Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration

问题

Issue with adding Member to group in Azure AD, getting this error message:

Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration

I am trying to add existing member of azure AD to a existing group,But I am getting response as "Bad Request". For some of the calls updateasync worked fine but member not added to group. I have provided my code that I am trying with the error I am getting below.Kindly suggest if any one has faced the same and resolved it.Thanks.

Code:-

 IUser newUser = await GetUser(userKey);
                Microsoft.Azure.ActiveDirectory.GraphClient.Group retrievedGroup = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
                List<IGroup> foundGroups = null;
                foundGroups = adClient.Groups
                         .Where(group => group.DisplayName.StartsWith(groupName))
                         .ExecuteAsync().Result.CurrentPage.ToList();
                if (foundGroups != null && foundGroups.Count > 0)
                {
                    retrievedGroup = foundGroups.First() as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
                }
                if (retrievedGroup.ObjectId != null)
                {
                    retrievedGroup.Members.Add(newUser as DirectoryObject);
                    await retrievedGroup.UpdateAsync();
                }

Error:-

{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."},"date":"2016-10-18T08:02:22","requestId":"c757689c-6135-4198-9e4d-6a7aaa1135e7","values":null}}

回答1:

Based on the description and error message, you were using Azure Graph client to add members to group which created on-premises. This is expected, it is not able to update these objects which synced from on-premises to Azure AD.

To add members for this kind group, we need to operate it in the on-premises environment and then sync it to Azure.

Update

Create a group and add the members using Azure AD Graph client:

var client = GraphHelper.CreateGraphClient();

var group = new Microsoft.Azure.ActiveDirectory.GraphClient.Group();
group.DisplayName = "newGroup";
group.MailNickname = "newGroup";
group.MailEnabled = false;
group.SecurityEnabled = true;
await client.Groups.AddGroupAsync(group);

var newGroup = client.Groups.ExecuteAsync().Result.CurrentPage.First(a => a.DisplayName == "newGroup") as Microsoft.Azure.ActiveDirectory.GraphClient.Group;

var user = client.Users.ExecuteAsync().Result.CurrentPage.First(u => u.DisplayName == "user2") as Microsoft.Azure.ActiveDirectory.GraphClient.DirectoryObject;

group.Members.Add(user);
await group.UpdateAsync();


public static ActiveDirectoryClient CreateGraphClient()
{
        string accessToken = "";
        string tenantId = "xxx.onmicrosoft.com"; 
        string graphResourceId = "https://graph.windows.net";

        Uri servicePointUri = new Uri(graphResourceId);
        Uri serviceRoot = new Uri(servicePointUri, tenantId);

        ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));

        return activeDirectoryClient;
}

来源：https://stackoverflow.com/questions/40102799/unable-to-update-the-specified-properties-for-on-premises-mastered-directory-syn