Can we force password reset for other user's in AD for multiple time using graph api as of now on trying I get this error "error": { "code": "Authorization_RequestDenied","message": "Insufficient privileges to complete the ope" permisson}

Parag Patwardhan 0 Reputation points
2024-08-14T05:37:06.5+00:00

We have an integration by which we try to perform an action of force resetting a password of an user multiple time. For the newly created user it allows to reset the password once but after the the password is reset by the actual user on portal it does not allow to reset the password next attempt and runs into below error. We are using "User >> Update" graph endpoint for doing this.

User's image

We also saw similar case on stackoverflow - https://stackoverflow.com/questions/44313884/insufficient-privileges-for-password-reset

Is it something we can do with the graph api or any other way or microsoft does not offers such feasibility?

{
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "",
      "date": ""
    }
  }
}
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,891 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,469 questions
{count} votes

2 answers

Sort by: Most helpful
  1. CarlZhao-MSFT 41,291 Reputation points
    2024-08-14T05:55:32.3633333+00:00

    Hi @Parag Patwardhan

    If you are trying to update a user's password credentials, then you must follow that prerequisite.

    User's image

    Additionally, updating a user’s password is a sensitive action. If you are trying to update an administrator’s password, then the logged-in user/service principal should have a higher role than the target user.

    Please refer to who can perform sensitive actions: https://learn.microsoft.com/en-us/graph/api/resources/users?view=graph-rest-1.0#who-can-reset-passwords.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


  2. Navya 9,720 Reputation points Microsoft Vendor
    2024-08-23T09:33:19.05+00:00

    Hi @Parag Patwardhan

    Thank you for posting this in Microsoft Q&A.

    I understand that you want to reset password for other users.

    I attempted to execute the query PATCH https://graph.microsoft.com/v1.0/users/{id} in my environment and it successfully run the query.

    Required permissions: Directory.AccessAsUser.All, Directory.ReadWrite.All, User.ManagedIdentiites.All, User.readwrite.All.

    Please try to run this query in Graph Explorer.User's image

    You can use the following Graph API query to reset a user's password. This operation requires UserAuthenticationMethod.ReadWrite.All delegated permissions to execute.

    The ID of the password authentication method, referenced by {passwordMethods-id}, is always 28c10230-6103-485e-b985-444c60001490.

    POST https://graph.microsoft.com/v1.0/users/{user_id}/authentication/methods/{
    
    Content-type: application/json
    
    {
        "newPassword": "Cuyo5459"
    }
     
    
    
    

    User's image

    For your reference: https://learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=http

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.