Insufficient privileges to complete the operation when using service principal to create Azure AD Application

Question

Following the code outlined here:

https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/blob/master/GraphConsoleAppV3/Program.cs#L810
         


        

Answer 1

its required that the application has been given the Administrator role that currently seem only possible to add using the powershell tools for azure AD: https://msdn.microsoft.com/library/azure/jj151815.aspx#bkmk_installmodule

and using connect-msolservice and using your Azure Ad Administrator user login when prompted.

1. connect-msolservice
2. Get-MsolServicePrincipal –AppPrincipalId {appId}
3. Add-MsolRoleMember -RoleMemberType ServicePrincipal -RoleName 'Company Administrator' -RoleMemberObjectId {objectID}

where the objectID is the output of the 2 command