Create a new user.
The request body contains the user to create. At a minimum, you must specify the required properties for the user. You can optionally specify any other writable properties.
In the request body, supply a JSON representation of user object.
The following table lists the properties that are required when you create a user. If you're including an identities property for the user you're creating, not all the properties listed are required. For a social identity, none of the properties are required.
Parameter
Type
Description
accountEnabled
Boolean
true if the account is enabled; otherwise, false.
displayName
String
The name to display in the address book for the user.
onPremisesImmutableId
String
Required only when creating a new user account if you are using a federated domain for the user's userPrincipalName (UPN) property.
The user principal name (someuser@contoso.com). It's an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. The verified domains for the tenant can be accessed from the verifiedDomains property of organization. NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies.
Because the user resource supports extensions, you can use the POST operation and add custom properties with your own data to the user instance while creating it.
Note
Federated users created via this API are forced to sign in every 12 hours by default. For information about how to change this, see Exceptions for token lifetimes.
Response
If successful, this method returns 201 Created response code and user object in the response body.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new User
{
AccountEnabled = true,
DisplayName = "Adele Vance",
MailNickname = "AdeleV",
UserPrincipalName = "AdeleV@contoso.com",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "xWwvJ]6NMw+bWH-d",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User user = new User();
user.setAccountEnabled(true);
user.setDisplayName("Adele Vance");
user.setMailNickname("AdeleV");
user.setUserPrincipalName("AdeleV@contoso.com");
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.setForceChangePasswordNextSignIn(true);
passwordProfile.setPassword("xWwvJ]6NMw+bWH-d");
user.setPasswordProfile(passwordProfile);
User result = graphClient.users().post(user);
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.user import User
from msgraph.generated.models.password_profile import PasswordProfile
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = User(
account_enabled = True,
display_name = "Adele Vance",
mail_nickname = "AdeleV",
user_principal_name = "AdeleV@contoso.com",
password_profile = PasswordProfile(
force_change_password_next_sign_in = True,
password = "xWwvJ]6NMw+bWH-d",
),
)
result = await graph_client.users.post(request_body)
Example 2: Create a user with social and local account identities
Create a new user, with a local account identity with a sign-in name, an email address as sign-in, and with a social identity. This example is typically used for migration scenarios in B2C tenants.
Note
For local account identities, password expirations must be disabled, and force change password at next sign-in must also be disabled.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new User
{
DisplayName = "John Smith",
Identities = new List<ObjectIdentity>
{
new ObjectIdentity
{
SignInType = "userName",
Issuer = "contoso.com",
IssuerAssignedId = "johnsmith",
},
new ObjectIdentity
{
SignInType = "emailAddress",
Issuer = "contoso.com",
IssuerAssignedId = "jsmith@yahoo.com",
},
new ObjectIdentity
{
SignInType = "federated",
Issuer = "facebook.com",
IssuerAssignedId = "5eecb0cd",
},
},
PasswordProfile = new PasswordProfile
{
Password = "password-value",
ForceChangePasswordNextSignIn = false,
},
PasswordPolicies = "DisablePasswordExpiration",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User user = new User();
user.setDisplayName("John Smith");
LinkedList<ObjectIdentity> identities = new LinkedList<ObjectIdentity>();
ObjectIdentity objectIdentity = new ObjectIdentity();
objectIdentity.setSignInType("userName");
objectIdentity.setIssuer("contoso.com");
objectIdentity.setIssuerAssignedId("johnsmith");
identities.add(objectIdentity);
ObjectIdentity objectIdentity1 = new ObjectIdentity();
objectIdentity1.setSignInType("emailAddress");
objectIdentity1.setIssuer("contoso.com");
objectIdentity1.setIssuerAssignedId("jsmith@yahoo.com");
identities.add(objectIdentity1);
ObjectIdentity objectIdentity2 = new ObjectIdentity();
objectIdentity2.setSignInType("federated");
objectIdentity2.setIssuer("facebook.com");
objectIdentity2.setIssuerAssignedId("5eecb0cd");
identities.add(objectIdentity2);
user.setIdentities(identities);
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.setPassword("password-value");
passwordProfile.setForceChangePasswordNextSignIn(false);
user.setPasswordProfile(passwordProfile);
user.setPasswordPolicies("DisablePasswordExpiration");
User result = graphClient.users().post(user);