Azure Active Directory Graph libraries for Python

  • Article

Important

As of February 2019, we started the process to deprecate some earlier versions of Azure Active Directory Graph API in favor of the Microsoft Graph API.

For details, updates, and time frames, see Microsoft Graph or the Azure AD Graph in the Office Dev Center.

Moving forward, applications should use the Microsoft Graph API.

Overview

Sign-on users and control access to applications and APIs with Active Directory Graph.

Client library

pip install azure-graphrbac

Example

Note

You need to change the resource parameter to https://graph.windows.net while creating the credentials instance

from azure.graphrbac import GraphRbacManagementClient	
from azure.common.credentials import UserPassCredentials	
credentials = UserPassCredentials(	
           'user@domain.com',      # Your user	
           'my_password',          # Your password	
           resource="https://graph.windows.net"	
   )	
tenant_id = "myad.onmicrosoft.com"	
graphrbac_client = GraphRbacManagementClient(	
   credentials,	
   tenant_id	
)

The following code creates a user, get it directly and by list filtering, and then delete it.

from azure.graphrbac.models import UserCreateParameters, PasswordProfile	
 user = graphrbac_client.users.create(	
    UserCreateParameters(	
        user_principal_name="testbuddy@{}".format(MY_AD_DOMAIN),	
        account_enabled=False,	
        display_name='Test Buddy',	
        mail_nickname='testbuddy',	
        password_profile=PasswordProfile(	
            password='MyStr0ngP4ssword',	
            force_change_password_next_login=True	
        )	
    )	
)	
# user is a User instance	
self.assertEqual(user.display_name, 'Test Buddy')	
 user = graphrbac_client.users.get(user.object_id)	
self.assertEqual(user.display_name, 'Test Buddy')	
 for user in graphrbac_client.users.list(filter="displayName eq 'Test Buddy'"):	
    self.assertEqual(user.display_name, 'Test Buddy')	
 graphrbac_client.users.delete(user.object_id)