Microsoft Graph accessing Azure AD to Create a User

The scenario is relatively simple, I want to programmatically create a new user in the Azure Active Directory (AD). I wanted to use the Graph API that Microsoft has developed, from what I read it should be straight forward. Unfortunately, there were a lot more twists and turns in this journey than I had planned so thought the right thing to do was to write it down for others to hopefully have an easier learning process.

As with all learning there was a lot of google searching involved, I have tried to capture the resources that were helpful to give them recognition for their help.

One of my first obstacles was including the right libraries, as most of the code samples failed to include the using statements that they required. The libraries that I ended up using were as follows:

using Microsoft.Toolkit.Services.MicrosoftGraph;
using Microsoft.Graph;
using Microsoft.Identity;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

This Stack Overflow question [1] was the most useful code on connecting to the Active Directory and access the user objects. The magic values that you need are fairly straight forward but are detailed as follows.

First thing you need to make sure that you do is to create and Application Registration in Azure Active Directory. You need this to get your Client ID and Tenent ID that you need so your code so it can connect to AD.

The next obstacle was the Client Secret that had me stumped for a while. This comes under Certificates and Secrets within the AD Admin Portal. You just need to create a new Secret and grab the value it creates.

They are all the magic values you need to be able to connect to the Azure AD. Only problem now is that security is turned off by default. Within the Azure AD Portal under the API Permissions you need to make sure that Microsoft Graph is there and that it has the necessary permission depending on what actions you need to perform.

Create User

Brian Jackett’s blog post [2] was helpful for giving a good context to tackle this and gave hints as to permission etc.

If you have been following along diligently you will have some code that can read the users in your Active Directory. The document, that I actually started with on the journey was the Microsoft Graph Documentation on how to Create a User with the Graph API [3]. Having back tracked and done all the steps I have documented above you can now use this code to create your user in AD.

That is it in a nut shell, follow these easy steps at you will be able to access your Azure AD and create and read users from it.

Thanks for reading I hope you found it helpful.

 

References

[1] Stack Overflow:

https://stackoverflow.com/questions/45614699/c-sharp-console-app-to-create-user-in-azure-active-directory-using-microsoft-gra

[2] Blog post by Brian Jackett:

https://briantjackett.com/2018/12/13/introduction-to-calling-microsoft-graph-from-a-c-net-core-application/

[3] Microsoft Graph Documentation to Create User :

https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=cs

 

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: