stackoom
  简体   繁体   中英

How To Reset Password Of Office 365 Azure AD User Using Graph API?

 原文  2018-01-09 14:47:51       java/ office365/ microsoft-graph/ azure-ad-graph-api

Question

Graph API - We are trying to reset password of office 365 azure ad user, for that it acquires access token from azure ad using client credentials grant flow, in a daemon app\\service, but unable to reset password of user. It responds " Insufficient privileges to complete the operation ", I have given the following permission to applications.

1)User.ReadWrite.All - Read and write all users full profiles (Application + delegated permission) 2)Directory.AccessAsUser.All - Access directory as the signed-in user (Delegated permission)

My O365 application is "multitenant Web Api" app which has been given an admin consent. The main purpose of my app is to sync users from my Web Application (User details etc.) to Azure AD. My application is able to sync all user profile details except the password.

Can a Daemon service application which has be authorized by the tenant administrator, reset the password of the users in the organization?

Thanks

2 answers

solution1
 0  2018-01-21 01:38:32

Currently Microsoft Graph (and AzureAD Graph) do not expose any application-only permissions (that could be used by a daemon app) to reset user passwords. This is a particularly privileged operation that can easily be abused. We do support this operation, in an interactive delegated flow, using Directory.AccessAsUser.All , as long as the signed in user is an administrator.

If you need an application permission to reset passwords please request this on UserVoice: https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/category/101632-microsoft-graph-o365-rest-apis

Hope this helps,

solution2
 0  2018-03-12 17:09:55

I had the same problem, it took 15 days to find a solution. Although the permissions are provided from the application it is not possible to reset the password of a user. For this, a role of "Company Administrator" must be provided

I followed the next steps and it worked:

  1. Run windows powershell as administrator

Write the next PowerShell cmdlets

  • Install-Module AzureAD
  • Connect-AzureAD
  • $ app = Get-AzureADServicePrincipal -SearchString "AppName"
  • $ role = Get-AzureADDirectoryRole | Where-Object {$ _. DisplayName -eq "Company Administrator"}
  • Add-AzureADDirectoryRoleMember -ObjectId $ role.ObjectId -RefObjectId $ app.ObjectId

Note: Change "AppName" by the name of your application in AD. Connect to AzureAD with the user who has GlobalAdministrator permissions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get user properties from azure AD using Graph API Access Office 365 (sharepoint REST api) in Azure using Java How to retrieve office 365 mail file (like image,text file etc) attachment using Oauth Graph Service Client api in java? Azure AD Import using Graph API works for random applications how to get 'code' for getting access_token when using Azure AD Graph API Graph request as User from backend Azure Ad Using java to access office 365 planner via microsoft graph How to reset user password using RestAPI in Salesforce application? Using extended properties on Events in Office 365 REST API REST client sample to update thumbnail Photo using Azure AD Graph api?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM