Azure Active Directory Graph Rbac API¶
Create the client¶
The following code creates an instance of the client.
See Resource Management Authentication
for details on getting a Credentials
instance.
You will also need the tenant id of the AD you want to manage. Could be the AD UUID or domain name. You can follow this documentation to get it.
Note
You need to change the resource parameter to https://graph.windows.net while creating the credentials instance
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import UserPassCredentials
# See above for details on creating different types of AAD credentials
credentials = UserPassCredentials(
'user@domain.com', # Your user
'my_password', # Your password
resource="https://graph.windows.net"
)
tenant_id = "myad.onmicrosoft.com"
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
Manage users¶
The following code creates a user, get it directly and by list filtering, and then delete it. Filter syntax can be found here.
from azure.graphrbac.models import UserCreateParameters, PasswordProfile
user = graphrbac_client.users.create(
UserCreateParameters(
user_principal_name="testbuddy@{}".format(MY_AD_DOMAIN),
account_enabled=False,
display_name='Test Buddy',
mail_nickname='testbuddy',
password_profile=PasswordProfile(
password='MyStr0ngP4ssword',
force_change_password_next_login=True
)
)
)
# user is a User instance
self.assertEqual(user.display_name, 'Test Buddy')
user = graphrbac_client.users.get(user.object_id)
self.assertEqual(user.display_name, 'Test Buddy')
for user in graphrbac_client.users.list(filter="displayName eq 'Test Buddy'"):
self.assertEqual(user.display_name, 'Test Buddy')
graphrbac_client.users.delete(user.object_id)