Issue with adding Member to group in Azure AD, getting this error message:
Unable to update the specified properties for on-premises mastered
Directory Sync objects or objects currently undergoing migration
I am trying to add existing member of azure AD to a existing group,But I am getting response as “Bad Request”. For some of the calls updateasync worked fine but member not added to group. I have provided my code that I am trying with the error I am getting below.Kindly suggest if any one has faced the same and resolved it.Thanks.
Code:-
IUser newUser = await GetUser(userKey);
Microsoft.Azure.ActiveDirectory.GraphClient.Group retrievedGroup = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
List<IGroup> foundGroups = null;
foundGroups = adClient.Groups
.Where(group => group.DisplayName.StartsWith(groupName))
.ExecuteAsync().Result.CurrentPage.ToList();
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
}
if (retrievedGroup.ObjectId != null)
{
retrievedGroup.Members.Add(newUser as DirectoryObject);
await retrievedGroup.UpdateAsync();
}
Error:-
{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."},"date":"2016-10-18T08:02:22","requestId":"c757689c-6135-4198-9e4d-6a7aaa1135e7","values":null}}
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Based on the description and error message, you were using Azure Graph client to add members to group which created on-premises. This is expected, it is not able to update these objects which synced from on-premises to Azure AD.
To add members for this kind group, we need to operate it in the on-premises environment and then sync it to Azure.
Update
Create a group and add the members using Azure AD Graph client:
var client = GraphHelper.CreateGraphClient();
var group = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
group.DisplayName = "newGroup";
group.MailNickname = "newGroup";
group.MailEnabled = false;
group.SecurityEnabled = true;
await client.Groups.AddGroupAsync(group);
var newGroup = client.Groups.ExecuteAsync().Result.CurrentPage.First(a => a.DisplayName == "newGroup") as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
var user = client.Users.ExecuteAsync().Result.CurrentPage.First(u => u.DisplayName == "user2") as Microsoft.Azure.ActiveDirectory.GraphClient.DirectoryObject;
group.Members.Add(user);
await group.UpdateAsync();
public static ActiveDirectoryClient CreateGraphClient()
{
string accessToken = "";
string tenantId = "xxx.onmicrosoft.com";
string graphResourceId = "https://graph.windows.net";
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
return activeDirectoryClient;
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0