添加成员
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
使用此 API 将成员 (用户、组或设备) 添加到管理单元,或在管理单元中创建新组。 可以在管理单元中创建所有 组类型 。
注意: 目前,一次只能向管理单位添加一个成员。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
添加现有用户、组或设备的权限
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
AdministrativeUnit.ReadWrite.All |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| Application |
AdministrativeUnit.ReadWrite.All |
若要将用户、组或设备添加到管理单元,必须为调用主体分配以下 Azure AD 角色之一:
创建新组的权限
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
Directory.ReadWrite.All |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| Application |
Directory.ReadWrite.All |
若要在管理单元中创建新组,必须为调用主体分配以下 Azure AD 角色之一:
HTTP 请求
以下请求将现有用户、组或设备添加到管理单元。
POST /administrativeUnits/{id}/members/$ref
以下请求在管理单元中创建一个新组。
POST /administrativeUnits/{id}/members
| 名称 |
说明 |
| Authorization |
Bearer {token}。必需。 |
| Content-type |
application/json. Required. |
添加现有用户或组
在请求正文中,提供 id 要添加的 用户、 组、 设备或 directoryObject 。
创建新组
下表显示了在管理单元中创建 组 时要指定的组资源的属性。
| 属性 |
类型 |
说明 |
| displayName |
string |
将在组的通讯簿中显示的名称。必填。 |
| 说明 |
string |
组说明。 可选。 |
| isAssignableToRole |
Boolean |
设置为 true 可以将组分配给 Azure AD 角色。 只有特权角色管理员和全局管理员才能设置此属性的值。 可选。 |
| mailEnabled |
布尔 |
对于已启用邮件的组,请设置为 true。 必需。 |
| mailNickname |
string |
组的邮件别名。 无法在 mailNickName 中使用这些字符:@()\[]";:.<>,SPACE。 必填。 |
| securityEnabled |
boolean |
对于启用安全机制的组(包括 Microsoft 365 组),请设置为 true。 必填。 |
| owners |
directoryObject collection |
此属性表示创建时指定的组所有者。可选。 |
| members |
directoryObject collection |
此属性表示创建时指定的组成员。可选。 |
| visibility |
String |
指定 Microsoft 365 组的可见性。 可能的值是:Private、Public、HiddenMembership 或空(解释为 Public)。 |
响应
如果成功,使用 $ref) 添加现有对象 (将返回 204 No Content 响应代码。 它不会在响应正文中返回任何内容。
在没有) 的情况下 $ref 创建新组 (时,此方法在响应正文中返回 201 Created 响应代码和 组 对象。 该响应仅包括组的默认属性。
示例
示例 1:添加现有用户或组
下面将向管理单元添加现有用户或组。
请求
下面展示了示例请求。
POST https://graph.microsoft.com/beta/administrativeUnits/{id}/members/$ref
Content-type: application/json
{
"@odata.id":"https://graph.microsoft.com/beta/groups/{id}"
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var directoryObject = new DirectoryObject
{
Id = "{id}"
};
await graphClient.AdministrativeUnits["{administrativeUnit-id}"].Members.References
.Request()
.AddAsync(directoryObject);
const options = {
authProvider,
};
const client = Client.init(options);
const directoryObject = {
'@odata.id':'https://graph.microsoft.com/beta/groups/{id}'
};
await client.api('/administrativeUnits/{id}/members/$ref')
.version('beta')
.post(directoryObject);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/administrativeUnits/{id}/members/$ref"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphDirectoryObject *directoryObject = [[MSGraphDirectoryObject alloc] init];
NSError *error;
NSData *directoryObjectData = [directoryObject getSerializedDataWithError:&error];
[urlRequest setHTTPBody:directoryObjectData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
DirectoryObject directoryObject = new DirectoryObject();
directoryObject.id = "{id}";
graphClient.administrativeUnits("{id}").members().references()
.buildRequest()
.post(directoryObject);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.New()
requestBody.SetAdditionalData(map[string]interface{}{
"@odata.id": "https://graph.microsoft.com/beta/groups/{id}",
}
administrativeUnitId := "administrativeUnit-id"
result, err := graphClient.AdministrativeUnitsById(&administrativeUnitId).Members().$ref().Post(requestBody)
Import-Module Microsoft.Graph.Identity.DirectoryManagement
$params = @{
"@odata.id" = "https://graph.microsoft.com/beta/groups/{id}"
}
New-MgAdministrativeUnitMemberByRef -AdministrativeUnitId $administrativeUnitId -BodyParameter $params
