Unable to restore a deleted user with graph API

Question

I am trying to restore a deleted user via graph API. I am following the documentation here: https://learn.microsoft.com/en-us/graph/api/directory-deleteditems-restore?view=graph-rest-1.0&tabs=http

I have created an azure application and add User.ReadWrite.All application permissions and already authorize the app with global admin. I have generated the access token and I can see User.ReadWrite.All permission exists in the token roles.

When I request POST https://graph.microsoft.com/v1.0/directory/deletedItems/<user-id>/restore
I get below response.

{

"error": {

"code": "Authorization_RequestDenied",

"message": "Insufficient privileges to complete the operation.",

"innerError": {

"date": "2024-05-20T06:55:15",

"request-id": "43e68cc6-9b45-4625-8fcc-e88cb4353ce9",

"client-request-id": "43e68cc6-9b45-4625-8fcc-e88cb4353ce9"

}

}

}

I even tried with adding Directory.ReadWrite.All application permission to the app, but failed with the same error. I have verified the deleted user object is exists with GET https://graph.microsoft.com/v1.0/directory/deletedItems/<user-id> and it's exists. What I am doing wrong here? Any other permissions or headers to add?

Answer 1

Hi @Yasitha Pandithawatta

Don't miss this description.

Restoring a deleted user is a sensitive operation that requires the user (delegated context) or service principal (app-only context) to have the administrator role. Did you grant the administrator role to the user or service principal before doing this?

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.