Opérations sur les rôles d’annuaire (version préliminaire) | Référence de l’API Graph
S’applique à : API Graph | Azure Active Directory
Cette rubrique explique comment effectuer des opérations sur les rôles d’annuaire Azure AD à l’aide de l’API Azure Active Directory (AD) Graph. Les rôles d’annuaire (DirectoryRole) comportent des ensembles spécifiques de droits d’accès à l’annuaire. Azure AD octroie aux utilisateurs et principaux de service membres d’un rôle d’annuaire les droits associés à ce rôle. Les rôles d’annuaire Azure AD sont également appelés rôles d’administrateur. Pour plus d’informations sur les rôles (d’administrateur) d’annuaire, consultez Attribution de rôles d’administrateur dans Azure AD.
Avec l’API Graph, vous pouvez lire les propriétés des rôles d’annuaire, effectuer des requêtes sur les membres d’un rôle d’annuaire, ajouter et supprimer des membres d’un rôle d’annuaire. Les rôles d’annuaire peuvent posséder des utilisateurs et principaux de service en tant que membres. L’ajout de groupes à des rôles d’annuaire n’est pas pris en charge actuellement.
Dans les versions antérieures à la version 1.5, tous les rôles d’annuaire sont présents dans le locataire par défaut. À partir de la version 1.5, seul le rôle d’annuaire Administrateurs de la société est présent par défaut. Pour accéder et affecter des membres à un autre rôle d’annuaire, vous devez d’abord l’activer à l’aide de son modèle de rôle d’annuaire correspondant (DirectoryRoleTemplate). Pour plus d’informations, consultez Activer un rôle d’annuaire.
L’API Graph est une API REST conforme OData 3.0 qui fournit un accès par programme aux objets d’annuaire d’Azure Active Directory tels que les utilisateurs, les groupes, les contacts professionnels et les applications.
Important
La fonctionnalité d’API Azure AD Graph est également disponible au moyen de Microsoft Graph, une API unifiée qui intègre aussi des API d’autres services Microsoft tels que Outlook, OneDrive, OneNote, Planner et Office Graph, tous accessibles par le biais d’un seul point de terminaison à l’aide d’un seul jeton d’accès.
Exécuter des opérations REST sur des rôles d’annuaire
Pour effectuer des opérations sur les rôles d’annuaire avec l’API Graph, vous devez envoyer des requêtes HTTP à l’aide d’une méthode prise en charge (GET, POST, PATCH, PUT ou DELETE) à un point de terminaison qui cible la collection de ressources des rôles d’annuaire, un domaine spécifique, une propriété de navigation d’un rôle d’annuaire ou une fonction ou action pouvant être appelée sur un rôle d’annuaire.
Les demandes d’API Graph utilisent l’URL de base suivante :
https://graph.windows.net/{tenant_id}/{resource_path}?{api_version}[odata_query_parameters]
Important
Les demandes envoyées à l’API Graph doivent être bien formées, cibler un point de terminaison et une version valides de l’API Graph et indiquer dans leur en-tête Authorization
un jeton d’accès valide obtenu d’Azure AD. Pour plus d’informations sur la création de demandes et la réception de réponses au moyen de l’API Graph, consultez Operations Overview.
Vous spécifiez le {resource_path}
différemment selon que vous ciblez la collection de tous les rôles d’annuaire de votre client, un rôle d’annuaire individuel ou une propriété de navigation d’un rôle d’annuaire spécifique.
/directoryRoles
cible la collection de ressources des rôles d’annuaire. Vous pouvez utiliser ce chemin d’accès de ressource pour lire tous les rôles d’annuaire dans votre locataire et, dans la version 1.5 et les versions ultérieures, pour activer un rôle d’annuaire dans votre locataire./directoryRoleTemplates
cible la collection de ressources directoryRoleTemplates. Vous pouvez utiliser ce chemin d’accès aux ressources pour lire tous les modèles de rôle d’annuaire disponibles dans votre locataire. Dans la version 1.5 et les versions ultérieures, vous utilisez les modèles de rôle d’annuaire pour activer un rôle d’annuaire dans votre locataire./directoryRoles/{object_id}
cible un rôle d’annuaire individuel dans votre locataire. Vous spécifiez le rôle cible avec son ID d’objet (GUID). Ce chemin d’accès de ressource permet d’obtenir les propriétés déclarées d’un rôle d’annuaire spécifié./directoryRoles/{object_id}/members
cible la propriété de navigation members d’un rôle d’annuaire. Vous pouvez l’utiliser pour renvoyer les utilisateurs et les principaux de service qui sont membres du rôle d’annuaire spécifié. Remarque : cette forme d’adressage est disponible uniquement pour les lectures./directoryRoles/{object_id}/$links/members
cible la propriété de navigation members d’un rôle d’annuaire. Vous pouvez utiliser cette forme d’adressage pour lire et modifier les membres du rôle. Sur les lectures, les utilisateurs et les principaux de service référencés par la propriété sont renvoyés sous la forme d’un ou de plusieurs liens dans le corps de la réponse. Sur les écritures, les utilisateurs et les principaux de service sont spécifiés sous la forme d’un ou de plusieurs liens dans le corps de la requête.
Par exemple, la requête suivante renvoie une collection de liens vers les membres du rôle d’annuaire spécifié :
GET https://graph.windows.net/myorganization/directoryRoles/ffffffff-ffff-ffff-ffff-ffffffffffff/$links/members?api-version=1.6
Opérations de base sur les rôles d’annuaire
Vous pouvez effectuer les opérations de base suivantes sur les rôles d’annuaire et les modèles de rôle d’annuaire.
- Lisez les propriétés de tous les rôles d’annuaire ou d’un rôle individuel.
- Lisez les propriétés de tous modèles de rôle d’annuaire ou d’un modèle individuel (version 1.5 et ultérieures).
- Activez un rôle d’annuaire à l’aide de la demande POST (version 1.5 et ultérieures).
Les rubriques suivantes vous indiquent comment procéder.
Obtenir des rôles d’annuaire
Obtient le regroupement de rôles d’annuaire qui sont activés dans le locataire. (Dans les versions antérieures à la version 1.5, tous les rôles d’annuaire étaient activés par défaut.)
En cas de réussite, renvoie la collection d’objets DirectoryRole qui sont activés ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
GET https://graph.windows.net/myorganization/directoryRoles?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
Response
Status Code:200
Content-Type: application/json
{
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.DirectoryRole",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "02618ff0-e643-450d-b9b2-2f812364eb2c",
"deletionTimestamp": null,
"description": "Helpdesk Administrator has access to perform common helpdesk related tasks.",
"displayName": "Helpdesk Administrator",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "044ca859-dc72-47cb-b466-7f6e78398979",
"deletionTimestamp": null,
"description": "Allows access read tasks and a subset of write tasks in the directory.",
"displayName": "Directory Writers",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "9360feb5-f418-4baa-8175-e2a00bac4301"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "44261f4c-b686-44c1-8997-310171ed4ca8",
"deletionTimestamp": null,
"description": "Allows access to various read only tasks in the directory. ",
"displayName": "Directory Readers",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8",
"deletionTimestamp": null,
"description": "Company Administrator role has full access to perform any operation in the company scope.",
"displayName": "Company Administrator",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
}
]
}
Response List
Status Code | Description |
---|---|
200 | OK. Indicates success. The results are returned in the response body. |
Code Samples
using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;
namespace CSHttpClientSample
{
static class Program
{
static void Main()
{
MakeRequest();
Console.WriteLine("Hit ENTER to exit...");
Console.ReadLine();
}
static async void MakeRequest()
{
var client = new HttpClient();
var queryString = HttpUtility.ParseQueryString(string.Empty);
/* OAuth2 is required to access this API. For more information visit:
https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */
// Specify values for the following required parameters
queryString["api-version"] = "1.6";
// Specify values for path parameters (shown as {...})
var uri = "https://graph.windows.net/myorganization/directoryRoles?" + queryString;
var response = await client.GetAsync(uri);
if (response.Content != null)
{
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
}
}
@ECHO OFF
REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/directoryRoles?api-version=1.6&"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
public class JavaSample {
public static void main(String[] args) {
HttpClient httpclient = HttpClients.createDefault();
try
{
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/directoryRoles");
// Specify values for the following required parameters
builder.setParameter("api-version", "1.6");
URI uri = builder.build();
HttpGet request = new HttpGet(uri);
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
}
catch (Exception e)
{
System.out.println(e.getMessage());
}
}
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
$(function() {
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
var params = {
// Specify values for the following required parameters
'api-version': "1.6",
};
$.ajax({
// Specify values for path parameters (shown as {...})
url: 'https://graph.windows.net/myorganization/directoryRoles?' + $.param(params),
type: 'GET',
})
.done(function(data) {
alert("success");
})
.fail(function() {
alert("error");
});
});
</script>
</body>
</html>
#import <Foundation/Foundation.h>
int main(int argc, const char * argv[])
{
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
NSString* path = @"https://graph.windows.net/myorganization/directoryRoles";
NSArray* array = @[
@"entities=true",
];
NSString* string = [array componentsJoinedByString:@"&"];
path = [path stringByAppendingFormat:@"?%@", string];
NSLog(@"%@", path);
NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
[_request setHTTPMethod:@"GET"];
NSURLResponse *response = nil;
NSError *error = nil;
NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
if(nil != error)
{
NSLog(@"Error: %@", error);
}
else
{
NSError* error = nil;
NSMutableDictionary* json = nil;
NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
NSLog(@"%@", dataString);
if(nil != _connectionData)
{
json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
}
if (error || !json)
{
NSLog(@"Could not parse loaded json with error:%@", error);
}
NSLog(@"%@", json);
_connectionData = nil;
}
[pool drain];
return 0;
}
<?php
// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);
$query_params = array(
// Specify values for the following required parameters
'api-version' => '1.6',
);
$request = new Http_Request2('https://graph.windows.net/myorganization/directoryRoles');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
$url = $request->getUrl();
$url->setQueryVariables($query_params);
try
{
$response = $request->send();
echo $response->getBody();
}
catch (HttpException $ex)
{
echo $ex;
}
?>
########### Python 2.7 #############
import httplib, urllib, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = httplib.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoles?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.parse.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = http.client.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoles?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
Obtient un rôle d’annuaire spécifié. Spécifiez le rôle d’annuaire en indiquant son ID d’objet (GUID).
En cas de réussite, renvoie l’objet DirectoryRole du rôle spécifié ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
GET https://graph.windows.net/myorganization/directoryRoles/{object_id}?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
URL | |||
object_id | string | cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8 | The object ID (GUID) of the target directory role. |
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
GET https://graph.windows.net/myorganization/directoryRoles/cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8?api-version=1.6
Response
Status Code:200
Content-Type: application/json
{
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.DirectoryRole/@Element",
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8",
"deletionTimestamp": null,
"description": "Company Administrator role has full access to perform any operation in the company scope.",
"displayName": "Company Administrator",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
}
Response List
Status Code | Description |
---|---|
200 | OK. Indicates success. The directory role is returned in the response body. |
Code Samples
using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;
namespace CSHttpClientSample
{
static class Program
{
static void Main()
{
MakeRequest();
Console.WriteLine("Hit ENTER to exit...");
Console.ReadLine();
}
static async void MakeRequest()
{
var client = new HttpClient();
var queryString = HttpUtility.ParseQueryString(string.Empty);
/* OAuth2 is required to access this API. For more information visit:
https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */
// Specify values for the following required parameters
queryString["api-version"] = "1.6";
// Specify values for path parameters (shown as {...})
var uri = "https://graph.windows.net/myorganization/directoryRoles/{object_id}?" + queryString;
var response = await client.GetAsync(uri);
if (response.Content != null)
{
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
}
}
@ECHO OFF
REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/directoryRoles/{object_id}?api-version=1.6&"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
public class JavaSample {
public static void main(String[] args) {
HttpClient httpclient = HttpClients.createDefault();
try
{
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/directoryRoles/{object_id}");
