Skip to content

Instantly share code, notes, and snippets.

@arnabdas

arnabdas/Microsoft-Graph-API_AzureAD-B2C_password-reset_user-delete.md

Last active October 25, 2019 07:48
Show Gist options
  • Save arnabdas/631d693594a6b130141844835a879b28 to your computer and use it in GitHub Desktop.
Save arnabdas/631d693594a6b130141844835a879b28 to your computer and use it in GitHub Desktop.
Download ZIP
Reset password or delete user in Azure Active Directory or B2C via Graph API
Raw
Microsoft-Graph-API_AzureAD-B2C_password-reset_user-delete.md

Microsoft Graph API Reset User Password

According to the documentation, we would need User.ReadWrite.All in Azure Active Directory Graph. But it's not present. And the only other option is to provide Company Administrator role to the app. Unfortunately this role can't be given via web site.

We would need a user in the directory, we want to reset password or delete user from. And at-least temporarily, this user needs to be Global Adminitrator. We didn't try with other roles, as this was a one time requirement. And once the task was done, we deleted the newly created user.

$Msolcred = Get-credential # login with the GA user
Connect-MsolService -Credential $Msolcred  
Get-MsolServicePrincipal | ft DisplayName, AppPrincipalId -AutoSize # this is not required, but to check the service principals only
$clientIdApp = '########-####-####-####-############' 
$webApp = Get-MsolServicePrincipal –AppPrincipalId $clientIdApp
Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType ServicePrincipal -RoleMemberObjectId $webApp.ObjectId

Taken from StackOverflow Answer

If Connect-MsolService does not work, please install MSOnline

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force -Scope CurrentUser
Install-Module MSOnline
Import-Module AzureAD
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment