创建用户
本文内容
命名空间:microsoft.graph
创建新 用户 。
请求正文包含要创建的用户。 至少必须指定必需的用户属性。 可以选择指定其他任意可写属性。
此 API 可用于以下国家级云部署 。
全局服务
美国政府 L4
美国政府 L5 (DOD)
由世纪互联运营的中国
✅
✅
✅
✅
权限
要调用此 API,需要以下权限之一。 若要了解详细信息,包括如何选择权限的信息,请参阅权限 。
权限类型
权限(从最低特权到最高特权)
委派(工作或学校帐户)
User.ReadWrite.All、Directory.ReadWrite.All
委派(个人 Microsoft 帐户)
不支持。
应用程序
User.ReadWrite.All、Directory.ReadWrite.All
HTTP 请求
POST /users
标头
值
Authorization
持有者 {token}。 必填。 详细了解 身份验证和授权 。
Content-Type
application/json
请求正文
在请求正文中,提供 user 对象的 JSON 表示形式。
下表列出了创建用户时所需的属性。 如果要为正在创建的用户包括 identities 属性,并非所有列出的属性都是必需的。 对于社交标识,则无需任何属性。
参数
类型
说明
accountEnabled
Boolean
启用此帐户时为 true,否则为 false。
displayName
String
要在用户的通讯簿中显示的名称。
onPremisesImmutableId
String
仅当将联合域用于用户的 userPrincipalName (UPN) 属性时,才需要创建新用户帐户。
mailNickname
String
用户的邮件别名。
passwordProfile
PasswordProfile 用户的密码配置文件。
userPrincipalName
String
用户主体名称 (someuser@contoso.com) 。 它是基于 Internet 标准 RFC 822 的用户的 Internet 样式登录名。 按照惯例,此名称应映射到用户的电子邮件名称。 常规格式是 alias@domain,其中 domain 必须位于租户的已验证域集合中。 可从 组织 的 verifiedDomains 属性访问租户的已验证域。 A - Z、a - z、0 - 9、 ' . - _ ! # ^ ~。 有关允许字符的完整列表,请参阅用户名策略 。
由于用户 资源支持扩展 ,因此可以使用 POST 操作,并在创建用户实例时向其添加含有自己的数据的自定义属性。
注意
默认情况下,通过此 API 创建的联合用户必须每 12 小时登录一次。 有关如何更改此项的信息,请参阅 令牌生存期的异常 。
响应
如果成功,此方法在响应正文中返回 201 Created 响应代码和 user 对象。
示例
示例 1:创建用户
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
{
"accountEnabled": true,
"displayName": "Adele Vance",
"mailNickname": "AdeleV",
"userPrincipalName": "AdeleV@contoso.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new User
{
AccountEnabled = true,
DisplayName = "Adele Vance",
MailNickname = "AdeleV",
UserPrincipalName = "AdeleV@contoso.com",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "xWwvJ]6NMw+bWH-d",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users.PostAsync(requestBody);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc users create --body '{\
"accountEnabled": true,\
"displayName": "Adele Vance",\
"mailNickname": "AdeleV",\
"userPrincipalName": "AdeleV@contoso.com",\
"passwordProfile" : {\
"forceChangePasswordNextSignIn": true,\
"password": "xWwvJ]6NMw+bWH-d"\
}\
}\
'
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUser()
accountEnabled := true
requestBody.SetAccountEnabled(&accountEnabled)
displayName := "Adele Vance"
requestBody.SetDisplayName(&displayName)
mailNickname := "AdeleV"
requestBody.SetMailNickname(&mailNickname)
userPrincipalName := "AdeleV@contoso.com"
requestBody.SetUserPrincipalName(&userPrincipalName)
passwordProfile := graphmodels.NewPasswordProfile()
forceChangePasswordNextSignIn := true
passwordProfile.SetForceChangePasswordNextSignIn(&forceChangePasswordNextSignIn)
password := "xWwvJ]6NMw+bWH-d"
passwordProfile.SetPassword(&password)
requestBody.SetPasswordProfile(passwordProfile)
users, err := graphClient.Users().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User user = new User();
user.setAccountEnabled(true);
user.setDisplayName("Adele Vance");
user.setMailNickname("AdeleV");
user.setUserPrincipalName("AdeleV@contoso.com");
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.setForceChangePasswordNextSignIn(true);
passwordProfile.setPassword("xWwvJ]6NMw+bWH-d");
user.setPasswordProfile(passwordProfile);
User result = graphClient.users().post(user);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
const options = {
authProvider,
};
const client = Client.init(options);
const user = {
accountEnabled: true,
displayName: 'Adele Vance',