// Specify values for the following required parameters
builder.setParameter("api-version", "1.6");
URI uri = builder.build();
HttpGet request = new HttpGet(uri);
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
}
catch (Exception e)
{
System.out.println(e.getMessage());
}
}
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
$(function() {
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
var params = {
// Specify values for the following required parameters
'api-version': "1.6",
};
$.ajax({
// Specify values for path parameters (shown as {...})
url: 'https://graph.windows.net/myorganization/directoryRoles/{object_id}?' + $.param(params),
type: 'GET',
})
.done(function(data) {
alert("success");
})
.fail(function() {
alert("error");
});
});
</script>
</body>
</html>
#import <Foundation/Foundation.h>
int main(int argc, const char * argv[])
{
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
NSString* path = @"https://graph.windows.net/myorganization/directoryRoles/{object_id}";
NSArray* array = @[
@"entities=true",
];
NSString* string = [array componentsJoinedByString:@"&"];
path = [path stringByAppendingFormat:@"?%@", string];
NSLog(@"%@", path);
NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
[_request setHTTPMethod:@"GET"];
NSURLResponse *response = nil;
NSError *error = nil;
NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
if(nil != error)
{
NSLog(@"Error: %@", error);
}
else
{
NSError* error = nil;
NSMutableDictionary* json = nil;
NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
NSLog(@"%@", dataString);
if(nil != _connectionData)
{
json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
}
if (error || !json)
{
NSLog(@"Could not parse loaded json with error:%@", error);
}
NSLog(@"%@", json);
_connectionData = nil;
}
[pool drain];
return 0;
}
<?php
// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);
$query_params = array(
// Specify values for the following required parameters
'api-version' => '1.6',
);
$request = new Http_Request2('https://graph.windows.net/myorganization/directoryRoles/{object_id}');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
$url = $request->getUrl();
$url->setQueryVariables($query_params);
try
{
$response = $request->send();
echo $response->getBody();
}
catch (HttpException $ex)
{
echo $ex;
}
?>
########### Python 2.7 #############
import httplib, urllib, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = httplib.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoles/{object_id}?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.parse.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = http.client.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoles/{object_id}?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
require 'net/http'
uri = URI('https://graph.windows.net/myorganization/directoryRoles/{object_id}')
uri.query = URI.encode_www_form({
# Specify values for the following required parameters
'api-version' => '1.6',
})
request = Net::HTTP::Get.new(uri.request_uri)
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
http.request(request)
end
puts response.body
Obtenir les modèles de rôle d’annuaire
Obtient la collection de modèles de rôle d’annuaire qui sont disponibles dans le locataire. Dans la version 1.5 et les versions ultérieures, les modèles de rôle d’annuaire permettent d’activer les rôles d’annuaire. Non disponible dans les versions antérieures à la version 1.5.
En cas de réussite, renvoie la collection d’objets DirectoryRoleTemplate pour le locataire ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
GET https://graph.windows.net/myorganization/directoryRoleTemplates?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
Response
Status Code:200
Content-Type: application/json
{
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.DirectoryRoleTemplate",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
"deletionTimestamp": null,
"description": "Helpdesk Administrator has access to perform common helpdesk related tasks.",
"displayName": "Helpdesk Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "f023fd81-a637-4b56-95fd-791ac0226033",
"deletionTimestamp": null,
"description": "Service Support Administrator has access to perform common support tasks.",
"displayName": "Service Support Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
"deletionTimestamp": null,
"description": "Billing Administrator has access to perform common billing related tasks.",
"displayName": "Billing Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "b5468a13-3945-4a40-b0b1-5d78c2676bbf",
"deletionTimestamp": null,
"description": "Allows access and management of users mailboxes.",
"displayName": "Mailbox Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "4ba39ca4-527c-499a-b93d-d9b492c50246",
"deletionTimestamp": null,
"description": "Allows ability to perform tier1 support tasks.",
"displayName": "Partner Tier1 Support"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "e00e864a-17c5-4a4b-9c06-f5b95a8d5bd8",
"deletionTimestamp": null,
"description": "Allows ability to perform tier2 support tasks.",
"displayName": "Partner Tier2 Support"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
"deletionTimestamp": null,
"description": "Allows access to various read only tasks in the directory. ",
