DumontNZ
DumontNZ

Reputation: 43

Adding a Group as a member of a Group using Azure Graph API

I'm using Azure Graph API with Azure AD B2C and I'm trying to add a Group as a member of a Group

I have successfully preformed a range of other calls against Azure Graph API including adding a User as a Member of a Group.

This is the call I'm making URL:

POST https://graph.windows.net/{tenant}/groups/{groupId}/$links/members?api-version=1.6

Body:

{
    "url": "https://graph.windows.net/{tenant}/directoryObjects/{groupToAdd}"
}

I get the following error:

{
    "odata.error": {
        "code": "Request_BadRequest",
        "message": {
            "lang": "en",
            "value": "An invalid operation was included in the following modified references: 'members'."
        },
        "requestId": "2545d9bf-68c9-44bf-a9ba-1a2976e0c055",
        "date": "2019-09-11T03:11:37"
    }
}

The exact same call worked when using a User's ObjectId but using a Groups throws the error.

Maybe related, the "Group Memberships" is missing in Azure when viewing a Group MissingGroupMemberships

Update: When I first posted this question I was missing an important piece of information. This is Graph API calls against Azure Active Directory B2C

Upvotes: 0

Views: 585

Answers (2)

DumontNZ
DumontNZ

Reputation: 43

You cannot have nested Groups within Azure Active Directory B2C Instances

See: AAD B2C Limitations and restrictions

Nested group memberships aren't supported in Azure AD B2C tenants. There are no plans to add this capability.

Upvotes: 1

Joey Cai
Joey Cai

Reputation: 20127

the "Group Memberships" is missing in Azure when viewing a Group

In my site, the group Memberships still in Azure AD Group tab, I use the following code and it add Group as a member of a Group successfully.

https://graph.windows.net/tenantId/groups/securityGroupObjectId/$links/members  
{
    "url": "https://graph.windows.net/tenantId/groups/securityGroupObjectIdToAdd"
}

enter image description here

Note: Make sure securityGroupObjectIdToAdd is the correct objectId. Should be the objectId that is returned by az ad group list, which is different to the object ID that in the portal! Refer to this issue.

Upvotes: 0

Related Questions