Search code examples
asp.net-coremicrosoft-graph-apiasp.net-core-webapimicrosoft-entra-id

How can I create user with custom domain in Entra ID

I am trying to create a user in my Entra ID using Microsoft Graph. Its letting me create a user with my tenant domain but not with a custom domain. I tried Identities for custom domain then its giving error

Microsoft.Graph.Models.ODataErrors.ODataError: Property creationType is invalid.

I also saw similar issues here on stack overflow but they all ended up here cant find anything to fix creationType error

https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=csharp

I tried this on which which its saying

Property creationType is invalid.

var requestBody = new User
{
    DisplayName = "John Smith",
    Identities = new List<ObjectIdentity>
    {
        new ObjectIdentity
        {
            SignInType = "userName",
            Issuer = "contoso.com",
            IssuerAssignedId = "johnsmith",
        },
        new ObjectIdentity
        {
            SignInType = "emailAddress",
            Issuer = "contoso.com",
            IssuerAssignedId = "jsmith@yahoo.com",
        },
        new ObjectIdentity
        {
            SignInType = "federated",
            Issuer = "facebook.com",
            IssuerAssignedId = "5eecb0cd",
        },
    },
    PasswordProfile = new PasswordProfile
    {
        Password = "password-value",
        ForceChangePasswordNextSignIn = false,
    },
    PasswordPolicies = "DisablePasswordExpiration",
};

var result = await graphClient.Users.PostAsync(requestBody);

Also when I remove these objects, it says

Property accountEnabled value is required but is empty or missing

then MailNickname and then UserPrincipalName:

    new ObjectIdentity
    {
        SignInType = "userName",
        Issuer = "spectrumdevtest.onmicrosoft.com",
        IssuerAssignedId = "johnsmith",
    },
    new ObjectIdentity
    {
        SignInType = "federated",
        Issuer = "facebook.com",
        IssuerAssignedId = "5eecb0cd",
    },

I also added CreationType="LocalAccount" then its saying

Microsoft.Graph.Models.ODataErrors.ODataError: Name coexistence user creation is not enabled on tenant. paramName: company.DirectoryFeatures, paramValue: ,

Solution

  • When creating a user via Azure portal, we can choose to enter a unique username and select a domain from the menu after the @ symbol, so that we need to create a custom domain in advance. Using this Graph API to create custom domain then create user can solve OP's issue.

    ================================

    Each user we created in Azure Entra Id will display in the All Users and just like what you can see, user principle name can in these format username@tenantName.onmicrosoft.com which is for users created directly and userName_outlook.com#EXT#@tenantName.onmicrosoft.com.

    enter image description here

    We can use userName@outlook.com to sign into Azure portal and switch to target tenant if this account has accessibility to several tenants, but it is created a corresponding account userName_outlook.com#EXT#@tenantName.onmicrosoft.com essentially. The same for using Graph API to create user account.

    By the way, creating external account is using "invite feature" essentially.

    enter image description here