无法更新本地掌握的目录同步对象或当前正在迁移的对象的指定属性
Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration
在 Azure AD 中将成员添加到组时出现问题,收到此错误消息:
Unable to update the specified properties for on-premises mastered
Directory Sync objects or objects currently undergoing migration
我正在尝试将 azure AD 的现有成员添加到现有组,但我得到的响应是 "Bad Request"。对于某些呼叫,updateasync 工作正常,但成员未添加到组中。我已经提供了我正在尝试解决错误的代码 below.Kindly 建议是否有人遇到过相同的问题并已解决 it.Thanks.
代码:-
IUser newUser = await GetUser(userKey);
Microsoft.Azure.ActiveDirectory.GraphClient.Group retrievedGroup = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
List<IGroup> foundGroups = null;
foundGroups = adClient.Groups
.Where(group => group.DisplayName.StartsWith(groupName))
.ExecuteAsync().Result.CurrentPage.ToList();
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
}
if (retrievedGroup.ObjectId != null)
{
retrievedGroup.Members.Add(newUser as DirectoryObject);
await retrievedGroup.UpdateAsync();
}
错误:-
{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."},"date":"2016-10-18T08:02:22","requestId":"c757689c-6135-4198-9e4d-6a7aaa1135e7","values":null}}
根据描述和错误消息,您正在使用 Azure Graph 客户端将成员添加到在本地创建的组。这是预期的,无法更新从本地同步到 Azure AD 的这些对象。
要为该类群组添加成员,我们需要在本地环境中操作,然后同步到Azure。
更新
使用 Azure AD Graph 客户端创建一个组并添加成员:
var client = GraphHelper.CreateGraphClient();
var group = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
group.DisplayName = "newGroup";
group.MailNickname = "newGroup";
group.MailEnabled = false;
group.SecurityEnabled = true;
await client.Groups.AddGroupAsync(group);
var newGroup = client.Groups.ExecuteAsync().Result.CurrentPage.First(a => a.DisplayName == "newGroup") as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
var user = client.Users.ExecuteAsync().Result.CurrentPage.First(u => u.DisplayName == "user2") as Microsoft.Azure.ActiveDirectory.GraphClient.DirectoryObject;
group.Members.Add(user);
await group.UpdateAsync();
public static ActiveDirectoryClient CreateGraphClient()
{
string accessToken = "";
string tenantId = "xxx.onmicrosoft.com";
string graphResourceId = "https://graph.windows.net";
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
return activeDirectoryClient;
}
在 Azure AD 中将成员添加到组时出现问题,收到此错误消息:
Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration
我正在尝试将 azure AD 的现有成员添加到现有组,但我得到的响应是 "Bad Request"。对于某些呼叫,updateasync 工作正常,但成员未添加到组中。我已经提供了我正在尝试解决错误的代码 below.Kindly 建议是否有人遇到过相同的问题并已解决 it.Thanks.
代码:-
IUser newUser = await GetUser(userKey);
Microsoft.Azure.ActiveDirectory.GraphClient.Group retrievedGroup = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
List<IGroup> foundGroups = null;
foundGroups = adClient.Groups
.Where(group => group.DisplayName.StartsWith(groupName))
.ExecuteAsync().Result.CurrentPage.ToList();
if (foundGroups != null && foundGroups.Count > 0)
{
retrievedGroup = foundGroups.First() as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
}
if (retrievedGroup.ObjectId != null)
{
retrievedGroup.Members.Add(newUser as DirectoryObject);
await retrievedGroup.UpdateAsync();
}
错误:-
{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."},"date":"2016-10-18T08:02:22","requestId":"c757689c-6135-4198-9e4d-6a7aaa1135e7","values":null}}
根据描述和错误消息,您正在使用 Azure Graph 客户端将成员添加到在本地创建的组。这是预期的,无法更新从本地同步到 Azure AD 的这些对象。
要为该类群组添加成员,我们需要在本地环境中操作,然后同步到Azure。
更新
使用 Azure AD Graph 客户端创建一个组并添加成员:
var client = GraphHelper.CreateGraphClient();
var group = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
group.DisplayName = "newGroup";
group.MailNickname = "newGroup";
group.MailEnabled = false;
group.SecurityEnabled = true;
await client.Groups.AddGroupAsync(group);
var newGroup = client.Groups.ExecuteAsync().Result.CurrentPage.First(a => a.DisplayName == "newGroup") as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
var user = client.Users.ExecuteAsync().Result.CurrentPage.First(u => u.DisplayName == "user2") as Microsoft.Azure.ActiveDirectory.GraphClient.DirectoryObject;
group.Members.Add(user);
await group.UpdateAsync();
public static ActiveDirectoryClient CreateGraphClient()
{
string accessToken = "";
string tenantId = "xxx.onmicrosoft.com";
string graphResourceId = "https://graph.windows.net";
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
return activeDirectoryClient;
}