Monday, May 22, 2017

Set owners and members for existing Azure AD groups via MS Graph client library

In one of my previous posts I showed how to create new Azure AD group and add owners via MS Graph client library: Create Azure AD group and set group owner using Microsoft Graph Client library. In this post I will also show how to set owners for existing groups, which will also include deleting of previous owners. The same approach may be used for adding and deleting group members (instead of Owners use Members property of Group class). In order to synchronize Azure AD group owners use the following method:

   1: public static void SetAzureGroupOwners(Group group, List<User> newOwners)
   2: {
   3:     if (group == null || newOwners == null || newOwners.Count == 0)
   4:     {
   5:         return;
   6:     }
   7:  
   8:     var graph = new GraphServiceClient(new AzureAuthenticationProvider());
   9:  
  10:     var existingOwners = GetAzureGroupOwners(group.Id);
  11:     foreach (User newOwner in newOwners)
  12:     {
  13:         if (!existingOwners.Any(u => string.Compare(u.UserPrincipalName,
  14:             newOwner.UserPrincipalName, true) == 0))
  15:         {
  16:             var result = graph.Groups[group.Id].Owners.
  17:                 References.Request().AddAsync(newOwner);
  18:             result.Wait();
  19:             while (result.Status == TaskStatus.WaitingForActivation)
  20:             {
  21:                 Thread.Sleep(1000);
  22:             }
  23:         }
  24:     }
  25:  
  26:     existingOwners = GetAzureGroupOwners(group.Id);
  27:     foreach (User existingOwner in existingOwners)
  28:     {
  29:         if (!newOwners.Any(u => string.Compare(u.UserPrincipalName,
  30:             existingOwner.UserPrincipalName, true) == 0))
  31:         {
  32:             var result = graph.Groups[group.Id].Owners[existingOwner.Id].
  33:                 Reference.Request().DeleteAsync();
  34:             result.Wait();
  35:             while (result.Status == TaskStatus.WaitingForActivation)
  36:             {
  37:                 Thread.Sleep(1000);
  38:             }
  39:         }
  40:     }
  41: }

In this method we use helper function GetAzureGroupOwners:

   1: public static List<User> GetAzureGroupOwners(string groupId)
   2: {
   3:     try
   4:     {
   5:         var graph = new GraphServiceClient(new AzureAuthenticationProvider());
   6:         var result = new List<User>();
   7:         var owners = graph.Groups[groupId].Owners.Request().GetAsync();
   8:         while (owners.Result.Count > 0)
   9:         {
  10:             foreach (var owner in owners.Result)
  11:             {
  12:                 if (!(owner is User))
  13:                 {
  14:                     continue;
  15:                 }
  16:  
  17:                 result.Add((User)owner);
  18:             }
  19:  
  20:             if (owners.Result.NextPageRequest != null)
  21:             {
  22:                 owners = owners.Result.NextPageRequest.GetAsync();
  23:             }
  24:             else
  25:             {
  26:                 break;
  27:             }
  28:         }
  29:         return result;
  30:     }
  31:     catch (Exception x)
  32:     {
  33:         Console.WriteLine("Error occured when getting Azure " +
  34:             "group's owners: '{0}'\n{1}", x.Message, x.StackTrace);
  35:         return new List<User>();
  36:     }
  37: }

and AzureAuthenticationProvider from previous post Work with Azure AD via Microsoft Graph API.

Method SetAzureGroupOwners() receives reference to the Azure AD group and list of users which should be set as owners. Please note that we are talking here about replacing existing owners on new ones, i.e. we need not only to add new owners but also delete those existing owners which don’t exist in this list. So at first we add new owners (lines 10-24) and then remove missing existing owners (lines 26-40). At the end group will only have those owners which are passed in the list to the function.

No comments:

Post a Comment