Create user

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Create a new user. The request body contains the user to create. At a minimum, you must specify the required properties for the user. You can optionally specify any other writable properties.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Directory.ReadWrite.All

HTTP request

POST /users

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, supply a JSON representation of user object.

The following table shows the properties that are required when you create a user.

Parameter Type Description
accountEnabled Boolean true if the account is enabled; otherwise, false.
displayName string The name to display in the address book for the user.
onPremisesImmutableId string Only needs to be specified when creating a new user account if you are using a federated domain for the user's userPrincipalName (UPN) property.
mailNickname string The mail alias for the user.
passwordProfile PasswordProfile The password profile for the user.
userPrincipalName string The user principal name (someuser@contoso.com).

Because the user resource supports extensions, you can use the POST operation and add custom properties with your own data to the user instance while creating it.

[!NOTE] Federated users created using this API will be forced to sign in every 12 hours by default. For more information about how to change this, see Exceptions for token lifetimes.

Response

If successful, this method returns a 201 Created response code and a user object in the response body.

Example

Request

Here is an example of the request.

POST https://graph.microsoft.com/beta/users
Content-type: application/json

{
  "accountEnabled": true,
  "displayName": "displayName-value",
  "mailNickname": "mailNickname-value",
  "userPrincipalName": "upn-value@tenant-value.onmicrosoft.com",
  "passwordProfile" : {
    "forceChangePasswordNextSignIn": true,
    "password": "password-value"
  }
}

In the request body, supply a JSON representation of user object.

Response

Here is an example of the response.

[!NOTE] The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#users/$entity",
    "id": "id-value",
    "businessPhones": [],
    "displayName": "displayName-value",
    "givenName": null,
    "jobTitle": null,
    "mail": null,
    "mobilePhone": null,
    "officeLocation": null,
    "preferredLanguage": null,
    "surname": null,
    "userPrincipalName": "upn-value@tenant-value.onmicrosoft.com"
}

SDK sample code


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var user = new User
{
	AccountEnabled = true,
	DisplayName = "displayName-value",
	MailNickname = "mailNickname-value",
	UserPrincipalName = "upn-value@tenant-value.onmicrosoft.com",
	PasswordProfile = new PasswordProfile
	{
		ForceChangePasswordNextSignIn = true,
		Password = "password-value"
	}
};

await graphClient.Users
	.Request()
	.AddAsync(user);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

See also