As the error message suggests, you don't have permissions to update the password on said user. For this operation to succeed when run against a privileged (admin) user, you need to run it as a Global Administrator assigned the Directory.AccessAsUser.All permission.
Update-MgUser Error
excuse me.
Please let me know the reason for the command error.
The purpose is to change the password.
PS C:\WINDOWS\system32> $params = @{
> PasswordProfile = @{
> ForceChangePasswordNextSignIn = $false
> Password = "Test_Test111"
> }
> }
PS C:\WINDOWS\system32> Update-MgUser -UserId "XXXXX@XXXXXXX.onmicrosoft.com" -BodyParameter $params
Update-MgUser : Insufficient privileges to complete the operation.
3 additional answers
Sort by: Most helpful
-
D. Brooks 15 Reputation points
2023-06-09T14:30:16.36+00:00 Thanks all for the help on this; I was looking for a way to run this as a one-off script and wanted to avoid having the application setup with delegated API permissions.
The fix for me was to just add this at the top of my script.
Connect-MgGraph -Scopes "Directory.AccessAsUser.All"
Then authenticating with a global admin gave me the correct access.
Here is my full script in-case anyone is looking for the same:
# Install the required modules - if not already installed #Install-Module -Name Microsoft.Graph Import-Module Microsoft.Graph.Users Connect-MgGraph -Scopes "Directory.AccessAsUser.All" # Import users from CSV $csvPath = "PATH\passwordReset.csv" #Containing Username and Password Import-Csv $csvPath | ForEach-Object { $upn = $_."Username" + "@DOAMIN.org.uk" $params = @{ passwordProfile = @{ forceChangePasswordNextSignIn = $true password = $_."Password" } accountEnabled = $true } try { Update-MgUser -UserId $upn -BodyParameter $params Write-Host "Azure Password has been reset for: $upn" } catch { Write-Host "Failed to reset password for: $upn" Write-Host $_.Exception.Message } }
-
Schulz, James 10 Reputation points
2023-01-27T20:29:24.8966667+00:00 Directory.AccessAsUser.All does not exist. now what.
-
Schulz, James 10 Reputation points
2023-01-27T20:30:24.13+00:00 Directory.AccessAsUser.All does not exist. now what?