I´m writing an little application to create new user on an Azure AD.
Even following all the instructions in Create User Reference I allways get an Http Error 400 (Bad Request).
The only thing I´m not providing is an attribute named onPremissesImmutableId. Assuming I must provide it, problem is I don't know where to find such a value.
This is the Json I'm posting:
{
"accountEnabled": true,
"displayName": "Name Surname",
"mailNickname": "Surname",
"userPrincipalName": "name.surname#XXXX.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": false,
"password": "p#ssw0#D"
}
}
Any ideas?
TIA
Just after I posted the question I had the idea to review the password policy active on my AD tenant and I found out that it was the problem. So I just had to set a new password to match the policy and everything worked just fine.
Related
I'm struggling to build my Alexa Interaction model. My application is used for requesting live data from a smart home device. All i do is basically calling my Server API with a Username & Password and i get a value in return. My interaction model works perfectly for requesting the parameters, for example i can say "Temperature" and it works perfectly fine across all testing devices. For that intent i got a custom RequestType.
However for setting up Username & Password i need to use an built-it slot type: AMAZON.NUMBER. As i only need numbers for my credentials this should work perfectly fine in theory.
I got a interaction model setup which works perfectly fine when i press "Evaluate Model" in Alexa developer console. However once i go to Test on the simulator or to my real Alexa device it's absolutely impossible to call the intent. It always calls one of more other intents? (I see this in the request JSON).
Here's how the intent looks:
{
"name": "SetupUsername",
"slots": [
{
"name": "username",
"type": "AMAZON.NUMBER"
}
],
"samples": [
"my user id is {username}",
"username to {username}",
"set my username to {username}",
"set username to {username}",
"user {username}",
"my username is {username}",
"username equals {username}"
]
}
Whatever i say or type in the Simulator, i cannot call this intent. I have no overlaps from other intents. Does anyone see an issue here?
Thank you in advance
EDIT: I just realized that if you want to do account linking on Alexa you need to implement OAuth2 - maybe my intents are never called because they want to bypass me implementing my own authentication?
UPDATE:
This is the intent that is usually called instead - it's my init intent. So for example is i say "my username is 12345" the following intent is gonna be called:
UPDATE 2:
Here is my full interaction model.
(HelpIntent and SetPassword are only for testing purposes, they don't make sense right now)
It's impossible calling SetupUsername with any of the samples in my model.
You need to build the interaction model. Saving is not enough
When you develop your Interaction Model, you have to save it AND build it. Otherwise only the evaluation model will work (documentation about it).
Then when you test in the test console, you should see in the JSON Input, at the bottom, which intent was called:
"request": {
"type": "IntentRequest",
"requestId": "xxxx",
"locale": "en-US",
"timestamp": "2021-10-20T14:38:59Z",
"intent": {
"name": "HelloWorldIntent", <----------- HERE
"confirmationStatus": "NONE"
}
}
When using the directoryObjects/validateProperties API for creating/validating AD Group properties, a 400 error is returned indicating 'Invalid entity provided. Supported entities include: Group'. I have confirmed that the only entityType I am providing in the request is 'Group' or 'group'.
{ code: 'Request_BadRequest',
message:
'Invalid entity type provided. Supported entities include: Group.',
innerError:
{ 'request-id': '4949163f-43c4-42e8-b016-436af61e4eb5',
date: '2020-06-11T10:29:08' } } }
The error occurs in both /v1.0 and /beta versions of the MS Azure AD API, with the body/payload stringified or not.
Not exactly sure what is expected. Can someone please provide assistance on this? Thanks.
I have validated the properties by using the same JSON Data from the document in the Graph explorer and it worked for me.
This is the below data which I have given
{
"entityType": "Group",
"displayName": "Myprefix_test_mysuffix",
"mailNickname": "Myprefix_test_mysuffix",
"onBehalfOfUserId": "1ab4e79f-5f52-44b8-8c72-7d03c05e6ff4"
}
And I am hitting the V1.0 endpoint
https://graph.microsoft.com/v1.0/directoryObjects/validateProperties
Try with my sample copying it change the onBehalfOfUserID to your userID and hit the same Http call in Graph Explorer.
My application was designed to add a user to my Azure AD B2C using Azure AD Graph API. I also handled the case where I'd be calling the add user graph API with an email ID that already exists in AD. I was looking for the error message in the response body to handle this. Has there been any change w.r.t the response message?
