Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User delete async result "Insufficient privileges to complete the operation." #5

Closed
duongthaiha opened this issue Nov 3, 2014 · 5 comments

Comments

@duongthaiha
Copy link

@duongthaiha duongthaiha commented Nov 3, 2014

Hi I tried to example however i receive "Insufficient privileges to complete the operation."
I have set the the web application to have different type of permission even to have all of them(both read and write directory data). I can create user however can not delete the user. Any help is much appreciated. The code is original from the example

//*********************************************************************************************
// Delete the user that we just created
//*********************************************************************************************
if (userToBeAdded.ObjectId != null)
{
try
{
userToBeAdded.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", userToBeAdded.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}
if (newUser.ObjectId != null)
{
try
{
newUser.DeleteAsync().Wait();
Console.WriteLine("\nUser {0} was deleted", newUser.DisplayName);
}
catch (Exception e)
{
Console.WriteLine("Deleting User failed {0} {1}", e.Message,
e.InnerException != null ? e.InnerException.Message : "");
}
}

@pavankompelli

This comment has been minimized.

Copy link

@pavankompelli pavankompelli commented Nov 3, 2014

Read/write directory data does not have permissions to delete the user. The sample will only be able to delete the user if

  1.   The app is added to “company administrators” role.
    

Or

  1.   App+User is used when logging in as a company admin. The app must be created as “Native app” with permissions as “Access to Directory”.
    

Thanks
Pavan

From: duongthaiha [mailto:notifications@github.com]
Sent: Sunday, November 2, 2014 7:50 PM
To: AzureADSamples/ConsoleApp-GraphAPI-DotNet
Subject: [ConsoleApp-GraphAPI-DotNet] User delete async result "Insufficient privileges to complete the operation." (#5)

Hi I tried to example however i receive "Insufficient privileges to complete the operation."
I have set the the web application to have different type of permission even to have all of them(both read and write directory data). I can create user however can not delete the user. Any help is much appropriated.


Reply to this email directly or view it on GitHubhttps://github.com//issues/5.

@duongthaiha

This comment has been minimized.

Copy link
Author

@duongthaiha duongthaiha commented Nov 3, 2014

Thank you very much. I tried the second options and that work. Quick question on option 1. I can not find the option to assign a role to an application via Azure Management Portal is that something you have to do via command line?

@pavankompelli

This comment has been minimized.

Copy link

@pavankompelli pavankompelli commented Nov 3, 2014

Right now this can be done only using Windows Azure ActiveDirectory Powershell module (you can find the service principal using Get-MsolServicePrincipal –AppPrincipalId and then use Add-MsolRoleMember to add it to “Company Administrator” role).

Thanks
Pavan

From: duongthaiha [mailto:notifications@github.com]
Sent: Monday, November 3, 2014 6:22 AM
To: AzureADSamples/ConsoleApp-GraphAPI-DotNet
Cc: Pavan Kompelli
Subject: Re: [ConsoleApp-GraphAPI-DotNet] User delete async result "Insufficient privileges to complete the operation." (#5)

Thank you very much. I tried the second options and that work. Quick question on option 1. I can not find the option to assign a role to an application via Azure Management Portal is that something you have to do via command line?


Reply to this email directly or view it on GitHubhttps://github.com//issues/5#issuecomment-61483534.

@duongthaiha

This comment has been minimized.

Copy link
Author

@duongthaiha duongthaiha commented Nov 3, 2014

Thank you very much :)

@duongthaiha duongthaiha closed this Nov 3, 2014
@vsix27

This comment has been minimized.

Copy link

@vsix27 vsix27 commented May 11, 2015

first option (use Add-MsolRoleMember to add it to “Company Administrator” role) worked for me - specifically -

1. get clientid of your web application - can do it in azure web/configuration, or in PowerShell when run

 # 1. list all principals, you web app probably will be  last...
Get-MsolServicePrincipal | ft DisplayName, AppPrincipalId -AutoSize

2. run in PowerShell

# 2. put your web app guid [this is ClientIdWebApp] and use it to get MsolServicePrincipal
$ClientIdWebApp = '5dc390de-1a63-4377-b16e-f4d0ddd9d921'
$webApp = Get-MsolServicePrincipalAppPrincipalId $ClientIdWebApp

# 3. use Add-MsolRoleMember to add it to “Company Administrator” role).
Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType ServicePrincipal -RoleMemberObjectId $webApp.ObjectId
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.