Using the Graph API to change the password programmatically in Azure AD B2C
There’s a write up here on using .NET Core to access the B2C Graph API.
It gives you the following commands:
 Get all users (one page)
 Get user by object ID
 Get user by sign-in name
 Delete user by object ID
 Update user password
 Create users (bulk import)
 Create user with custom attributes and show result
 Get all users (one page) with custom attributes
[help] Show available commands
[exit] Exit the program
All well and good except for option 5- change password.
It gives you a null object error. Very confusing because you don’t have the correct permissions and the article doesn’t tell you what the correct permissions are.
I had these:
You need to add the User administrator role as per this i.e.
- Sign in to the Azure portal and use the Directory + Subscription filter to switch to your Azure AD B2C tenant.
- Search for and select Azure AD B2C.
- Under Manage, select Roles and administrators.
- Select the User administrator role.
- Select Add assignments.
- In the Select text box, enter the name or the ID of the application you registered earlier, for example, managementapp1. When it appears in the search results, select your application.
- Select Add. It might take a few minutes to for the permissions to fully propagate.
The password change will now work!
This is a really useful feature because you can use it to change the passwords of e.g. test users that often don’t have real email addresses and hence can’t do password reset.