Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

mthierba

Groups/AddUserAsAdmin API fails when adding group principle

Submitted by on ‎01-07-2019 11:20 AM

Hi, I'm consistently getting an error trying to add an AAD Group to a V2 workspace using the AddUserAsAdmin API.

 

Adding a single user via its email address works fine. Adding a group interatively in the service works fine.

 

However, trying to perform the same operation using the API does generate this error:

{
{"error":{"code":"ADGraphEntityOperationFailed","pbi.error":{"code":"ADGraphEntityOperationFailed","parameters":{},"details":[]}}}
}

I have tried this on two different tenants, with the same result in both cases.

 

My payload (this is based on what the Groups/GetGroupUsers API returns when the AD group is added via the UI):

{
    "principalType": "Group",
    "groupUserAccessRight": "Admin",
    "identifier": "22a72618-2597-44c4-8258-793d37675811",
    "displayName": "Test Group" 
}

It would be great if someone could confirm this as a bug, or else suggest any modifications when making that call.

 

Regards,

Mathias

Status: New
See more ideas labeled with:
3 Comments (3 New)
Comments
v-qiuyu-msft
Community Support
Community Support
‎01-08-2019 12:07 AM

Hi @mthierba,

 

I tested on my side, the Add Group User works fine with new preview version app workspace. 

 

In your scenario, please check if the emailAddress parameter value is correct. You can go to Office Admin portal -> Groups, find the group "Test Group" and check its email address. 

 

w1.PNG

 

Best Regards,
Qiuyun Yu

ed-freeman
Helper II
Helper II
‎11-21-2019 09:27 AM

Hi @v-qiuyu-msft ,

 

The OP was asking about the Admin API: https://docs.microsoft.com/en-us/rest/api/power-bi/admin/groups_adduserasadmin

 

When using an AD Security Group (not mail-enabled), this endpoint doesn't work.

 

For example:

 

A POST to https://api.powerbi.com/v1.0/myorg/admin/groups/{groupId}/users

 

with the body:

 

{
  "groupUserAccessRight": "Member",
  "displayName": "<Group_Name>",
  "identifier": "<object_id>",
  "principalType": "Group"
}

 

results in the response:

 

{
    "error": {
        "code": "InvalidRequest",
        "message": "Parameter PrincipalType or Identifier is missing or invalid"
    }
}

 

The other API that you linked to (https://docs.microsoft.com/en-us/rest/api/power-bi/groups/addgroupuser) seems to work fine.

 

Why doesn't the Admin API work?

 

Thanks,

 

Ed

mwhitesellevrg
Frequent Visitor
‎10-11-2021 01:35 PM

This still doesn't work and it's pretty annoying.  The only example given in the API Documentation is that of simple email user add.  Service Principal and Group Principal should also be documented and tested.

Idea Statuses