在请求正文中 id ,提供要添加的 用户、 组或 设备 对象。
响应
下面展示了示例响应。
HTTP/1.1 204 No Content
示例 2:创建新组
以下示例在管理单元中创建一个新组。
请求
下面展示了示例请求。
POST https://graph.microsoft.com/beta/administrativeUnits/{id}/members
Content-type: application/json
Content-length: 244
{
"@odata.type": "#Microsoft.Graph.Group",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"groupTypes": [
"Unified"
],
"mailEnabled": true,
"mailNickname": "golfassist",
"securityEnabled": false
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var directoryObject = new Group
{
Description = "Self help community for golf",
DisplayName = "Golf Assist",
GroupTypes = new List<String>()
{
"Unified"
},
MailEnabled = true,
MailNickname = "golfassist",
SecurityEnabled = false
};
await graphClient.AdministrativeUnits["{administrativeUnit-id}"].Members
.Request()
.AddAsync(directoryObject);
const options = {
authProvider,
};
const client = Client.init(options);
const directoryObject = {
'@odata.type': '#Microsoft.Graph.Group',
description: 'Self help community for golf',
displayName: 'Golf Assist',
groupTypes: [
'Unified'
],
mailEnabled: true,
mailNickname: 'golfassist',
securityEnabled: false
};
await client.api('/administrativeUnits/{id}/members')
.version('beta')
.post(directoryObject);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/administrativeUnits/{id}/members"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphDirectoryObject *directoryObject = [[MSGraphDirectoryObject alloc] init];
[directoryObject setDescription:@"Self help community for golf"];
[directoryObject setDisplayName:@"Golf Assist"];
NSMutableArray *groupTypesList = [[NSMutableArray alloc] init];
[groupTypesList addObject: @"Unified"];
[directoryObject setGroupTypes:groupTypesList];
[directoryObject setMailEnabled: true];
[directoryObject setMailNickname:@"golfassist"];
[directoryObject setSecurityEnabled: false];
NSError *error;
NSData *directoryObjectData = [directoryObject getSerializedDataWithError:&error];
[urlRequest setHTTPBody:directoryObjectData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
Group directoryObject = new Group();
directoryObject.description = "Self help community for golf";
directoryObject.displayName = "Golf Assist";
LinkedList<String> groupTypesList = new LinkedList<String>();
groupTypesList.add("Unified");
directoryObject.groupTypes = groupTypesList;
directoryObject.mailEnabled = true;
directoryObject.mailNickname = "golfassist";
directoryObject.securityEnabled = false;
graphClient.administrativeUnits("{id}").members()
.buildRequest()
.post(directoryObject);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.New()
requestBody.SetAdditionalData(map[string]interface{}{
"@odata.type": "#Microsoft.Graph.Group",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"groupTypes": []String {
"Unified",
}
"mailEnabled": true,
"mailNickname": "golfassist",
"securityEnabled": false,
}
administrativeUnitId := "administrativeUnit-id"
graphClient.AdministrativeUnitsById(&administrativeUnitId).Members().Post(requestBody)
在请求正文中,提供要添加的 组 对象的属性。
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#groups/$entity",
"id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T02:21:05Z",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "golfassist@contoso.com",
"mailEnabled": true,
"mailNickname": "golfassist",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:golfassist@contoso.onmicrosoft.com"
],
"renewedDateTime": "2018-12-22T02:21:05Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"securityIdentifier": "S-1-12-1-1753967289-1089268234-832641959-555555555",
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": []
}