"displayName": "Directory Readers"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "29232cdf-9323-42fd-ade2-1d097af3e4de",
"deletionTimestamp": null,
"description": "Exchange Service Administrator.",
"displayName": "Exchange Service Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "75941009-915a-4869-abe7-691bff18279e",
"deletionTimestamp": null,
"description": "Lync Service Administrator.",
"displayName": "Lync Service Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "fe930be7-5e62-47db-91af-98c3a49a38b1",
"deletionTimestamp": null,
"description": "User Account Administrator has access to perform common user management related tasks.",
"displayName": "User Account Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "9360feb5-f418-4baa-8175-e2a00bac4301",
"deletionTimestamp": null,
"description": "Allows access read tasks and a subset of write tasks in the directory.",
"displayName": "Directory Writers"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "62e90394-69f5-4237-9190-012177145e10",
"deletionTimestamp": null,
"description": "Company Administrator role has full access to perform any operation in the company scope.",
"displayName": "Company Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "a0b1b346-4d3e-4e8b-98f8-753987be4970",
"deletionTimestamp": null,
"description": "Every user is implicitly considered to be a member of the User Role.",
"displayName": "User"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "d65e02d2-0214-4674-8e5d-766fb330e2c0",
"deletionTimestamp": null,
"description": "Allows creation of new email verified users.",
"displayName": "Email Verified User Creator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "eb1d8c34-acf5-460d-8424-c1f1a6fbdb85",
"deletionTimestamp": null,
"description": "Allows access manage AdHoc license.",
"displayName": "AdHoc License Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
"deletionTimestamp": null,
"description": "SharePoint Service Administrator.",
"displayName": "SharePoint Service Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "d405c6df-0af8-4e3b-95e4-4d06e542189e",
"deletionTimestamp": null,
"description": "Device Users",
"displayName": "Device Users"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "9f06204d-73c1-4d4c-880a-6edb90606fd8",
"deletionTimestamp": null,
"description": "Device Administrators",
"displayName": "Device Administrators"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "9c094953-4995-41c8-84c8-3ebb9b32c93f",
"deletionTimestamp": null,
"description": "Device Join",
"displayName": "Device Join"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "c34f683f-4d5a-4403-affd-6615e00e3a7f",
"deletionTimestamp": null,
"description": "Workplace Device Join",
"displayName": "Workplace Device Join"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "17315797-102d-40b4-93e0-432062caca18",
"deletionTimestamp": null,
"description": "Compliance administrator.",
"displayName": "Compliance Administrator"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "d29b2b05-8046-44ba-8758-1e26182fcf32",
"deletionTimestamp": null,
"description": "Directory Synchronization Accounts",
"displayName": "Directory Synchronization Accounts"
},
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRoleTemplate",
"objectType": "RoleTemplate",
"objectId": "2b499bcd-da44-4968-8aec-78e1674fa64d",
"deletionTimestamp": null,
"description": "Allows access to read and edit device properties. ",
"displayName": "Device Managers"
}
]
}
Response List
Status Code | Description |
---|---|
200 | OK. Indicates success. The results are returned in the response body. |
Code Samples
using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;
namespace CSHttpClientSample
{
static class Program
{
static void Main()
{
MakeRequest();
Console.WriteLine("Hit ENTER to exit...");
Console.ReadLine();
}
static async void MakeRequest()
{
var client = new HttpClient();
var queryString = HttpUtility.ParseQueryString(string.Empty);
/* OAuth2 is required to access this API. For more information visit:
https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */
// Specify values for the following required parameters
queryString["api-version"] = "1.6";
// Specify values for path parameters (shown as {...})
var uri = "https://graph.windows.net/myorganization/directoryRoleTemplates?" + queryString;
var response = await client.GetAsync(uri);
if (response.Content != null)
{
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
}
}
@ECHO OFF
REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/directoryRoleTemplates?api-version=1.6&"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
public class JavaSample {
public static void main(String[] args) {
HttpClient httpclient = HttpClients.createDefault();
try
{
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/directoryRoleTemplates");
// Specify values for the following required parameters
builder.setParameter("api-version", "1.6");
URI uri = builder.build();
HttpGet request = new HttpGet(uri);
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
}
catch (Exception e)
{
System.out.println(e.getMessage());
}
}
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
$(function() {
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
var params = {
// Specify values for the following required parameters
'api-version': "1.6",
};
$.ajax({
