Showing results for 
Search instead for 
Did you mean: 

Groups/AddUserAsAdmin API fails when adding group principle

Hi, I'm consistently getting an error trying to add an AAD Group to a V2 workspace using the AddUserAsAdmin API.


Adding a single user via its email address works fine. Adding a group interatively in the service works fine.


However, trying to perform the same operation using the API does generate this error:


I have tried this on two different tenants, with the same result in both cases.


My payload (this is based on what the Groups/GetGroupUsers API returns when the AD group is added via the UI):

    "principalType": "Group",
    "groupUserAccessRight": "Admin",
    "identifier": "22a72618-2597-44c4-8258-793d37675811",
    "displayName": "Test Group" 

It would be great if someone could confirm this as a bug, or else suggest any modifications when making that call.




Status: New

Hi @mthierba,


I tested on my side, the Add Group User works fine with new preview version app workspace. 


In your scenario, please check if the emailAddress parameter value is correct. You can go to Office Admin portal -> Groups, find the group "Test Group" and check its email address. 




Best Regards,
Qiuyun Yu

Frequent Visitor

Hi @v-qiuyu-msft ,


The OP was asking about the Admin API:


When using an AD Security Group (not mail-enabled), this endpoint doesn't work.


For example:


A POST to{groupId}/users


with the body:


  "groupUserAccessRight": "Member",
  "displayName": "<Group_Name>",
  "identifier": "<object_id>",
  "principalType": "Group"


results in the response:


    "error": {
        "code": "InvalidRequest",
        "message": "Parameter PrincipalType or Identifier is missing or invalid"


The other API that you linked to ( seems to work fine.


Why doesn't the Admin API work?





Idea Statuses