POST
https://graph.windows.net/{tenant}/users?api-version=1.6
Request Body :
{
"accountEnabled": true,
"signInNames": [
{
"type": "EmailAddress",
"value": "TestGraphApiCreatedUser#TestGraphApiCreatedUser.com"
}],
"displayName": "TestGraphApiCreatedUser",
"mailNickname": "TestGraphApiCreatedUser",
"passwordProfile" : {
"forceChangePasswordNextLogin": false,
"password": "vhkjds#fceu456VCHU"
},
"creationType": "LocalAccount",
"passwordPolicies": "DisablePasswordExpiration"
}
If a user already exists with the given email address, the error I was getting earlier was
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "Another object with the same value for property signInName already exists."
}
}
}
Now, for the same flow, I'm getting below error :
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "Another object with the same value for property userPrincipalName already exists."
}
}
}
Is there any difference between the two error messages. Since there isn't any error code, I had hard coded the whole error message. Now that there is a slight change in the message, I've to update my code. How can I handle this in a better way?
I didn't check to confirm if they changed the error message, but it wouldn't surprise me at all if they did. The userPrincipalName may be coming from the underlying AAD, maybe MS changed the B2C implementation and now it exposes an error message from there?
In your particular case, a better option may be to check if the email address exists in B2C just before calling the API to create the new user. It's an extra API call, but it shouldn't matter much unless you're creating many users at a time, e.g. in a batch. You'll still have to handle the user creation call failure, but if it happens you could just return a generic error message.
I want to update the birthday of a user using the patch request.
Updating other properties works as expected but the moment the birthday property is included, the following error returned:
The request is currently not supported on the targeted entity set
I already tried to update the user to be sure the permissions are fine.
Application permissions are used.
This PATCH request to /V1.0/users/{id} works:
{
"givenName": "Fridas"
}
Passing this request body however:
{
"givenName":"Fridas",
"birthday" : "2014-01-01T00:00:00Z
}
throws an error
{
"error":
{
"code":"BadRequest",
"message":"The request is currently not supported on the targeted entity set",
"innerError":
{
"request-id":"5f0d36d1-0bff-437b-9dc8-5579a7ec6e72",
"date":"2019-08-13T15:27:40"
}
}
}
When I update the birthday separately, I get a 500 error. Print screens below. Updating the user id works fine, birthday does not.
Same user id is used in the request.
I'm not sure why this happens, but a workaround, albeit an annoying one, is to update birthday separately from other attributes.
E.g.
PATCH https://graph.microsoft.com/v1.0/users/userid
{
"birthday" : "2014-01-01T00:00:00Z"
}
Here is a screenshot from MS Graph Explorer:
In fact, this is a limitation in the current system.
User is a composite type. Under the covers some properties in user are mastered by different services, and we currently don't support updates across multiple services.
"birthday" is not mastered by Azure AD. So we can't update it with other properties mastered by Azure AD in the same call.
It is strongly recommended that you update this property separately. I can update it from my side. So you need a backend engineer to track this request for you.
This seems to affect more than Birthday.
Skills[] and Responsibilities[] are also returning 500 Internal Server Error when using PATCH request via REST API with:
{"skills": ["TESTING", "ANOTHER SKILL"]}
Same happens via the GraphServiceClient - except the result is:
Failed to call the Web Api: InternalServerError
Content: {
"error": {"code": "-1, Microsoft.Office.Server.Directory.DirectoryObjectUnauthorizedAccessException",
"message": "Attempted to perform an unauthorized operation.",
"innerError": {
"request-id": "1c2ccc54-0a0c-468f-a18c-6bdfbad4077d",
"date": "2019-08-28T13:23:55"
}}}
These requests work on the Graph Explorer page, but not via calls to the API.
I am trying to create a "LocalAccount" in a B2C domain via the Azure AD Graph API.
To do this I registered an app (via Azure Active Directory -> App registrations (legacy)) and add all permissions for "Windows Azure Active Directory".
The request to create the user is
add_user_json = {
"accountEnabled": True,
"creationType": "LocalAccount",
"signInNames": [{
"type": "emailAddress",
"value": "test#email.com"
},
{
"type": "emailAddress",
"value": "test2#email.com"
}],
"displayName": user_id,
"mailNickname": user_id,
"passwordProfile": {
"password": "aPassword",
"forceChangePasswordNextLogin": "true"
},
"passwordPolicies": "DisablePasswordExpiration"
}
and the endpoint "https://graph.windows.net/{tenant}.onmicrosoft.com/users?api-version=1.6" (I tried "https://graph.windows.net/myorganization/users?api-version=1.6", too).
The error I get is "One or more properties contains invalid values."
Furthermore, if I create a new user via the sign up flow it is possible to create a local account.
Does anybody have an idea what I did wrong?
The "One or more properties contains invalid values." error is occurring because a user object can't have more than one signInName entry of the same type.
There's a really good utility here with the code to help you.
Look at the create example there
One obvious one is:
"forceChangePasswordNextLogin": "true"
This needs to be "false".