Entra ID Schema Extension with custom Namespace
I'm currently playing with schema extension and custom namespaces around and I get some strange error messages - maybe some of you know how to deal with it:
According to M$ documentation: domains with following tld's are supported to create schema extensions: .org. net. com
I've created the following Graph Query:
$Query = @{
Method = "POST"
Headers = @{
Authorization = ("Bearer " + $JWT)
}
URI = "https://graph.microsoft.com/v1.0/schemaExtensions"
ContentType = "application/json"
Body = @{
id = 'd***demo.com_CustomAttributes'
description = 'Custom Attribute für das Entra ID'
targetTypes = @(
'Group'
)
properties = @(
@{
name = 'SomeFancyAttribute1'
type = 'Boolean'
}
)
} | ConvertTo-Json
}
Invoke-RestMethod @Query
While posting this Schema Extension, Graph replied with:
"Your organization must own the namespace d***demo.com as a part of one of the verified domains."
But the Domain is added and verified....
$Query = @{
Method = "GET"
Headers = @{
Authorization = ("Bearer " + $JWT)
}
URI = "https://graph.microsoft.com/v1.0/domains/d***demo.com"
ContentType = "application/json"
}
Invoke-RestMethod @Query
Did anyone of you had a similar experience and could tell me how to solve this or is Microsoft just doing Microsoft things?
I'm not 100% sure of this, please verify if this works for you.
The documentation says this:
If you already have a vanity .com,.net, .gov, .edu or a .org domain that's verified with your tenant, you can use the domain name along with the schema name to define a unique name, in this format {domainName}_{schemaName}. For example, if your vanity domain is contoso.com, you can define an id of contoso_mySchema. This option is highly recommended.
So your id should be:
id = 'd***demo_CustomAttributes'
- How to get username after logged in?.I am trying with MSAL (@azure/msal-angular) for Azure Signin
- Display all the user's files using Microsoft Graph API not working
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- How to call Microsoft Graph API from ASP.NET Core Web API that is called by SPA
- add-kdsrootkey error the request is not supported
- AADSTS50011: The redirect URI http does not match the redirect URIs
- Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
- Getting user data through an Azure AD OAuth login - React Native Expo App
- HTTP request to update Service Principal Entra
- on-behalf-of flow, getting error AADSTS50013 while acquiring obo token
- Azure AD B2C Password Reset
- ASP.NET Core 5 WebAPI - Azure AD - Call Graph API Using Azure Ad Access Token
- Programmatically Assign Exchange Roles to a Group in Azure AD using Microsoft Graph API
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
- Signature validation of my Azure access-token, Private-key?
- Entra ID OIDC Failed Auth Attempt Logs
- REST API service when called from azure APIM returning empty response body with Status code 200
- How to register your Azure resource as an Application in Azure Active Directory?
- Is it possible to add multiple audiences to AAD bearer token?
- Non-interactive way to authenticate to Azure AD using AADInternals?
- I am trying to update an existing user i made through graph api in my code, but i get a 403 error back from azure graph api
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Getting a token from Microsoft Intra ID with PostMan using MFA
- MSAL for non-SPA? Server side authentication?
- Error 403 User not authorized when trying to access Azure Databricks API through Active Directory
- Add Azure Active Directory User to Azure SQL Database
- How to use stored procedure parameters as dynamic content in copy activity using ADF
- Azure AD B2C error AADB2C90057 when I am NOT trying to use the implicit flow
- “That Microsoft account doesn’t exist” for Microsoft logins on Auth0
- You don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action'