Menu
I am trying to find a solution for resetting user's passwords (all users, not just the authenticated user) in Azure Active directory via a non-interactive login.
Right now it seems this is only available via powershell's MSOnline Set-AzureADUserPassword cmdlet using a Service Principal login.
I'd like to find a solution using an API Endpoint so I can use C#. The closest solutions I've found was Microsoft Graph API but after setting it up, I realized I can only reset the passwords via an interactive login and consent flow. It's not allowed via non-interactive.
My next attempt is to use Azure AD endpoint but my concern is I am seeing the same message that recommends that we use the Microsoft graph API. Does this means azure ad endpoint will be going away?
Is there a recommended approach without using PowerShell?
758
Resetting a locked-out user's password automatically unlocks the user's account. When a user loses a password, they can click the forgot password link on the login page to receive an email with steps to reset it. The user must answer the security question correctly to reset the password.
You could update user's passwordProfile property to reset user's password :
PATCH https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}
Content-type: application/json
Authorization: bearer TOKEN
{
"passwordProfile":
{
"forceChangePasswordNextSignIn":false,
"password": "XXXXXXXXX"
}
}
As explanation in document :
When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.
Then you could use Resource Owner Flow as the requirement needs non-interactive login . To enable Directory.AccessAsUser.All delegate permission, you should :
Add Microsoft Graph's Access directory as the signed in user permission in Required permissions blade of your Azure AD app :
That permission needs admin consent , please click Grant Permissions button with your admin account .
Then you could use Resource Owner Flow to acquire access token for Microsoft Graph , Directory.AccessAsUser.All permission allows an Admin to change another user's password in your tenant .
Does this means azure ad endpoint will be going away?
Currently , Microsoft Graph supports most of the directory features that Azure AD Graph supports, but not all. Please refer to Gaps between Microsoft Graph and Azure AD Graph
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
