Using the Graph API to change the password programmatically in Azure AD B2C

password by Gregor Cresnar from the Noun Project

There’s a write up here on using .NET Core to access the B2C Graph API.

It gives you the following commands:

Command  Description
[1] Get all users (one page)
[2] Get user by object ID
[3] Get user by sign-in name
[4] Delete user by object ID
[5] Update user password
[6] Create users (bulk import)
[7] Create user with custom attributes and show result
[8] Get all users (one page) with custom attributes
[help] Show available commands
[exit] Exit the program

All well and good except for option 5- change password.

It gives you a null object error. Very confusing because you don’t have the correct permissions and the article doesn’t tell you what the correct permissions are.

I had these:

You need to add the User administrator role as per this i.e.

  1. Sign in to the Azure portal and use the Directory + Subscription filter to switch to your Azure AD B2C tenant.
  2. Search for and select Azure AD B2C.
  3. Under Manage, select Roles and administrators.
  4. Select the User administrator role.
  5. Select Add assignments.
  6. In the Select text box, enter the name or the ID of the application you registered earlier, for example, managementapp1. When it appears in the search results, select your application.
  7. Select Add. It might take a few minutes to for the permissions to fully propagate.

The password change will now work!

This is a really useful feature because you can use it to change the passwords of e.g. test users that often don’t have real email addresses and hence can’t do password reset.

All good!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rory Braybrook

Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: Presentations: