命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
创建新的 administrativeUnit。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
AdministrativeUnit.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
AdministrativeUnit.ReadWrite.All |
不可用。 |
重要
在具有工作或学校帐户的委托方案中,登录用户必须是成员用户或分配了受支持的Microsoft Entra角色或具有受支持角色权限的自定义角色。
特权角色管理员 是此操作支持的最低特权角色。
HTTP 请求
POST /administrativeUnits
POST /directory/administrativeUnits
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-type |
application/json. 必需。 |
请求正文
在请求正文中,提供 administrativeUnit 对象的 JSON 表示形式。
创建 administrativeUnit 时,可以指定以下属性。
| 属性 |
类型 |
说明 |
| 说明 |
String |
管理单元的说明。 可选。 |
| displayName |
String |
管理单元的显示名称。 必填。 |
| isMemberManagementRestricted |
布尔值 |
true 如果应将此管理单元的成员视为敏感,则需要特定的权限才能进行管理。 默认值为 false。 使用此属性可定义其角色不继承自租户级管理员的管理单元,并且单个成员对象的管理仅限于限定为受限管理单元的管理员。 不可变,因此以后无法更改。 可选。 |
| membershipRule |
String |
管理单元的动态成员身份规则。 有关可用于动态管理单元和动态组的规则的详细信息,请参阅在 Microsoft Entra ID 中管理动态成员身份组的规则。 可选。 |
| membershipRuleProcessingState |
String |
控制是否主动处理动态成员身份规则。 设置为 以 On 激活动态成员身份规则,或 Paused 设置为 停止动态更新成员身份。 可选。 |
| membershipType |
String |
指示管理单元的成员身份类型。 可能的值为: dynamic、 assigned。 如果未设置,则默认值为 null 并分配默认行为。 可选。 |
| visibility |
String |
管理单元的可见性。 如果未设置,则默认值为 null ,默认行为为公共。 可以将其设置为 以 HiddenMembership 对非成员隐藏成员身份。 可选。 |
administrativeUnit 资源支持扩展,这使你可以在创建管理单元时使用POST操作添加具有自己的数据的自定义属性。
响应
如果成功,此方法在响应正文中返回响应 201 Created 代码和 administrativeUnit 对象。
示例
示例 1:创建管理单元
以下示例创建一个新的管理单元,其中包含动态成员身份规则,以包括其国家/地区美国的所有用户。
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/administrativeUnits
Content-type: application/json
{
"displayName": "Seattle District Technical Schools",
"description": "Seattle district technical schools administration",
"membershipType": "Dynamic",
"membershipRule": "(user.country -eq \"United States\")",
"membershipRuleProcessingState": "On"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AdministrativeUnit
{
DisplayName = "Seattle District Technical Schools",
Description = "Seattle district technical schools administration",
MembershipType = "Dynamic",
MembershipRule = "(user.country -eq \"United States\")",
MembershipRuleProcessingState = "On",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.AdministrativeUnits.PostAsync(requestBody);
mgc-beta administrative-units create --body '{\
"displayName": "Seattle District Technical Schools",\
"description": "Seattle district technical schools administration",\
"membershipType": "Dynamic",\
"membershipRule": "(user.country -eq \"United States\")",\
"membershipRuleProcessingState": "On"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAdministrativeUnit()
displayName := "Seattle District Technical Schools"
requestBody.SetDisplayName(&displayName)
description := "Seattle district technical schools administration"
requestBody.SetDescription(&description)
membershipType := "Dynamic"
requestBody.SetMembershipType(&membershipType)
membershipRule := "(user.country -eq \"United States\")"
requestBody.SetMembershipRule(&membershipRule)
membershipRuleProcessingState := "On"
requestBody.SetMembershipRuleProcessingState(&membershipRuleProcessingState)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
administrativeUnits, err := graphClient.AdministrativeUnits().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AdministrativeUnit administrativeUnit = new AdministrativeUnit();
administrativeUnit.setDisplayName("Seattle District Technical Schools");
administrativeUnit.setDescription("Seattle district technical schools administration");
administrativeUnit.setMembershipType("Dynamic");
administrativeUnit.setMembershipRule("(user.country -eq \"United States\")");
administrativeUnit.setMembershipRuleProcessingState("On");
AdministrativeUnit result = graphClient.administrativeUnits().post(administrativeUnit);
const options = {
authProvider,
};
const client = Client.init(options);
const administrativeUnit = {
displayName: 'Seattle District Technical Schools',
description: 'Seattle district technical schools administration',
membershipType: 'Dynamic',
membershipRule: '(user.country -eq \"United States\")',
membershipRuleProcessingState: 'On'
};
await client.api('/administrativeUnits')
.version('beta')
.post(administrativeUnit);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AdministrativeUnit;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AdministrativeUnit();
$requestBody->setDisplayName('Seattle District Technical Schools');
$requestBody->setDescription('Seattle district technical schools administration');
$requestBody->setMembershipType('Dynamic');
