Member: rs_oakford | Microsoft Community Hub

Recent Discussions

Unable to create Azure AD user using Graph API
Note I'm somewhat new to using the Graph API, so please forgive me (and correct me) if my terminology is wrong 👍 As I understand, https://docs.microsoft.com/en-us/graph/api/user-post-users documents that it should be possible for an Application to call the API and specifies the required permissions, headers and body to create a new Azure AD user account. Using PowerShell, I've tried a POST to both the v1.0 and beta endpoints with an authorization token that has the appropriate permissions assigned to create a new user account, but in both cases I see the following error: Invoke-RestMethod : The remote server returned an error: (400) Bad Request. The parameters I passed are a variation of those from https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-1-create-a-user (with the user principal name amended to have the appropriate suffix for the tenant in question, and a different password). When I run the following try { Invoke-RestMethod -Headers $header -Uri $uri -Method "POST" -Body $userparams -ErrorAction Stop } catch [System.Net.WebException] { if ($_.Exception.Response -eq $null) { throw } $streamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream()) $streamReader.BaseStream.Position = 0 $streamReader.ReadToEnd() | ConvertFrom-Json } I see the "(400) Bad Request" error is apparently due to an invalid passwordProfile: @{code=Request_BadRequest; message=Invalid property 'PasswordProfile'.; innerError=} Amending the properties of the passwordProfile object according to https://docs.micerosoft.com/en-us/graph/api/resources/passwordprofile?view=graph-rest-1.0 hasn't helped. If I entirely remove the passwordProfile parameter from the body of my POST I get a slight variation on the exception.response inasmuch as it says: @{code=Request_BadRequest; message=A password must be specified to create a new user.; innerError=} Having checked, I am also unable to create a new user account when using a Delegated (work or school account) to call the same API and specify the same headers and body, with the same resulting errors. Note, I am able to create a new user account using https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.users/new-mguser?view=graph-powershell-beta (version https://www.powershellgallery.com/packages/Microsoft.Graph.Users/1.9.2) using exactly the same body parameters, so I have hope that the parameters are defined correctly after all Can anyone help me understand what I need to do to be able to create users using the Graph API, ideally with Application permissions?
Solved
Jan 31, 2022 Place Microsoft Graph
Azure AD
Graph API
PowerShell
4.9KViews
0likes
1Comment
Universal Print volume add-on: Windows or Microsoft 365?
What is the difference between the following offers: Universal Print volume add-on (500 jobs) - Windows ( d3ddc493-5741-4e0d-a02d-07edbb0bb72e ) Universal Print volume add-on (500 jobs) - Microsoft 365 ( cb131356-45ee-4ae2-8537-873b706c8e75 )
Solved
Mar 31, 2021 Place Universal Print
Universal Print
volume add-on
3.8KViews
1like
3Comments
Manage Teams guest access
As I understand, Guest access for Microsoft Teams is currently off by default for any given tenant - see https://docs.microsoft.com/en-us/microsoftteams/set-up-guests. However, it's not clear whether a given tenant has Guest access setting set to "Off" instead of "Service default" based on the information and screenshot in https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-as-team#teams-guest-access-settings. 1. Is it possible to check whether a given tenant has Guest access disabled (Guest access setting is set to "Off" instead of "Service default") via PowerShell or using an API? As I'm managing hundreds of tenants, I would like to know a way to check this without having to sign into each Teams admin center individually. 2. If I do have to check this manually for each tenant, how do I distinguish in the Teams admin center whether the Guest access setting is set to "Off" instead of "Service default"? I realize I can check Guest access and disable it for individual Teams as shared in https://techcommunity.microsoft.com/t5/microsoft-teams/allow-or-block-guest-users-from-a-specific-team-in-microsoft/m-p/175918 - assuming this is still current. <# Configuration Change in Guest access for Microsoft Teams MC228482 Major update: Announcement started Applied To: All We're making some changes to the default setting for Guests in Microsoft Teams Beginning on February 8th, 2021, we are turning on Guest access in Microsoft Teams by default for any customers who have not configured this setting. This will bring Teams Guest capability into alignment with the rest of the suite, where the setting is already on by default. [Key Points:] • Timing: February 8th, 2021 • Admin control: Admin center UI • Action: Review and set appropriate configuration [How this will affect your organization:] When this change is implemented if you have not already configured Guest access capability in Microsoft Teams, that capability will be enabled in your tenant. With guest access enabled, you can provide access to teams and other resources to people outside your organization while maintaining control over your corporate data. [What you need to do to prepare:] Prior to this change taking effect on February 8th 2021, if you want Guest access to remain disabled for your organization, you will need to confirm that the Guest access setting is set to "Off" instead of "Service default". Instructions for how to configure the Teams guest access settings can be found here: Teams guest access settings [https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-as-team#teams-guest-access-settings] #>
Dec 07, 2020 Place Microsoft Teams
Guest Access
Microsoft Teams
PowerShell
2.9KViews
1like
2Comments
Updates to https://docs.microsoft.com/en-us/schooldatasync/ section
