创建用户
命名空间:microsoft.graph
创建新用户。请求正文包含要创建的用户。至少要为该用户指定必需的属性。可以选择指定其他任意可写属性。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
User.ReadWrite.All、Directory.ReadWrite.All |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
User.ReadWrite.All、Directory.ReadWrite.All |
HTTP 请求
POST /users
| 标头 |
值 |
| Authorization |
Bearer {token}。必需。 |
| Content-Type |
application/json |
请求正文
在请求正文中,提供 user 对象的 JSON 表示形式。
下表列出了创建用户时所需的属性。 如果要为正在创建的用户包括 identities 属性,并非所有列出的属性都是必需的。 对于 B2C 本地帐户标识,只需要 passwordProfile,且 passwordPolicies 必须设置为 DisablePasswordExpiration。 对于社交标识,则无需任何属性。
| 参数 |
类型 |
说明 |
| accountEnabled |
boolean |
启用此帐户时为 true,否则为 false。 |
| displayName |
string |
要在用户的通讯簿中显示的名称。 |
| onPremisesImmutableId |
string |
如果你对用户的 userPrincipalName (UPN) 属性使用联盟域,只需在创建新用户帐户时指定。 |
| mailNickname |
string |
用户的邮件别名。 |
| passwordProfile |
PasswordProfile |
用户的密码配置文件。对于 Azure B2C 租户,forceChangePasswordNextSignIn 属性应设置为 false,并且应在第一次登录时使用自定义策略强制重置密码。 |
| userPrincipalName |
string |
用户主体名称 (someuser@contoso.com)。它是用户基于 Internet 标准 RFC 822 的 Internet 式登录名。按照惯例,此名称应映射到用户的电子邮件名称。常规格式是 alias@domain,其中,domain 必须位于租户的已验证域集合中。创建用户时此属性是必需的。可从 组织的 verifiedDomains 属性访问租户的已验证域。
注意:此属性不能包含突出字符。 仅支持使用以下字符:A - Z、a - z、0 - 9、 ' . - _ ! # ^ ~。 有关允许字符的完整列表,请参阅用户名策略。 |
由于 用户 资源支持 扩展,因此可以使用 POST 操作,并在创建用户实例时向其添加含有自己的数据的自定义属性。
备注
默认情况下,使用此 API 创建的联合用户将被强制每 12 小时登录一次。 有关如何对其进行更改的详细信息,请参阅令牌生存期的例外。
响应
如果成功,此方法在响应正文中返回 201 Created 响应代码和 user 对象。
示例
示例 1:创建用户
请求
下面是一个请求示例。
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
{
"accountEnabled": true,
"displayName": "Adele Vance",
"mailNickname": "AdeleV",
"userPrincipalName": "AdeleV@contoso.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var user = new User
{
AccountEnabled = true,
DisplayName = "Adele Vance",
MailNickname = "AdeleV",
UserPrincipalName = "AdeleV@contoso.onmicrosoft.com",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "xWwvJ]6NMw+bWH-d"
}
};
await graphClient.Users
.Request()
.AddAsync(user);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const user = {
accountEnabled: true,
displayName: 'Adele Vance',
mailNickname: 'AdeleV',
userPrincipalName: 'AdeleV@contoso.onmicrosoft.com',
passwordProfile: {
forceChangePasswordNextSignIn: true,
password: 'xWwvJ]6NMw+bWH-d'
}
};
await client.api('/users')
.post(user);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/users"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphUser *user = [[MSGraphUser alloc] init];
[user setAccountEnabled: true];
[user setDisplayName:@"Adele Vance"];
[user setMailNickname:@"AdeleV"];
[user setUserPrincipalName:@"AdeleV@contoso.onmicrosoft.com"];
MSGraphPasswordProfile *passwordProfile = [[MSGraphPasswordProfile alloc] init];
[passwordProfile setForceChangePasswordNextSignIn: true];
[passwordProfile setPassword:@"xWwvJ]6NMw+bWH-d"];
[user setPasswordProfile:passwordProfile];
NSError *error;
NSData *userData = [user getSerializedDataWithError:&error];
[urlRequest setHTTPBody:userData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
User user = new User();
user.accountEnabled = true;
user.displayName = "Adele Vance";
user.mailNickname = "AdeleV";
user.userPrincipalName = "AdeleV@contoso.onmicrosoft.com";
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.forceChangePasswordNextSignIn = true;
passwordProfile.password = "xWwvJ]6NMw+bWH-d";
user.passwordProfile = passwordProfile;
graphClient.users()
.buildRequest()
.post(user);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewUser()
accountEnabled := true
requestBody.SetAccountEnabled(&accountEnabled)
displayName := "Adele Vance"
requestBody.SetDisplayName(&displayName)
mailNickname := "AdeleV"
requestBody.SetMailNickname(&mailNickname)
userPrincipalName := "AdeleV@contoso.onmicrosoft.com"
requestBody.SetUserPrincipalName(&userPrincipalName)
passwordProfile := msgraphsdk.NewPasswordProfile()
requestBody.SetPasswordProfile(passwordProfile)
forceChangePasswordNextSignIn := true
passwordProfile.SetForceChangePasswordNextSignIn(&forceChangePasswordNextSignIn)
password := "xWwvJ]6NMw+bWH-d"
passwordProfile.SetPassword(&password)
result, err := graphClient.Users().Post(requestBody)
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Users
$params = @{
AccountEnabled = $true
DisplayName = "Adele Vance"
MailNickname = "AdeleV"
UserPrincipalName = "AdeleV@contoso.onmicrosoft.com"
PasswordProfile = @{
ForceChangePasswordNextSignIn = $true
Password = "xWwvJ]6NMw+bWH-d"
}
}
New-MgUser -BodyParameter $params
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
在请求正文中,提供 user 对象的 JSON 表示形式。
响应
这是一个示例响应。注意:为提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "AdeleV@contoso.onmicrosoft.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.onmicrosoft.com"
}
示例 2:创建具有社交和本地帐户标识的用户
创建一个新用户,该用户具有本地帐户标识(以登录名和电子邮件地址为登录凭据),并且具有社交标识。 此示例通常用于 B2C 租户中的迁移方案。
备注
对于本地帐户标识,必须禁用密码过期,并且还必须禁用下次登录时强制更改密码。
请求
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
{
"displayName": "John Smith",
"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
],
"passwordProfile" : {
"password": "password-value",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var user = new User
{
DisplayName = "John Smith",
Identities = new List<ObjectIdentity>()
{
new ObjectIdentity
{
SignInType = "userName",
Issuer = "contoso.onmicrosoft.com",
IssuerAssignedId = "johnsmith"
},
new ObjectIdentity
{
SignInType = "emailAddress",
Issuer = "contoso.onmicrosoft.com",
IssuerAssignedId = "jsmith@yahoo.com"
},
new ObjectIdentity
{
SignInType = "federated",
Issuer = "facebook.com",
IssuerAssignedId = "5eecb0cd"
}
},
PasswordProfile = new PasswordProfile
{
Password = "password-value",
ForceChangePasswordNextSignIn = false
},
PasswordPolicies = "DisablePasswordExpiration"
};
await graphClient.Users
.Request()
.AddAsync(user);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const user = {
displayName: 'John Smith',
identities: [
{
signInType: 'userName',
issuer: 'contoso.onmicrosoft.com',
issuerAssignedId: 'johnsmith'
},
{
signInType: 'emailAddress',
issuer: 'contoso.onmicrosoft.com',
issuerAssignedId: 'jsmith@yahoo.com'
},
{
signInType: 'federated',
issuer: 'facebook.com',
issuerAssignedId: '5eecb0cd'
}
],
passwordProfile: {
password: 'password-value',
forceChangePasswordNextSignIn: false
},
passwordPolicies: 'DisablePasswordExpiration'
};
await client.api('/users')
.post(user);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/users"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphUser *user = [[MSGraphUser alloc] init];
[user setDisplayName:@"John Smith"];
NSMutableArray *identitiesList = [[NSMutableArray alloc] init];
MSGraphObjectIdentity *identities = [[MSGraphObjectIdentity alloc] init];
[identities setSignInType:@"userName"];
[identities setIssuer:@"contoso.onmicrosoft.com"];
[identities setIssuerAssignedId:@"johnsmith"];
[identitiesList addObject: identities];
MSGraphObjectIdentity *identities = [[MSGraphObjectIdentity alloc] init];
[identities setSignInType:@"emailAddress"];
[identities setIssuer:@"contoso.onmicrosoft.com"];
[identities setIssuerAssignedId:@"jsmith@yahoo.com"];
[identitiesList addObject: identities];
MSGraphObjectIdentity *identities = [[MSGraphObjectIdentity alloc] init];
[identities setSignInType:@"federated"];
[identities setIssuer:@"facebook.com"];
[identities setIssuerAssignedId:@"5eecb0cd"];
[identitiesList addObject: identities];
[user setIdentities:identitiesList];
