Share via

Azure AD B2C creates groups with the same name using the Graph API

Dmytro 81 Reputation points
2022-10-04T15:45:42.443+00:00

Hello everyone!

I'm creating groups using the graphics API. I noticed that when creating groups, the graph does not check the group name for uniqueness and allows you to create several groups with the same name. Is there such a check when creating a group?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,104 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,716 questions
Accepted answer
  1. Olga Os - MSFT 5,841 Reputation points Microsoft Employee
    2022-10-04T19:27:58.7+00:00

    Hello @Dmytro ,

    Below some findings from my research:

    • You can register multiple applications/groups/etc with the same name in Azure AD, but those must have different IDs.
    • Group Creation: the displayName property isn't checked for uniqueness, unlike the mailNickname property. This is by design and not a bug. You can use the mailNickname property to enforce uniqueness.
      247526-image.png
      If you'd like to recommend it as a feature request, please post this at the Microsoft 365 Developer Platform ideas forum and other customers can amplify your voice.

    Reference: POST operation for group creates duplicate groups with same name

    Hope above answers your questions and concerns.

    --------------------------------------------------------

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    Sincerely,
    Olga Os

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dmytro 81 Reputation points
    2022-10-05T07:07:17.827+00:00

    Hello @Olga Os - MSFT !

    Thanks for your reply. It really cleared things up.
    This method works if I create an ms365 group and doesn't work if I create a security group. And I can't create a mail-enabled security group using the graph API !

    This looks strange. :)

    0 comments
  2. CarlZhao-MSFT 39,021 Reputation points
    2022-10-05T08:52:20.113+00:00

    Hi @Dmytro ,

    Neither MS 365 groups nor security groups should allow multiple creation with the same display name. I noticed that creating MS365 groups/security groups in Azure AD UI is limited by display name, so this is more like an unknown issue with graph api, I suggest you submit user voice feedback this issue.

    As for your statement that mail-enabled security groups cannot be created using the graph API, this is by design, and there is currently no support for creating and managing mail-enabled security groups using the graph api.

    247627-image.png

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Olga Os - MSFT 5,841 Reputation points Microsoft Employee
    2022-10-05T17:18:21.317+00:00

    Hello @CarlZhao-MSFT ,

    Depending on the group type some parameters could require/not require to be unique. => check there

    As example, M365 doesn't require the displayName to be unique.
    247767-image.png

    or mandatory for unique name for Mail-Enabled Security
    247836-image.png

    mandatory for unique name for Distribution Group

    247835-image.png

    Sincerely,
    Olga Os

    0 comments