3
votes

I am trying to create a "LocalAccount" in a B2C domain via the Azure AD Graph API.

To do this I registered an app (via Azure Active Directory -> App registrations (legacy)) and add all permissions for "Windows Azure Active Directory".

The request to create the user is

add_user_json = {
    "accountEnabled": True,
    "creationType": "LocalAccount",
    "signInNames": [{
            "type": "emailAddress",
            "value": "test@email.com"
    },
    {
            "type": "emailAddress",
            "value": "test2@email.com"
    }],
    "displayName": user_id,
    "mailNickname": user_id,
    "passwordProfile": {
        "password": "aPassword",
        "forceChangePasswordNextLogin": "true"
    },
    "passwordPolicies": "DisablePasswordExpiration"
}

and the endpoint "https://graph.windows.net/{tenant}.onmicrosoft.com/users?api-version=1.6" (I tried "https://graph.windows.net/myorganization/users?api-version=1.6", too).

The error I get is "One or more properties contains invalid values."

Furthermore, if I create a new user via the sign up flow it is possible to create a local account.

Does anybody have an idea what I did wrong?

2

2 Answers

2
votes

The "One or more properties contains invalid values." error is occurring because a user object can't have more than one signInName entry of the same type.

0
votes

There's a really good utility here with the code to help you.

Look at the create example there

One obvious one is:

"forceChangePasswordNextLogin": "true"

This needs to be "false".