stackoom
  简体   繁体   中英

Azure ActiveDirectory Graph API client Update user error: “Insufficient privileges to complete the operation”

 原文  2015-11-09 19:24:34       .net/ azure

Question

I'm working with the Graph API in .Net. I'm currently using version 2013-11-08 (2 behind newest). One month ago everything was working properly, and then something changed (not in code) that caused updating users to break. We can still create users successfully, we just can't update users passwords specifically. The 

Insufficient privileges to complete the operation..
   at Microsoft.Azure.ActiveDirectory.GraphClient.ConnectionWrapper.InvokeNetworkOperation[T](Func`1 action)

I've double checked the Application Permissions within azure, and they are setup correctly (in fact, to test I've just given the application all permissions). I'm at a loss with what to try next.

I'm currently looking into upgrade the application to use the newest version of graph api (1.6).

Does anyone have any ideas why I can no longer update users? This ability stopped working sometime in the past month, but what's weird is how we can still create new users using the same client/api.

1 answers

solution1
 2 ACCPTED  2015-11-14 09:30:50

As per the link ,recent Microsoft Update on Security permissions might cause this .right now the fix can be applied only with the help of Powershell.

Here is the full details on the update http://blogs.msdn.com/b/aadgraphteam/archive/2015/10/06/new-graph-api-consent-permissions.aspx

Update:

I have faced similar situation , below code made the application work again. 

#-----------------------------------------------------------
# This will prompt you for your tenant's credential
# You should be able to use your your Azure AD administrative user name
# (in the admin@tenant.onmicrosoft.com format) -- **"I have given user who is in global admin role"**
#-----------------------------------------------------------
Connect-MsolService

#-----------------------------------------------------------
# Replace the Application Name with the name of your 
# Application Service Principal
#-----------------------------------------------------------
$displayName = "Application Name"
$objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId

#-----------------------------------------------------------
# This will add your Application Service Prinicpal to 
# the Company Administrator role
#-----------------------------------------------------------
$roleName = "Company Administrator"              
Add-MsolRoleMember -RoleName $roleName -RoleMemberType ServicePrincipal - RoleMemberObjectId $objectId

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Microsoft Bot Framework Insufficient privileges to perform this operation Microsoft Graph API Create User in Azure AD gets 500 error Change user password using Microsoft.Azure.ActiveDirectory.GraphClient Error uploading user photo microsoft graph api Get list of users under a user using Azure graph API Problems Accessing Azure Graph API File.WriteAllBytes causes error “Insufficient system resources exist to complete the requested service” Azure Error, The Data Protection Operation was unsuccessful Azure Graph API in .Net on desktop will not authenticate Azure AD Graph API $filter not working with spaces
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM