问题
Issue with adding Member to group in Azure AD, getting this error message:
Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration
I am trying to add existing member of azure AD to a existing group,But I am getting response as "Bad Request". For some of the calls updateasync worked fine but member not added to group. I have provided my code that I am trying with the error I am getting below.Kindly suggest if any one has faced the same and resolved it.Thanks.
Code:-
IUser newUser = await GetUser(userKey);
Microsoft.Azure.ActiveDirectory.GraphClient.Group retrievedGroup = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
List<IGroup> foundGroups = null;
foundGroups = adClient.Groups
.Where(group => group.DisplayName.StartsWith(groupName))
.ExecuteAsync().Result.CurrentPage.ToList();
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
}
if (retrievedGroup.ObjectId != null)
{
retrievedGroup.Members.Add(newUser as DirectoryObject);
await retrievedGroup.UpdateAsync();
}
Error:-
{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."},"date":"2016-10-18T08:02:22","requestId":"c757689c-6135-4198-9e4d-6a7aaa1135e7","values":null}}
回答1:
Based on the description and error message, you were using Azure Graph client to add members to group which created on-premises. This is expected, it is not able to update these objects which synced from on-premises to Azure AD.
To add members for this kind group, we need to operate it in the on-premises environment and then sync it to Azure.
Update
Create a group and add the members using Azure AD Graph client:
var client = GraphHelper.CreateGraphClient();
var group = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
group.DisplayName = "newGroup";
group.MailNickname = "newGroup";
group.MailEnabled = false;
group.SecurityEnabled = true;
await client.Groups.AddGroupAsync(group);
var newGroup = client.Groups.ExecuteAsync().Result.CurrentPage.First(a => a.DisplayName == "newGroup") as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
var user = client.Users.ExecuteAsync().Result.CurrentPage.First(u => u.DisplayName == "user2") as Microsoft.Azure.ActiveDirectory.GraphClient.DirectoryObject;
group.Members.Add(user);
await group.UpdateAsync();
public static ActiveDirectoryClient CreateGraphClient()
{
string accessToken = "";
string tenantId = "xxx.onmicrosoft.com";
string graphResourceId = "https://graph.windows.net";
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
return activeDirectoryClient;
}
来源:https://stackoverflow.com/questions/40102799/unable-to-update-the-specified-properties-for-on-premises-mastered-directory-syn