CODEWITHSUNDEEP
pythonazure-active-directorymicrosoft-graph-apichange-password
S Andrew
S Andrew

Reputation: 7198

How to update password for guest users in azure ad using graph API.? Python

I have added few guest users and members in azure active directory. Members are those for which the username I have created for ex [email protected]. Guest users are like the one which are from lets say google, so I have added them as [email protected].

Now I have code which updates the password of the members. Below is the code:

# Getting token
r = requests.post("https://login.microsoftonline.com/" + config_data['TENANT'] + "/oauth2/token",
      data={"grant_type": "client_credentials",
            "client_secret": config_data['CLIENT_SECRET'],
            "client_id": config_data['CLIENT_ID'],
            "resource": config_data['RESOURCE']})
            
ret_body = r.json()
token = ret_body['access_token']

headers = {'Authorization': 'Bearer ' + token, 'Content-Type': 'application/json'}

user_data = {
    "accountEnabled": True,
    "userPrincipalName": "[email protected]",
    "passwordProfile": {
        "forceChangePasswordNextSignIn": False,
        "password": "<password>"
    }
}

jdata = json.dumps(user_data)

conn = http.client.HTTPSConnection('graph.microsoft.com')
conn.request("PATCH", "/v1.0/users/[email protected]", jdata, headers)
response = conn.getresponse()
data = response.read()

Above code works perfectly fine and I am able to update password for the members but it gives below error if I want to update password for guest users:

{
    "error": {
        "code": "Request_ResourceNotFound",
        "innerError": {
            "date": "2020-07-22T04:25:18",
            "request-id": "a6edf8e1-2256-4076-acc8-440607fa6119"
        },
        "message": "Resource '[email protected]' does not exist or one of its queried reference-property objects are not present."
    }
}

Can anyone please tell me what additional parameters I have to use in order to update password for guest users. Please help. Thanks

Screenshot of the app permission:

enter image description here

enter image description here

enter image description here

Screenshot of jwt.ms

enter image description here

Upvotes: 1

Views: 1374

Answers (1)

Carl Zhao
Carl Zhao

Reputation: 9519

First of all, you cannot use [email protected] as the request parameter, you should use Object ID as the request parameter(for guest users, object id is needed. Ordinary member users can use account names).

 PATCH  /v1.0/users/<your guest user Object id>

After my test, I found that using the correct request parameters to modify the guest user’s password, although there will be a correct response, but in fact, the password of the guest user still has not been modified. Therefore, in summary, you cannot change the guest user’s password. Because your AAD does not actually assign a password for this user.

A similar post here for your reference.

Upvotes: 1

Related Questions