0
votes

My requirement is to create a group in Azure AD and add a service principal as an owner of that group through Graph API - While creating the group.

Reference Doc: https://docs.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http

With reference to the above document, i am able to create group but the response object shown is not allowing service principal to be added as an Owner.

Body :

{ "description": "Testing 123", "displayName": "SG-test-ei",

"mailEnabled": false, "mailNickname": "SGP-test-ei", "securityEnabled": true, "[email protected]": [

    "https://graph.microsoft.com/v1.0/users/qwbhty-cdd0-4c42-b857-5b8ce0ae6a9e"
],
"[email protected]": [
    "https://graph.microsoft.com/v1.0/users/7f3f587a-c40a-4a63-82b1-202f35c828ee"
]

}

Seems like, https://graph.microsoft.com/v1.0/users does not recognize ObjectID for a service principal.

My question is, what [email protected] or API i should use in the body to add service principal as an Owner to the security group in Azure AD.

1

1 Answers

0
votes

The example in the link uses /users.

POST https://graph.microsoft.com/v1.0/groups
Content-Type: application/json

{
  "description": "Group with designated owner and members",
  "displayName": "Operations group",
  "groupTypes": [
    "Unified"
  ],
  "mailEnabled": true,
  "mailNickname": "operations2019",
  "securityEnabled": false,
  "[email protected]": [
    "https://graph.microsoft.com/v1.0/users/26be1845-4119-4801-a799-aea79d09f1a2"
  ],
  "[email protected]": [
    "https://graph.microsoft.com/v1.0/users/ff7cb387-6688-423c-8188-3da9532a73cc",
    "https://graph.microsoft.com/v1.0/users/69456242-0067-49d3-ba96-9de6f2728e14"
  ]
}   

Replace this with /servicePrincipals like bellow:

"[email protected]": [
    "https://graph.microsoft.com/v1.0/servicePrincipals/00964c82-a7c2-4675-bbed-54bcf16328b3"
  ]