Search code examples
c#azure-active-directorymicrosoft-graph-apimicrosoft-graph-sdks

Can we create local account users with a gmail address?

We are using ADAL.Net to create users in Azure AD. using SinginNames, we can provide any email address (gmail or non-domain emails) as username to create Azure AD Local account.

when we try the same using Microsoft Graph (MSAL.Net), we are not able to create a user:

Code: Request_BadRequest
Message: Property userPrincipalName is invalid.

How can we create gmail address as the username using Microsoft Graph or the Microsoft Graph Client Library?

The newly created account should be local user account, not a guest user.

var user = new User
{
    AccountEnabled = true,
    DisplayName = "displayName-value",
    MailNickname = "mailNickname-value",
    UserPrincipalName = "vetrivelmp1@gmail.com",
    PasswordProfile = new PasswordProfile
    {
    ForceChangePasswordNextSignIn = true,
    Password = "Test123!@#"
    }
};

var graphClient = await _msGraphHelper.GetMsGraphClientAsync();
var createdUser = await graphClient
    .Users
    .Request()
    .AddAsync(user);
Solution

  • No You can not. You must have to request with tenant specific email following sample:

    Request URL: https://graph.microsoft.com/v1.0/users

    {
  "accountEnabled": true,
  "displayName": "KironTestDisplayName",
  "mailNickname": "KironTestNickName",
  "userPrincipalName": "KironTestingCreateUserWithMember@MyTenant.onmicrosoft.com",
  "userType":"guest",
  "passwordProfile" : {
    "forceChangePasswordNextSignIn": true,
    "password": "Test@pass420"
  }
}

    Points to Remember:

    1. Get the proper token in which tenant you are going to create user
    2. Need necessary request permission

    3. userPrincipalName should follow as UserName@tenant-value.onmicrosoft.com

    4. "userType":"guest" Or "Member" You can add

    Note: Mail should be like myUser@Mytenant.onmicrosoft.com Other then you would encounter 400 request error like Property userPrincipalName is invalid

    Your Case:

    If you wanted to create user using gmail account then request pattern need to be changed You have to request for invitation API like below:

    Request Url: https://graph.microsoft.com/v1.0/invitations

    Request Body:

    {
  "invitedUserEmailAddress": "TestGmailUser@gmailUser",
  "inviteRedirectUrl": "https://myapp.com"
}

    Response:

    enter image description here

    Note: If go to azure portal you would see you cannot add gmail user as domain member you add as guest user after invitation. So this why you need above request pattern. Hope you are clear now.

    Gmail User Add SDK:

    GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var invitation = new Invitation
{
    InvitedUserEmailAddress = "TestGmailUser@gmailUser",
    InviteRedirectUrl = "https://myapp.com"
};

await graphClient.Invitations
    .Request()
    .AddAsync(invitation);

    Azure Portal Verify:

    I have successfully added gmail user on my portal using above request. See the screen shot below:

    enter image description here