重置用户密码 [英] Resetting a user's password
问题描述
我正在尝试找到一种通过非交互式登录在Azure Active Directory中重置用户密码(所有用户,而不仅仅是经过身份验证的用户)的解决方案.
I am trying to find a solution for resetting user's passwords (all users, not just the authenticated user) in Azure Active directory via a non-interactive login.
现在看来,这似乎只能通过powershell的MSOnline使用. Set-AzureADUserPassword cmdlet 使用服务主体登录名.
Right now it seems this is only available via powershell's MSOnline Set-AzureADUserPassword cmdlet using a Service Principal login.
我想找到一个使用API端点的解决方案,以便可以使用C#.我找到的最接近的解决方案是 Microsoft Graph API ,但设置完成后,我意识到我只能通过交互式登录和同意流程来重置密码.不允许通过非交互式.
I'd like to find a solution using an API Endpoint so I can use C#. The closest solutions I've found was Microsoft Graph API but after setting it up, I realized I can only reset the passwords via an interactive login and consent flow. It's not allowed via non-interactive.
我的下一个尝试是使用 Azure AD终结点,但我担心的是我看到的一条建议我们使用Microsoft graph API的消息.这是否意味着azure广告终结点将消失?
My next attempt is to use Azure AD endpoint but my concern is I am seeing the same message that recommends that we use the Microsoft graph API. Does this means azure ad endpoint will be going away?
是否有不使用PowerShell的推荐方法?
Is there a recommended approach without using PowerShell?
推荐答案
您可以更新用户的passwordProfile属性以重置用户密码:
You could update user's passwordProfile property to reset user's password :
PATCH https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}
Content-type: application/json
Authorization: bearer TOKEN
{
"passwordProfile":
{
"forceChangePasswordNextSignIn":false,
"password": "XXXXXXXXX"
}
}
作为文档:
更新passwordProfile属性时,需要以下权限:Directory.AccessAsUser.All.
When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.
Then you could use Resource Owner Flow as the requirement needs non-interactive login . To enable Directory.AccessAsUser.All delegate permission, you should :
-
在Azure AD应用的
Required permissions刀片中添加Microsoft Graph的Access directory as the signed in user权限:
Add Microsoft Graph's
Access directory as the signed in userpermission inRequired permissionsblade of your Azure AD app :
该权限需要管理员的同意,请用您的管理员帐户单击Grant Permissions按钮.
That permission needs admin consent , please click Grant Permissions button with your admin account .
然后,您可以使用资源所有者流来获取Microsoft Graph的访问令牌,Directory.AccessAsUser.All权限允许管理员更改您租户中另一个用户的密码.
Then you could use Resource Owner Flow to acquire access token for Microsoft Graph , Directory.AccessAsUser.All permission allows an Admin to change another user's password in your tenant .
这是否意味着天青的广告端点将消失?
Does this means azure ad endpoint will be going away?
当前,Microsoft Graph支持Azure AD Graph支持的大多数目录功能,但不是全部.请参阅 Microsoft Graph和Azure AD Graph
Currently , Microsoft Graph supports most of the directory features that Azure AD Graph supports, but not all. Please refer to Gaps between Microsoft Graph and Azure AD Graph
这篇关于重置用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