mailNickname: 'AdeleV',
userPrincipalName: 'AdeleV@contoso.com',
passwordProfile: {
forceChangePasswordNextSignIn: true,
password: 'xWwvJ]6NMw+bWH-d'
}
};
await client.api('/users')
.post(user);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\User;
use Microsoft\Graph\Generated\Models\PasswordProfile;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new User();
$requestBody->setAccountEnabled(true);
$requestBody->setDisplayName('Adele Vance');
$requestBody->setMailNickname('AdeleV');
$requestBody->setUserPrincipalName('AdeleV@contoso.com');
$passwordProfile = new PasswordProfile();
$passwordProfile->setForceChangePasswordNextSignIn(true);
$passwordProfile->setPassword('xWwvJ]6NMw+bWH-d');
$requestBody->setPasswordProfile($passwordProfile);
$result = $graphServiceClient->users()->post($requestBody)->wait();
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
Import-Module Microsoft.Graph.Users
$params = @{
accountEnabled = $true
displayName = "Adele Vance"
mailNickname = "AdeleV"
userPrincipalName = "AdeleV@contoso.com"
passwordProfile = @{
forceChangePasswordNextSignIn = $true
password = "xWwvJ]6NMw+bWH-d"
}
}
New-MgUser -BodyParameter $params
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
from msgraph import GraphServiceClient
from msgraph.generated.models.user import User
from msgraph.generated.models.password_profile import PasswordProfile
graph_client = GraphServiceClient(credentials, scopes)
request_body = User(
account_enabled = True,
display_name = "Adele Vance",
mail_nickname = "AdeleV",
user_principal_name = "AdeleV@contoso.com",
password_profile = PasswordProfile(
force_change_password_next_sign_in = True,
password = "xWwvJ]6NMw+bWH-d",
),
)
result = await graph_client.users.post(request_body)
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
在请求正文中,提供 user 对象的 JSON 表示形式。
响应
以下示例显示了相应的响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com"
}
示例 2:创建具有社交和本地帐户标识的用户
创建一个新用户,该用户具有本地帐户标识(以登录名和电子邮件地址为登录凭据),并且具有社交标识。 此示例通常用于 B2C 租户中的迁移方案。
注意
对于本地帐户标识,必须禁用密码过期,并且还必须禁用下次登录时强制更改密码。
请求
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
{
"displayName": "John Smith",
"identities": [
{
"signInType": "userName",
"issuer": "contoso.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
],
"passwordProfile" : {
"password": "password-value",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new User
{
DisplayName = "John Smith",
Identities = new List<ObjectIdentity>
{
new ObjectIdentity
{
SignInType = "userName",
Issuer = "contoso.com",
IssuerAssignedId = "johnsmith",
},
new ObjectIdentity
{
SignInType = "emailAddress",
Issuer = "contoso.com",
IssuerAssignedId = "jsmith@yahoo.com",
},
new ObjectIdentity
{
SignInType = "federated",
Issuer = "facebook.com",
IssuerAssignedId = "5eecb0cd",
},
},
PasswordProfile = new PasswordProfile
{
Password = "password-value",
ForceChangePasswordNextSignIn = false,
},
PasswordPolicies = "DisablePasswordExpiration",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users.PostAsync(requestBody);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc users create --body '{\
"displayName": "John Smith",\
"identities": [\
{\
"signInType": "userName",\
"issuer": "contoso.com",\
"issuerAssignedId": "johnsmith"\
},\
{\
"signInType": "emailAddress",\
"issuer": "contoso.com",\
"issuerAssignedId": "jsmith@yahoo.com"\
},\
{\
"signInType": "federated",\
"issuer": "facebook.com",\
"issuerAssignedId": "5eecb0cd"\