$requestBody->setMembershipRule('(user.country -eq \"United States\")');
$requestBody->setMembershipRuleProcessingState('On');
$result = $graphServiceClient->administrativeUnits()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
$params = @{
displayName = "Seattle District Technical Schools"
description = "Seattle district technical schools administration"
membershipType = "Dynamic"
membershipRule = "(user.country -eq "United States")"
membershipRuleProcessingState = "On"
}
New-MgBetaAdministrativeUnit -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.administrative_unit import AdministrativeUnit
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AdministrativeUnit(
display_name = "Seattle District Technical Schools",
description = "Seattle district technical schools administration",
membership_type = "Dynamic",
membership_rule = "(user.country -eq \"United States\")",
membership_rule_processing_state = "On",
)
result = await graph_client.administrative_units.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",
"id": "49eb93f2-a5a2-4567-ad66-76a3ebd01d84",
"deletedDateTime": null,
"displayName": "Seattle District Technical Schools",
"description": "Seattle district technical schools administration",
"membershipRule": "(user.country -eq \"United States\")",
"membershipType": "Dynamic",
"membershipRuleProcessingState": "On"
}
示例 2:创建受限管理管理单元
以下示例创建新的受限管理管理单元。 属性 isMemberManagementRestricted 是不可变的,因此以后无法更改。
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/administrativeUnits
Content-type: application/json
{
"displayName": "Executive Division",
"description": "Executive division administration",
"isMemberManagementRestricted": true
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AdministrativeUnit
{
DisplayName = "Executive Division",
Description = "Executive division administration",
IsMemberManagementRestricted = true,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.AdministrativeUnits.PostAsync(requestBody);
mgc-beta administrative-units create --body '{\
"displayName": "Executive Division",\
"description": "Executive division administration",\
"isMemberManagementRestricted": true\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAdministrativeUnit()
displayName := "Executive Division"
requestBody.SetDisplayName(&displayName)
description := "Executive division administration"
requestBody.SetDescription(&description)
isMemberManagementRestricted := true
requestBody.SetIsMemberManagementRestricted(&isMemberManagementRestricted)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
administrativeUnits, err := graphClient.AdministrativeUnits().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AdministrativeUnit administrativeUnit = new AdministrativeUnit();
administrativeUnit.setDisplayName("Executive Division");
administrativeUnit.setDescription("Executive division administration");
administrativeUnit.setIsMemberManagementRestricted(true);
AdministrativeUnit result = graphClient.administrativeUnits().post(administrativeUnit);
const options = {
authProvider,
};
const client = Client.init(options);
const administrativeUnit = {
displayName: 'Executive Division',
description: 'Executive division administration',
isMemberManagementRestricted: true
};
await client.api('/administrativeUnits')
.version('beta')
.post(administrativeUnit);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AdministrativeUnit;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AdministrativeUnit();
$requestBody->setDisplayName('Executive Division');
$requestBody->setDescription('Executive division administration');
$requestBody->setIsMemberManagementRestricted(true);
$result = $graphServiceClient->administrativeUnits()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
$params = @{
displayName = "Executive Division"
description = "Executive division administration"
isMemberManagementRestricted = $true
}
New-MgBetaAdministrativeUnit -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.administrative_unit import AdministrativeUnit
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AdministrativeUnit(
display_name = "Executive Division",
description = "Executive division administration",
is_member_management_restricted = True,
)
result = await graph_client.administrative_units.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",
"id": "2sd35b05-ae71-48ab-9e7d-4r41a28te37d",
"deletedDateTime": null,
"displayName": "Executive Division",
"description": "Executive division administration",
"isMemberManagementRestricted": true
}
相关内容