1. 技术文章
  2. Resetting a user's password

Resetting a user's password

拟墨画扇 提交于 2019-12-20 03:12:11

问题


I am trying to find a solution for resetting user's passwords (all users, not just the authenticated user) in Azure Active directory via a non-interactive login.

Right now it seems this is only available via powershell's MSOnline Set-AzureADUserPassword cmdlet using a Service Principal login.

I'd like to find a solution using an API Endpoint so I can use C#. The closest solutions I've found was Microsoft Graph API but after setting it up, I realized I can only reset the passwords via an interactive login and consent flow. It's not allowed via non-interactive.

My next attempt is to use Azure AD endpoint but my concern is I am seeing the same message that recommends that we use the Microsoft graph API. Does this means azure ad endpoint will be going away?

Is there a recommended approach without using PowerShell?


回答1:


You could update user's passwordProfile property to reset user's password :

PATCH https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}
Content-type: application/json
Authorization: bearer TOKEN

{
     "passwordProfile":
    {
      "forceChangePasswordNextSignIn":false,
      "password": "XXXXXXXXX"
    }

}

As explanation in document :

When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.

Then you could use Resource Owner Flow as the requirement needs non-interactive login . To enable Directory.AccessAsUser.All delegate permission, you should :

  1. Add Microsoft Graph's Access directory as the signed in user permission in Required permissions blade of your Azure AD app :

  2. That permission needs admin consent , please click Grant Permissions button with your admin account .

Then you could use Resource Owner Flow to acquire access token for Microsoft Graph , Directory.AccessAsUser.All permission allows an Admin to change another user's password in your tenant .

Does this means azure ad endpoint will be going away?

Currently , Microsoft Graph supports most of the directory features that Azure AD Graph supports, but not all. Please refer to Gaps between Microsoft Graph and Azure AD Graph



来源:https://stackoverflow.com/questions/46077799/resetting-a-users-password

标签
microsoft-graph
azure-ad-graph-api
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!