Reputation: 43
I'm using Azure Graph API with Azure AD B2C and I'm trying to add a Group as a member of a Group
I have successfully preformed a range of other calls against Azure Graph API including adding a User as a Member of a Group.
This is the call I'm making URL:
POST https://graph.windows.net/{tenant}/groups/{groupId}/$links/members?api-version=1.6
Body:
{
"url": "https://graph.windows.net/{tenant}/directoryObjects/{groupToAdd}"
}
I get the following error:
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "An invalid operation was included in the following modified references: 'members'."
},
"requestId": "2545d9bf-68c9-44bf-a9ba-1a2976e0c055",
"date": "2019-09-11T03:11:37"
}
}
The exact same call worked when using a User's ObjectId but using a Groups throws the error.
Maybe related, the "Group Memberships" is missing in Azure when viewing a Group
Update: When I first posted this question I was missing an important piece of information. This is Graph API calls against Azure Active Directory B2C
Upvotes: 0
Views: 585
Reputation: 43
You cannot have nested Groups within Azure Active Directory B2C Instances
See: AAD B2C Limitations and restrictions
Nested group memberships aren't supported in Azure AD B2C tenants. There are no plans to add this capability.
Upvotes: 1
Reputation: 20127
the "Group Memberships" is missing in Azure when viewing a Group
In my site, the group Memberships still in Azure AD Group tab, I use the following code and it add Group as a member of a Group successfully.
https://graph.windows.net/tenantId/groups/securityGroupObjectId/$links/members
{
"url": "https://graph.windows.net/tenantId/groups/securityGroupObjectIdToAdd"
}
Note: Make sure securityGroupObjectIdToAdd
is the correct objectId. Should be the objectId that is returned by az ad group list
, which is different to the object ID that in the portal! Refer to this issue.
Upvotes: 0