MSGraphPasswordProfile *passwordProfile = [[MSGraphPasswordProfile alloc] init];
[passwordProfile setPassword:@"password-value"];
[passwordProfile setForceChangePasswordNextSignIn: false];
[user setPasswordProfile:passwordProfile];
[user setPasswordPolicies:@"DisablePasswordExpiration"];
NSError *error;
NSData *userData = [user getSerializedDataWithError:&error];
[urlRequest setHTTPBody:userData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
User user = new User();
user.displayName = "John Smith";
LinkedList<ObjectIdentity> identitiesList = new LinkedList<ObjectIdentity>();
ObjectIdentity identities = new ObjectIdentity();
identities.signInType = "userName";
identities.issuer = "contoso.onmicrosoft.com";
identities.issuerAssignedId = "johnsmith";
identitiesList.add(identities);
ObjectIdentity identities1 = new ObjectIdentity();
identities1.signInType = "emailAddress";
identities1.issuer = "contoso.onmicrosoft.com";
identities1.issuerAssignedId = "jsmith@yahoo.com";
identitiesList.add(identities1);
ObjectIdentity identities2 = new ObjectIdentity();
identities2.signInType = "federated";
identities2.issuer = "facebook.com";
identities2.issuerAssignedId = "5eecb0cd";
identitiesList.add(identities2);
user.identities = identitiesList;
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.password = "password-value";
passwordProfile.forceChangePasswordNextSignIn = false;
user.passwordProfile = passwordProfile;
user.passwordPolicies = "DisablePasswordExpiration";
graphClient.users()
.buildRequest()
.post(user);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewUser()
displayName := "John Smith"
requestBody.SetDisplayName(&displayName)
requestBody.SetIdentities( []ObjectIdentity {
msgraphsdk.NewObjectIdentity(),
signInType := "userName"
SetSignInType(&signInType)
issuer := "contoso.onmicrosoft.com"
SetIssuer(&issuer)
issuerAssignedId := "johnsmith"
SetIssuerAssignedId(&issuerAssignedId)
msgraphsdk.NewObjectIdentity(),
signInType := "emailAddress"
SetSignInType(&signInType)
issuer := "contoso.onmicrosoft.com"
SetIssuer(&issuer)
issuerAssignedId := "jsmith@yahoo.com"
SetIssuerAssignedId(&issuerAssignedId)
msgraphsdk.NewObjectIdentity(),
signInType := "federated"
SetSignInType(&signInType)
issuer := "facebook.com"
SetIssuer(&issuer)
issuerAssignedId := "5eecb0cd"
SetIssuerAssignedId(&issuerAssignedId)
}
passwordProfile := msgraphsdk.NewPasswordProfile()
requestBody.SetPasswordProfile(passwordProfile)
password := "password-value"
passwordProfile.SetPassword(&password)
forceChangePasswordNextSignIn := false
passwordProfile.SetForceChangePasswordNextSignIn(&forceChangePasswordNextSignIn)
passwordPolicies := "DisablePasswordExpiration"
requestBody.SetPasswordPolicies(&passwordPolicies)
result, err := graphClient.Users().Post(requestBody)
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Users
$params = @{
DisplayName = "John Smith"
Identities = @(
@{
SignInType = "userName"
Issuer = "contoso.onmicrosoft.com"
IssuerAssignedId = "johnsmith"
}
@{
SignInType = "emailAddress"
Issuer = "contoso.onmicrosoft.com"
IssuerAssignedId = "jsmith@yahoo.com"
}
@{
SignInType = "federated"
Issuer = "facebook.com"
IssuerAssignedId = "5eecb0cd"
}
)
PasswordProfile = @{
Password = "password-value"
ForceChangePasswordNextSignIn = $false
}
PasswordPolicies = "DisablePasswordExpiration"
}
New-MgUser -BodyParameter $params
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档。
响应
下面是一个响应示例。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"displayName": "John Smith",
"id": "4c7be08b-361f-41a8-b1ef-1712f7a3dfb2",
"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
],
"passwordPolicies": "DisablePasswordExpiration"
}
另请参阅