Not able to create Azure AD user account with Service Principle login using Python Automation

0
votes

I am writing an Python automation code for creating user account in Azure. I am able to do login with this code.

from azure.cli.core import get_default_cli

get_default_cli().invoke(['login','--service-principal','-u','@*#*₹&@*@-269c-4fce-97f7-*******@*@&','-p','c0@*#L5oM&@₹₹"_@@~#@₹&~Kv42kZdfBA#**&@#*@SAp',
'--tenant', 'a@*#₹&@016-@#&537c-474*245628*#@38-9dasae-a0651d13₹@@#&*@79'])

But when I tried to create Azure user account with this service principal login I am getting "Insufficient Privileges to complete the operation" and not able to create user, and I have given all the permissions to that service principal.

Code for creating user account using Python.

get_default_cli().invoke(['ad', 'user', 'create','--user-principal-name', '[email protected]', '--display-name','student6123', 
    '--password','StudentP123@456'])

Is there something that I am missing? enter image description here

1
azureazure-devopsazure-active-directoryuser-accounts

1 Answers

1
votes

Firstly, you need to assign a role to the service principal.

Then grant the Azure AD Graph Application permission Directory.ReadWrite.All to the service principal. (please note it's not Microsoft Graph permission)

enter image description here

enter image description here

Now you have the required permission to create an Azure AD user.