Not able to create Azure AD user account with Service Principle login using Python Automation

Question

I am writing an Python automation code for creating user account in Azure. I am able to do login with this code.

from azure.cli.core import get_default_cli

get_default_cli().invoke(['login','--service-principal','-u','@*#*₹&@*@-269c-4fce-97f7-*******@*@&','-p','c0@*#L5oM&@₹₹"_@@~#@₹&~Kv42kZdfBA#**&@#*@SAp',
'--tenant', 'a@*#₹&@016-@#&537c-474*245628*#@38-9dasae-a0651d13₹@@#&*@79'])

But when I tried to create Azure user account with this service principal login I am getting "Insufficient Privileges to complete the operation" and not able to create user, and I have given all the permissions to that service principal.

Code for creating user account using Python.

get_default_cli().invoke(['ad', 'user', 'create','--user-principal-name', 'student6123@candlersstudent1gmail.onmicrosoft.com', '--display-name','student6123', 
    '--password','StudentP123@456'])

Is there something that I am missing?

Answer 1

Firstly, you need to assign a role to the service principal.

Then grant the Azure AD Graph Application permission Directory.ReadWrite.All to the service principal. (please note it's not Microsoft Graph permission)

Now you have the required permission to create an Azure AD user.