// Specify values for path parameters (shown as {...})
url: 'https://graph.windows.net/myorganization/directoryRoleTemplates?' + $.param(params),
type: 'GET',
})
.done(function(data) {
alert("success");
})
.fail(function() {
alert("error");
});
});
</script>
</body>
</html>
#import <Foundation/Foundation.h>
int main(int argc, const char * argv[])
{
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
NSString* path = @"https://graph.windows.net/myorganization/directoryRoleTemplates";
NSArray* array = @[
@"entities=true",
];
NSString* string = [array componentsJoinedByString:@"&"];
path = [path stringByAppendingFormat:@"?%@", string];
NSLog(@"%@", path);
NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
[_request setHTTPMethod:@"GET"];
NSURLResponse *response = nil;
NSError *error = nil;
NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
if(nil != error)
{
NSLog(@"Error: %@", error);
}
else
{
NSError* error = nil;
NSMutableDictionary* json = nil;
NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
NSLog(@"%@", dataString);
if(nil != _connectionData)
{
json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
}
if (error || !json)
{
NSLog(@"Could not parse loaded json with error:%@", error);
}
NSLog(@"%@", json);
_connectionData = nil;
}
[pool drain];
return 0;
}
<?php
// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);
$query_params = array(
// Specify values for the following required parameters
'api-version' => '1.6',
);
$request = new Http_Request2('https://graph.windows.net/myorganization/directoryRoleTemplates');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
$url = $request->getUrl();
$url->setQueryVariables($query_params);
try
{
$response = $request->send();
echo $response->getBody();
}
catch (HttpException $ex)
{
echo $ex;
}
?>
########### Python 2.7 #############
import httplib, urllib, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = httplib.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoleTemplates?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.parse.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = http.client.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoleTemplates?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
require 'net/http'
uri = URI('https://graph.windows.net/myorganization/directoryRoleTemplates')
uri.query = URI.encode_www_form({
# Specify values for the following required parameters
'api-version' => '1.6',
})
request = Net::HTTP::Get.new(uri.request_uri)
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
http.request(request)
end
puts response.body
Activer un rôle d’annuaire
Active un rôle d’annuaire dans le locataire. Disponible dans la version 1.5 et les versions ultérieures. Le corps de la demande contient l’ID d’objet du modèle de rôle d’annuaire pour le rôle d’annuaire que vous souhaitez activer.
Remarque : dans les versions antérieures à la version 1.5, tous les rôles d’annuaire sont présents dans le locataire par défaut. À partir de la version 1.5, seul le rôle d’annuaire Administrateurs de la société est présent par défaut. Pour accéder et affecter des membres à un autre rôle d’annuaire, vous devez d’abord l’activer avec son modèle de rôle d’annuaire correspondant (DirectoryRoleTemplate).
Le tableau suivant indique les propriétés obligatoires lors de l’activation d’un rôle d’annuaire.
Paramètre obligatoire | Type | Description |
---|---|---|
roleTemplateId | string | objectId de l’DirectoryRoleTemplate basé sur le rôle. |
En cas de réussite, renvoie l’DirectoryRole nouvellement créé ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
POST https://graph.windows.net/myorganization/directoryRoles?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
Body | |||
Content-Type: application/json
|
Response
Status Code:201
Content-Type: application/json
{
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/Microsoft.DirectoryServices.DirectoryRole/@Element",
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "ebabdd59-04ba-46f0-bd7f-bef08fe8fa9b",
"deletionTimestamp": null,
"description": "Allows access to various read only tasks in the directory. ",
"displayName": "Directory Readers",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
}
Response List
Status Code | Description |
---|---|
201 | Created. Indicates success. The newly activated directory role is returned in the response body. |
Opérations sur les propriétés de navigation d’annuaire
Les propriétés de navigation représentent les relations entre une instance d’une entité et d’autres objets dans l’annuaire. Les rôles d’annuaire exposent uniquement une propriété de navigation, la propriété members. Cette propriété contient les utilisateurs et principaux du service qui ont été ajoutés au rôle d’annuaire. Vous pouvez lire (GET), ajouter (POST) et supprimer (DELETE) des membres du rôle d’annuaire en ciblant la propriété members.
Obtenir les membres d’un rôle d’annuaire
Obtient les membres du rôle d’annuaire à partir de la propriété de navigation members.
En cas de réussite, renvoie une collection de liens vers les User et ServicePrincipal qui sont membres du rôle d’annuaire ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
Remarque : vous pouvez supprimer le segment « $links » de l’URL pour renvoyer des DirectoryObjects pour les utilisateurs et principaux de service au lieu de liens.
