Set-MsolDirSyncEnabled -EnableDirSync $false所以我们运行命令 Set-MsolDirSyncEnabled -EnableDirSync $false

After running this command all extension attributes 1-15 were moved to Exchange online.运行此命令后，所有扩展属性 1-15 都被移动到 Exchange online。 We raised Microsoft Support ticket to change the source back to Azure AD.我们提出了 Microsoft 支持票，将源更改回 Azure AD。 But after 1 month of long discussion we were told that "It's NOT Possible to revert back".但经过 1 个月的长时间讨论后，我们被告知“不可能恢复原状”。

We have to create Azure runbook to update these extension attributes using PowerShell我们必须创建 Azure 运行手册以使用 PowerShell 更新这些扩展属性

如何使用 Microsoft Graph 更新云用户的扩展属性 API

问题描述

1 个解决方案

解决方案1
1 2021-08-26 07:35:04

如何使用 Microsoft Graph 更新云用户的扩展属性 API

问题描述

1 个解决方案

解决方案1 1 2021-08-26 07:35:04

解决方案1
1 2021-08-26 07:35:04