Update-MgUser Error

mitsu 81 Reputation points
2022-08-30T01:55:22.3+00:00

excuse me.
Please let me know the reason for the command error.
The purpose is to change the password.

PS C:\WINDOWS\system32> $params = @{

> PasswordProfile = @{
> ForceChangePasswordNextSignIn = $false
> Password = "Test_Test111"
> }
> }

PS C:\WINDOWS\system32> Update-MgUser -UserId "XXXXX@XXXXXXX.onmicrosoft.com" -BodyParameter $params

Update-MgUser : Insufficient privileges to complete the operation.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,006 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 105.7K Reputation points MVP
    2022-08-30T06:25:34.363+00:00

    As the error message suggests, you don't have permissions to update the password on said user. For this operation to succeed when run against a privileged (admin) user, you need to run it as a Global Administrator assigned the Directory.AccessAsUser.All permission.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. D. Brooks 15 Reputation points
    2023-06-09T14:30:16.36+00:00

    Thanks all for the help on this; I was looking for a way to run this as a one-off script and wanted to avoid having the application setup with delegated API permissions.

    The fix for me was to just add this at the top of my script.

    Connect-MgGraph -Scopes "Directory.AccessAsUser.All"

    Then authenticating with a global admin gave me the correct access.

    Here is my full script in-case anyone is looking for the same:

    # Install the required modules - if not already installed
    #Install-Module -Name Microsoft.Graph 
    
    Import-Module Microsoft.Graph.Users
    
    Connect-MgGraph -Scopes "Directory.AccessAsUser.All"
    
    # Import users from CSV
    $csvPath = "PATH\passwordReset.csv" #Containing Username and Password
    Import-Csv $csvPath | ForEach-Object {
    	$upn = $_."Username" + "@DOAMIN.org.uk"
    	$params = @{
    			passwordProfile = @{
    				forceChangePasswordNextSignIn = $true
    				password = $_."Password"
    			}
    			accountEnabled = $true
    		}
    	try {
    		Update-MgUser -UserId $upn -BodyParameter $params
    		Write-Host "Azure Password has been reset for: $upn"
    	} catch {
    		Write-Host "Failed to reset password for: $upn"
    		Write-Host $_.Exception.Message
    	}
    }
    
    3 people found this answer helpful.

  2. Schulz, James 10 Reputation points
    2023-01-27T20:29:24.8966667+00:00

    Directory.AccessAsUser.All does not exist. now what.

    1 person found this answer helpful.
    0 comments No comments

  3. Schulz, James 10 Reputation points
    2023-01-27T20:30:24.13+00:00

    Directory.AccessAsUser.All does not exist. now what?

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.