Unable to restore a deleted user with graph API

Yasitha Pandithawatta 141 Reputation points
2024-05-20T07:01:27.64+00:00

I am trying to restore a deleted user via graph API. I am following the documentation here: https://learn.microsoft.com/en-us/graph/api/directory-deleteditems-restore?view=graph-rest-1.0&tabs=http

I have created an azure application and add User.ReadWrite.All application permissions and already authorize the app with global admin. I have generated the access token and I can see User.ReadWrite.All permission exists in the token roles.

When I request POST https://graph.microsoft.com/v1.0/directory/deletedItems/<user-id>/restore
I get below response.

{

"error": {

"code": "Authorization_RequestDenied",

"message": "Insufficient privileges to complete the operation.",

"innerError": {

"date": "2024-05-20T06:55:15",

"request-id": "43e68cc6-9b45-4625-8fcc-e88cb4353ce9",

"client-request-id": "43e68cc6-9b45-4625-8fcc-e88cb4353ce9"

}

}

}

I even tried with adding Directory.ReadWrite.All application permission to the app, but failed with the same error. I have verified the deleted user object is exists with GET https://graph.microsoft.com/v1.0/directory/deletedItems/<user-id> and it's exists. What I am doing wrong here? Any other permissions or headers to add?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,097 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,500 questions
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 39,021 Reputation points
    2024-05-20T08:07:01.57+00:00

    Hi @Yasitha Pandithawatta

    Don't miss this description.

    User's image

    Restoring a deleted user is a sensitive operation that requires the user (delegated context) or service principal (app-only context) to have the administrator role. Did you grant the administrator role to the user or service principal before doing this?

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    0 comments No comments

0 additional answers

Sort by: Most helpful