无法为本地已掌握的目录同步对象或当前正在迁移的对象更新指定的属性 [英] Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration

问题描述

在Azure AD中将成员添加到组的问题，得到此错误消息:

Issue with adding Member to group in Azure AD, getting this error message:

无法为已掌握的本地更新指定的属性目录同步对象或当前正在迁移的对象

Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration

我正在尝试将azure AD的现有成员添加到现有组，但是我收到的响应是错误请求".对于某些呼叫，updateasync工作正常，但未将成员添加到组中.我已经提供了我正在尝试解决的错误代码，请提示是否有人遇到过相同的错误并予以解决.

I am trying to add existing member of azure AD to a existing group,But I am getting response as "Bad Request". For some of the calls updateasync worked fine but member not added to group. I have provided my code that I am trying with the error I am getting below.Kindly suggest if any one has faced the same and resolved it.Thanks.

代码:-

 IUser newUser = await GetUser(userKey);
                Microsoft.Azure.ActiveDirectory.GraphClient.Group retrievedGroup = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
                List<IGroup> foundGroups = null;
                foundGroups = adClient.Groups
                         .Where(group => group.DisplayName.StartsWith(groupName))
                         .ExecuteAsync().Result.CurrentPage.ToList();
                if (foundGroups != null && foundGroups.Count > 0)
                {
                    retrievedGroup = foundGroups.First() as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
                }
                if (retrievedGroup.ObjectId != null)
                {
                    retrievedGroup.Members.Add(newUser as DirectoryObject);
                    await retrievedGroup.UpdateAsync();
                }

错误:-

{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."},"date":"2016-10-18T08:02:22","requestId":"c757689c-6135-4198-9e4d-6a7aaa1135e7","values":null}}

推荐答案

基于描述和错误消息，您正在使用Azure Graph客户端将成员添加到在本地创建的组中.这是预料之中的，它无法更新从本地同步到Azure AD的这些对象.

Based on the description and error message, you were using Azure Graph client to add members to group which created on-premises. This is expected, it is not able to update these objects which synced from on-premises to Azure AD.

要添加此类组的成员，我们需要在本地环境中对其进行操作，然后将其同步到Azure.

To add members for this kind group, we need to operate it in the on-premises environment and then sync it to Azure.

使用Azure AD Graph客户端创建组并添加成员:

Create a group and add the members using Azure AD Graph client:

var client = GraphHelper.CreateGraphClient();

var group = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
group.DisplayName = "newGroup";
group.MailNickname = "newGroup";
group.MailEnabled = false;
group.SecurityEnabled = true;
await client.Groups.AddGroupAsync(group);

var newGroup = client.Groups.ExecuteAsync().Result.CurrentPage.First(a => a.DisplayName == "newGroup") as Microsoft.Azure.ActiveDirectory.GraphClient.Group;

var user = client.Users.ExecuteAsync().Result.CurrentPage.First(u => u.DisplayName == "user2") as Microsoft.Azure.ActiveDirectory.GraphClient.DirectoryObject;

group.Members.Add(user);
await group.UpdateAsync();


public static ActiveDirectoryClient CreateGraphClient()
{
        string accessToken = "";
        string tenantId = "xxx.onmicrosoft.com"; 
        string graphResourceId = "https://graph.windows.net";

        Uri servicePointUri = new Uri(graphResourceId);
        Uri serviceRoot = new Uri(servicePointUri, tenantId);

        ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));

        return activeDirectoryClient;
}

这篇关于无法为本地已掌握的目录同步对象或当前正在迁移的对象更新指定的属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！