}\
],\
"passwordProfile" : {\
"password": "password-value",\
"forceChangePasswordNextSignIn": false\
},\
"passwordPolicies": "DisablePasswordExpiration"\
}\
'
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUser()
displayName := "John Smith"
requestBody.SetDisplayName(&displayName)
objectIdentity := graphmodels.NewObjectIdentity()
signInType := "userName"
objectIdentity.SetSignInType(&signInType)
issuer := "contoso.com"
objectIdentity.SetIssuer(&issuer)
issuerAssignedId := "johnsmith"
objectIdentity.SetIssuerAssignedId(&issuerAssignedId)
objectIdentity1 := graphmodels.NewObjectIdentity()
signInType := "emailAddress"
objectIdentity1.SetSignInType(&signInType)
issuer := "contoso.com"
objectIdentity1.SetIssuer(&issuer)
issuerAssignedId := "jsmith@yahoo.com"
objectIdentity1.SetIssuerAssignedId(&issuerAssignedId)
objectIdentity2 := graphmodels.NewObjectIdentity()
signInType := "federated"
objectIdentity2.SetSignInType(&signInType)
issuer := "facebook.com"
objectIdentity2.SetIssuer(&issuer)
issuerAssignedId := "5eecb0cd"
objectIdentity2.SetIssuerAssignedId(&issuerAssignedId)
identities := []graphmodels.ObjectIdentityable {
objectIdentity,
objectIdentity1,
objectIdentity2,
}
requestBody.SetIdentities(identities)
passwordProfile := graphmodels.NewPasswordProfile()
password := "password-value"
passwordProfile.SetPassword(&password)
forceChangePasswordNextSignIn := false
passwordProfile.SetForceChangePasswordNextSignIn(&forceChangePasswordNextSignIn)
requestBody.SetPasswordProfile(passwordProfile)
passwordPolicies := "DisablePasswordExpiration"
requestBody.SetPasswordPolicies(&passwordPolicies)
users, err := graphClient.Users().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User user = new User();
user.setDisplayName("John Smith");
LinkedList<ObjectIdentity> identities = new LinkedList<ObjectIdentity>();
ObjectIdentity objectIdentity = new ObjectIdentity();
objectIdentity.setSignInType("userName");
objectIdentity.setIssuer("contoso.com");
objectIdentity.setIssuerAssignedId("johnsmith");
identities.add(objectIdentity);
ObjectIdentity objectIdentity1 = new ObjectIdentity();
objectIdentity1.setSignInType("emailAddress");
objectIdentity1.setIssuer("contoso.com");
objectIdentity1.setIssuerAssignedId("jsmith@yahoo.com");
identities.add(objectIdentity1);
ObjectIdentity objectIdentity2 = new ObjectIdentity();
objectIdentity2.setSignInType("federated");
objectIdentity2.setIssuer("facebook.com");
objectIdentity2.setIssuerAssignedId("5eecb0cd");
identities.add(objectIdentity2);
user.setIdentities(identities);
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.setPassword("password-value");
passwordProfile.setForceChangePasswordNextSignIn(false);
user.setPasswordProfile(passwordProfile);
user.setPasswordPolicies("DisablePasswordExpiration");
User result = graphClient.users().post(user);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
const options = {
authProvider,
};
const client = Client.init(options);
const user = {
displayName: 'John Smith',
identities: [
{
signInType: 'userName',
issuer: 'contoso.com',
issuerAssignedId: 'johnsmith'
},
{
signInType: 'emailAddress',
issuer: 'contoso.com',
issuerAssignedId: 'jsmith@yahoo.com'
},
{
signInType: 'federated',
issuer: 'facebook.com',
issuerAssignedId: '5eecb0cd'
}
],
passwordProfile: {
password: 'password-value',
forceChangePasswordNextSignIn: false
},
passwordPolicies: 'DisablePasswordExpiration'
};