GET https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
URL | |||
object_id | string | cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8 | The object ID (GUID) of the target directory role. |
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
GET https://graph.windows.net/myorganization/directoryRoles/cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8/$links/members?api-version=1.6
Response
Status Code:200
Content-Type: application/json
{
"odata.metadata": "https://graph.windows.net/myorganization/$metadata#directoryObjects/$links/members",
"value": [
{
"url": "https://graph.windows.net/myorganization/directoryObjects/f19096bf-a58c-46ba-9ffd-0344f1daecf8/Microsoft.DirectoryServices.User"
}
]
}
Response List
Status Code | Description |
---|---|
200 | OK. Indicates success. A collection of links to the directory role members is returned. |
Code Samples
using System;
using System.Net.Http.Headers;
using System.Text;
using System.Net.Http;
using System.Web;
namespace CSHttpClientSample
{
static class Program
{
static void Main()
{
MakeRequest();
Console.WriteLine("Hit ENTER to exit...");
Console.ReadLine();
}
static async void MakeRequest()
{
var client = new HttpClient();
var queryString = HttpUtility.ParseQueryString(string.Empty);
/* OAuth2 is required to access this API. For more information visit:
https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */
// Specify values for the following required parameters
queryString["api-version"] = "1.6";
// Specify values for path parameters (shown as {...})
var uri = "https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members?" + queryString;
var response = await client.GetAsync(uri);
if (response.Content != null)
{
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
}
}
@ECHO OFF
REM OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
REM Specify values for path parameters (shown as {...}), values for query parameters
curl -v -X GET "https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members?api-version=1.6&"^
// This sample uses the Apache HTTP client from HTTP Components (http://hc.apache.org/httpcomponents-client-ga/)
import java.net.URI;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
public class JavaSample {
public static void main(String[] args) {
HttpClient httpclient = HttpClients.createDefault();
try
{
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
URIBuilder builder = new URIBuilder("https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members");
// Specify values for the following required parameters
builder.setParameter("api-version", "1.6");
URI uri = builder.build();
HttpGet request = new HttpGet(uri);
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
}
catch (Exception e)
{
System.out.println(e.getMessage());
}
}
}
<!DOCTYPE html>
<html>
<head>
<title>JSSample</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
$(function() {
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
var params = {
// Specify values for the following required parameters
'api-version': "1.6",
};
$.ajax({
// Specify values for path parameters (shown as {...})
url: 'https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members?' + $.param(params),
type: 'GET',
})
.done(function(data) {
alert("success");
})
.fail(function() {
alert("error");
});
});
</script>
</body>
</html>
#import <Foundation/Foundation.h>
int main(int argc, const char * argv[])
{
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
NSString* path = @"https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members";
NSArray* array = @[
@"entities=true",
];
NSString* string = [array componentsJoinedByString:@"&"];
path = [path stringByAppendingFormat:@"?%@", string];
NSLog(@"%@", path);
NSMutableURLRequest* _request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:path]];
[_request setHTTPMethod:@"GET"];
NSURLResponse *response = nil;
NSError *error = nil;
NSData* _connectionData = [NSURLConnection sendSynchronousRequest:_request returningResponse:&response error:&error];
if(nil != error)
{
NSLog(@"Error: %@", error);
}
else
{
NSError* error = nil;
NSMutableDictionary* json = nil;
NSString* dataString = [[NSString alloc] initWithData:_connectionData encoding:NSUTF8StringEncoding];
NSLog(@"%@", dataString);
if(nil != _connectionData)
{
json = [NSJSONSerialization JSONObjectWithData:_connectionData options:NSJSONReadingMutableContainers error:&error];
}
if (error || !json)
{
NSLog(@"Could not parse loaded json with error:%@", error);
}
NSLog(@"%@", json);
_connectionData = nil;
}
[pool drain];
return 0;
}
<?php
// This sample uses the pecl_http package. (for more information: http://pecl.php.net/package/pecl_http)
require_once 'HTTP/Request2.php';
$headers = array(
);
$query_params = array(
// Specify values for the following required parameters
'api-version' => '1.6',
);
$request = new Http_Request2('https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setHeader($headers);
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
$url = $request->getUrl();
$url->setQueryVariables($query_params);
try
{
$response = $request->send();
echo $response->getBody();
}
catch (HttpException $ex)
{
echo $ex;
}
?>
########### Python 2.7 #############
import httplib, urllib, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = httplib.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoles/{object_id}/$links/members?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
########### Python 3.2 #############
import http.client, urllib.request, urllib.parse, urllib.error, base64
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
headers = {
}
params = urllib.parse.urlencode({
# Specify values for the following required parameters
'api-version': '1.6',
})
try:
conn = http.client.HTTPSConnection('graph.windows.net')
# Specify values for path parameters (shown as {...}) and request body if needed
conn.request("GET", "/myorganization/directoryRoles/{object_id}/$links/members?%s" % params, "", headers)
response = conn.getresponse()
data = response.read()
print(data)
conn.close()
except Exception as e:
print("[Errno {0}] {1}".format(e.errno, e.strerror))
####################################
require 'net/http'
uri = URI('https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members')
uri.query = URI.encode_www_form({
# Specify values for the following required parameters
'api-version' => '1.6',
})
request = Net::HTTP::Get.new(uri.request_uri)
# OAuth2 is required to access this API. For more information visit: https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
response = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
http.request(request)
end
puts response.body
Ajouter des membres d’un rôle d’annuaire
Ajoute un ou plusieurs membres à un rôle d’annuaire via la propriété de navigation members. Vous pouvez ajouter des utilisateurs ou des principaux de service. Le corps de la demande contient un ou plusieurs liens vers les Users et ServicePrincipals à ajouter.
