Graph API - Delete User from AD Premission

Question

Graph API - Delete User from AD Premission

Shimon Zouzout 26

Hi,

I wrote a Python program that needs to delete user from my AD. I was following this guide -> https://learn.microsoft.com/en-us/python/api/overview/azure/graph-rbac?view=azure-python
When I perform ("graphrbac_client.users.delete('xxxxxx') ") delete command I'm getting "Insufficient privileges to complete the operation."
Which https://graph.windows.net/ API permission my app needs to pass that? (Im allredy granted "Directory.ReadWrite.All" , "Directory.AccessAsUser.All" permissions.

Thank you!

Itay Mesika 6 Reputation points

2021-01-31T10:01:08.257+00:00

I'm an engineer for many years, I read a lot of questions and this is the best question I have ever seen in my life.

I can feel the passion and that agony that you felt when writing this question, I can see your tears in my mind, wow!

I can't stop thinking about it, I wish that someone will solve it so I will be able to rest my mind again.

Accepted answer

0 additional answers

Your answer

Itay Mesika 6 Reputation points

2021-01-31T10:01:08.257+00:00

I'm an engineer for many years, I read a lot of questions and this is the best question I have ever seen in my life.

I can feel the passion and that agony that you felt when writing this question, I can see your tears in my mind, wow!

I can't stop thinking about it, I wish that someone will solve it so I will be able to rest my mind again.

Answer 1

VipulSparsh-MSFT 16,311 Microsoft Employee

@Shimon Zouzout Thanks for reaching out. If your application needs to call this action, without user interaction then you must have the following permission :
User.ReadWrite.All Also note that this needs Admin consent

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

Shimon Zouzout 26 Reputation points

2021-02-01T04:58:55.503+00:00

Hi, Thanks!
notice that I'm using https://graph.windows.net API and even though I've grant this permission but it still doesn't have the privilege.

In Azure Active Directory Graph I don't have permission named User.ReadWrite.All.
PS I've granted all API premmision and it still doesn't work.

do you have any other suggestions?
VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee

2021-02-01T06:49:25.623+00:00

AAD graph API cannot delete a user. you can have a look at the permission they have : https://learn.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-permission-scopes#directoryreadwriteall-privileges-detail

Reference : https://github.com/Azure/azure-sdk-for-node/issues/2280

Microsoft graph(graph.microsoft.com) however, has the capability to do so.
Shimon Zouzout 26 Reputation points

2021-02-01T06:59:45.933+00:00

But do Microsoft Graph have Python examples that use those services?
I found that guide without Python.
https://learn.microsoft.com/en-us/graph/api/user-delete?view=graph-rest-1.0&tabs=http

And If not, how can I create an authProvider instance in Python and make this API call?
VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee

2021-02-01T08:13:39.587+00:00

@Shimon Zouzout Here are few examples with MS graph and python : https://github.com/microsoftgraph/python-sample-auth
https://learn.microsoft.com/en-us/samples/microsoftgraph/python-sample-auth/python-authentication-samples-for-microsoft-graph/

They have examples for user profiles, try with delete.

Share via

Graph API - Delete User from AD Premission

0 additional answers

Your answer