There doesn't seem to be an option to comment on the docs section https://docs.microsoft.com/en-us/schooldatasync/ as there is for example on https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-service-descriptions-technet-library. School Data Sync (SDS), https://docs.microsoft.com/en-us/schooldatasync/ (published date 09/30/2017) says: "School Data Sync (SDS) is a free service in Office 365 for Education that reads the school and roster data from a school's Student Information System (SIS). It creates Office 365 Groups for Exchange Online and SharePoint Online, class teams for Microsoft Teams and OneNote Class notebooks, school groups for Intune for Education, and rostering and SSO integration for many other third party applications." And https://docs.microsoft.com/en-us/schooldatasync/frequently-asked-questions (published data 04/15/2018) still say: School Data Sync is a free service in Office 365 Education that reads the rosters from your SIS, and creates classes for Microsoft Teams, Intune for Education, and third party applications. ... SDS allows you to automatically create Class Teams within Teams for Education (There are likely more references to SDS creating Teams that could be found) - perhaps someone could update these references in light of https://docs.microsoft.com/en-us/schooldatasync/whats-new-with-school-data-sync (published date 03/26/2020) and https://docs.microsoft.com/en-us/schooldatasync/improved-class-and-roster-sync-for-teams (published date 04/14/2020) to explain the difference between the ways Teams are provisioned for sync profiles created before and after 3/26/2020?
May 01, 2020 Place School Data Sync
Education
office 365
School Data Sync
870Views
0likes
0Comments
What's the difference between School Data Sync (Plan 1) and School Data Sync (Plan 2)?
https://docs.microsoft.com/en-us/schooldatasync/create-users-for-k12-and-hed#prerequisites-for-sds mentions among the "perquisites to enable SDS for user creation" are School Data Sync (Plan 1) or School Data Sync (Plan 2). Microsoft Partners have access to documents that explain Office 365 Education Plan A1 includes School Data Sync (Plan 1) while both Microsoft 365 and Office 365 Education Plan A3 and A5 include School Data Sync (Plan 2). However, I can't find any details about the differences between the SDS plans on: https://www.microsoft.com/en-us/microsoft-365/academic/compare-office-365-education-plans https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-education, which doesn't even mention SDS https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/microsoft-365-education https://www.microsoft.com/en-us/education/buy-license/microsoft365/ [EDIT] https://www.microsoft.com/en-gb/licensing/product-licensing/microsoft-365-enterprise?activetab=m365-enterprise:primaryr7 mentions "School Data Sync Plan 2 (plan details can be foundhere)" - but there are no details about the plan there Does anyone know what the distinction is between School Data Sync (Plan 1) and School Data Sync (Plan 2)?
Solved
May 01, 2020 Place School Data Sync
Education
microsoft 365
office 365
School Data Sync
4.3KViews
0likes
1Comment
Azure AD Connect service critical alert reported: dn-attributes-failure
[I sent an email to askaadconnecthealth@microsoft.com with the below content a few days ago but haven't heard back so decided to start a conversation here] As per the below synchronization errors email I have been receiving, there are three cloud-only Office 365 users with “Sign in ‎blocked” that were previously synched using Azure AD Connect. The accounts were previously moved out of the sync OU and when they appeared as deleted users in Office 365, were restored to keep their data intact. The AD users have since been deleted and cannot be restored. https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros There are no further error details other than the type: dn-attributes-failure There are no other sync errors and Azure AD Connect is showing success on all connector operations. I do not want to delete these accounts from Office 365. Could anyone please advise me to know which steps to take to resolve the issue causing these three accounts to be included in the report for synchronization errors? They are cloud-only and do not need to be synched with AD. Is it necessary to re-create the AD users in the sync OU and set their Office 365 account ImmutableID to sync and match their AD account (source anchor is objectGUID) so they do not get reported as sync errors? ----- From: Microsoft Azure [mailto:azure-noreply@microsoft.com] Sent: 02 September 2019 11:10 Subject: We detected synchronization errors in your directory There are synchronization errors in your directory. Azure AD Connect Sync errors detected You’re receiving this email because we have detected a critical alert on your Azure AD Connect service for errors that occurred while data was while synchronizing between your on- premises active directory and your Azure Active Directory. Title: Sync errors detected on your Azure AD Connect service Last export time: August 13, 2019 15:25 UTC Error count: 3 sync errors Service: [tenant].onmicrosoft.com Tenant: John Hanson School Report: To get more details, see Sync Error Report. To learn how to fix sync errors, see troubleshooting sync errors. If you have any feedback, please post it to the Azure Active Directory Feedback Forums or contact us for any questions. Privacy Statement Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
Sep 05, 2019 Place Microsoft Entra
Azure AD Connect
microsoft 365
18KViews
0likes
1Comment

User Profile

rs_oakford

User Widgets

Recent Discussions

Unable to create Azure AD user using Graph API

Universal Print volume add-on: Windows or Microsoft 365?

Manage Teams guest access

Updates to https://docs.microsoft.com/en-us/schooldatasync/ section

What's the difference between School Data Sync (Plan 1) and School Data Sync (Plan 2)?

Azure AD Connect service critical alert reported: dn-attributes-failure

Groups

Recent Blog Articles

Re: You can do more with OneNote for the web and in Teams

Re: SharePoint Roadmap Pitstop: December 2021

Re: 30 summer updates for OneNote and Class Notebooks

Re: 20 Amazing IT Admin Updates for Back to School!!

Re: 20 Amazing IT Admin Updates for Back to School!!

Re: New Meeting and Calling Experience in Microsoft Teams!

Re: New Meeting and Calling Experience in Microsoft Teams!

Re: New Meeting and Calling Experience in Microsoft Teams!

Re: New Meeting and Calling Experience in Microsoft Teams!

Re: Bringing OneDrive settings into SharePoint admin center for streamlined, centralized control