En cas de réussite, aucun corps de réponse n’est renvoyé ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
POST https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
URL | |||
object_id | string | cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8 | The object ID (GUID) of the target directory role. |
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
Body | |||
Content-Type: application/json
|
POST https://graph.windows.net/myorganization/directoryRoles/cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8/$links/members?api-version=1.6
Response
Status Code:204
Content-Type: application/json
none
Response List
Status Code | Description |
---|---|
204 | No Content. Indicates success. No response body is returned. |
Supprimer un membre de rôle d’annuaire
Supprime un membre spécifié d’un rôle d’annuaire via la propriété de navigation members. Spécifiez l’ID d’objet de l’User ou ServicePrincipal à supprimer dans le segment d’URL final.
En cas de réussite, aucun corps de réponse n’est renvoyé ; sinon, le corps de la réponse contient les détails de l’erreur. Pour plus d’informations sur les erreurs, consultez Error Codes and Error Handling.
DELETE https://graph.windows.net/myorganization/directoryRoles/{object_id}/$links/members/{member_id}?api-version
Parameters
Parameter | Type | Value | Notes |
---|---|---|---|
URL | |||
object_id | string | cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8 | The object ID (GUID) of the target directory role. |
member_id | string | 3eb6055a-baeb-44d4-a1ea-2fee86d8891b | The object ID (GUID) of the member to be removed. Can be a user or a service principal. |
Query | |||
api-version | string | 1.6 | The version of the Graph API to target. Beginning with version 1.5, the api-version string is represented in major.minor format. Prior releases were represented as date strings: '2013-11-08' and '2013-04-05'. Required. |
DELETE https://graph.windows.net/myorganization/directoryRoles/cb5d9ae9-6e2c-41a0-9194-0d4aef426ba8/$links/members/3eb6055a-baeb-44d4-a1ea-2fee86d8891b?api-version=1.6
Response
Status Code:204
Content-Type: application/json
none
Response List
Status Code | Description |
---|---|
204 | No Content. Indicates success. No response body is returned. |
Fonctions et actions sur des rôles d’annuaire
Vous pouvez appeler les fonctions suivantes pour des rôles d’annuaire.
Obtenir les appartenances aux groupes et aux rôles d’annuaire (opération transitive)
Vous pouvez appeler la fonction getMemberObjects pour renvoyer tous les groupes et rôles d’annuaire dont un utilisateur, un contact, un principal de service ou un groupe est membre. La vérification est transitive pour les groupes (les rôles d’annuaire ne peuvent pas comporter de groupes ou d’autres rôles d’annuaire en tant que membres).
Obtenir des objets à partir d’une liste d’ID d’objet
Appelez la fonction getObjectsByObjectIds sur le service d’annuaire pour renvoyer les objets d’annuaire spécifiés dans une liste d’ID d’objet. Vous pouvez également spécifier les collections de ressources (utilisateurs, groupes, etc.) à examiner en spécifiant le paramètre types facultatif. Par exemple, cette fonction permet de rechercher les rôles d’annuaire dans la liste des ID d’objet renvoyés par la fonction getMemberObjects ci-dessus.
##Ressources supplémentaires
- Pour en savoir plus sur les fonctionnalités prises en charge, les capacités et les fonctionnalités en version préliminaire de l’API Graph, consultez Concepts de l’API Graph.