Reputation: 91
Microsoft Graph Api-Change Password
I have created Users in Azure AD and with the help of Microsoft graph api trying to change the password of users but getting error message as admin rights required. Help is appreciated
Upvotes: 4
Views: 12276
Answers (4)
Reputation: 355
In order to change password you need to give your application the role of "Help Desk Administrator" which has to be done through windows powershell .
These are the sequence of commands to be typed in Windows Power shell to give your app the role of Help Desk administrator.
Install-Module MSOnlineInstall-Module AzureADConnect-MsolService(after this you will be prompted to login , the user logged in should be a global administrator)Connect-AzureAD(after this you will be prompted to login , the user logged in should be a global administrator)$tenantID= "yourtenantid"$appID = "your app id"$myAp = Get-MsolServicePrincipal -AppPrincipalId $appID -TenantID $tenantID$objectId = $myAp.ObjectIdAdd-MsolRoleMember -RoleName "Helpdesk Administrator" -RoleMemberType ServicePrincipal
- RoleMemberObjectId $objectId
After doing all these steps then if you do
POST https://graph.microsoft.com/v1.0/me/changePassword
Content-Type: application/json
{
"currentPassword": "Test1234!",
"newPassword": "Test5678!"
}
then the password will be successfully updated !
Upvotes: 0
Reputation: 21
the user who create the application, or user in the application, must assign as "user administrator" in role setting.
Upvotes: 2
Reputation: 427
{
"passwordProfile": {
"forceChangePasswordNextSignIn": false,
"password": "newPassword"
}
}Try doing a patch and changed the attribute. This also worked for me in the past.
Upvotes: 5
Reputation: 27538
I'm not sure which api you are using , Azure AD Graph API or Microsoft Graph api . But no mater which api , the change password operation is used for the signed-in user to change their own password :
microsoft graph api :
POST https://graph.microsoft.com/v1.0/me/changePassword
Content-Type: application/json
{
"currentPassword": "Test1234!",
"newPassword": "Test5678!"
}
Azure AD Graph api :
POST https://graph.windows.net/me/changePassword?api-version=1.6
Content-Type: application/json
{
"currentPassword": "138122cC@",
"newPassword": "138122c@"
}
Please refer to document : https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/functions-and-actions#changePassword
Note: This action can only be called on the signed-in user. In addition to addressing the operation by using the me alias as shown below, you can use /users//changePassword or /users/userPrincipalName/changePassword, but if you use these addressing modes, the target user must be the signed-in user.
If target user isn't the signed-in user , it will throw error :Access to change password operation is denied.
Upvotes: 3
Related Questions
- Graph API to change another users password
- How to update the password of user in azure ad using graph api
- Change user password using Microsoft.Azure.ActiveDirectory.GraphClient
- Cannot update Azure AD password with Microsoft Graph API
- Change password using Graph API (Azure AD B2C)
- Azure AD B2C Connected user change password with Graph AD API
- Change Password for Azure AD using Microsoft Graph
- Change Azure AD B2C User Password with Graph API
- Resetting a user's password
- Changing expired password(s) using Azure Graph API