await client.api('/users')
.post(user);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\User;
use Microsoft\Graph\Generated\Models\ObjectIdentity;
use Microsoft\Graph\Generated\Models\PasswordProfile;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new User();
$requestBody->setDisplayName('John Smith');
$identitiesObjectIdentity1 = new ObjectIdentity();
$identitiesObjectIdentity1->setSignInType('userName');
$identitiesObjectIdentity1->setIssuer('contoso.com');
$identitiesObjectIdentity1->setIssuerAssignedId('johnsmith');
$identitiesArray []= $identitiesObjectIdentity1;
$identitiesObjectIdentity2 = new ObjectIdentity();
$identitiesObjectIdentity2->setSignInType('emailAddress');
$identitiesObjectIdentity2->setIssuer('contoso.com');
$identitiesObjectIdentity2->setIssuerAssignedId('jsmith@yahoo.com');
$identitiesArray []= $identitiesObjectIdentity2;
$identitiesObjectIdentity3 = new ObjectIdentity();
$identitiesObjectIdentity3->setSignInType('federated');
$identitiesObjectIdentity3->setIssuer('facebook.com');
$identitiesObjectIdentity3->setIssuerAssignedId('5eecb0cd');
$identitiesArray []= $identitiesObjectIdentity3;
$requestBody->setIdentities($identitiesArray);
$passwordProfile = new PasswordProfile();
$passwordProfile->setPassword('password-value');
$passwordProfile->setForceChangePasswordNextSignIn(false);
$requestBody->setPasswordProfile($passwordProfile);
$requestBody->setPasswordPolicies('DisablePasswordExpiration');
$result = $graphServiceClient->users()->post($requestBody)->wait();
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
Import-Module Microsoft.Graph.Users
$params = @{
displayName = "John Smith"
identities = @(
@{
signInType = "userName"
issuer = "contoso.com"
issuerAssignedId = "johnsmith"
}
@{
signInType = "emailAddress"
issuer = "contoso.com"
issuerAssignedId = "jsmith@yahoo.com"
}
@{
signInType = "federated"
issuer = "facebook.com"
issuerAssignedId = "5eecb0cd"
}
)
passwordProfile = @{
password = "password-value"
forceChangePasswordNextSignIn = $false
}
passwordPolicies = "DisablePasswordExpiration"
}
New-MgUser -BodyParameter $params
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
from msgraph import GraphServiceClient
from msgraph.generated.models.user import User
from msgraph.generated.models.object_identity import ObjectIdentity
from msgraph.generated.models.password_profile import PasswordProfile
graph_client = GraphServiceClient(credentials, scopes)
request_body = User(
display_name = "John Smith",
identities = [
ObjectIdentity(
sign_in_type = "userName",
issuer = "contoso.com",
issuer_assigned_id = "johnsmith",
),
ObjectIdentity(
sign_in_type = "emailAddress",
issuer = "contoso.com",
issuer_assigned_id = "jsmith@yahoo.com",
),
ObjectIdentity(
sign_in_type = "federated",
issuer = "facebook.com",
issuer_assigned_id = "5eecb0cd",
),
],
password_profile = PasswordProfile(
password = "password-value",
force_change_password_next_sign_in = False,
),
password_policies = "DisablePasswordExpiration",
)
result = await graph_client.users.post(request_body)
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
响应
以下示例显示了相应的响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"displayName": "John Smith",
"id": "4c7be08b-361f-41a8-b1ef-1712f7a3dfb2",
"identities": [
{
"signInType": "userName",
"issuer": "contoso.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
],
"passwordPolicies": "DisablePasswordExpiration"
}
相关内容