(Graph APIs - PHP WebApp) Need help and guidance


  • Hi,

    We would like to user Graph API to create users in Office 365.  We have on-premise AD.  And our Office 365 (Azure) syncs with on-premise AD.  We want our users to visit our signup web application which creates account in on-premise AD.  We would like to create their Office 365 account as well in the back-end and its great if they can log in as soon as the account is created. 

    I've tried following, but we are seeing two issues so far: User is not able to log in through our SSO login page and directory sync creates another account for the user in Office 365 (Azure).  Can some one please help me figuring out if we doing something wrong or we missed something.  Really appreciate any help and guidance.

    1.  A function which extracts objectGUID from AD user object.

    $filter = "(userPrincipalName=$email)";
                            $attributes_list = array("objectguid");
                            $search_result = ldap_search($connect_result, $ldap_basedn, $filter, $attributes_list);
                            $info1 = ldap_get_entries($connect_result, $search_result);
                            if($info1["count"] > 0) {
                                                    $guid = "";
                                                    if(isset($info1[0]["objectguid"][0])) {
                                                                    $binary_guid = $info1[0]["objectguid"][0];
                                                                    $unpacked = unpack('Va/v2b/n2c/Nd', $binary_guid);
                                                                    $guid = sprintf('%08X-%04X-%04X-%04X-%04X%08X', $unpacked['a'], $unpacked['b1'], $unpacked['b2'], $unpacked['c1'], $unpacked['c2'], $unpacked['d']);
                                                                    $flag_guid = true;

    2.  create Office 365 user by encoding this GUID with bace64

    $data_to_encode = array(
                    'accountEnabled' => true,
                    'onPremisesImmutableId' => base64_encode($guid),
                    'givenName' => $first_name,
                    'surname' => $last_name,
                    'displayName' => $display_name,
                    'mailNickname' => $alias,
                    'userPrincipalName' => $upn,
                    //'mail' => $upn,
                    'usageLocation' => 'US',
                    //'proxyAddresses' => array(
                    //      'SMTP:'.$upn,
                    //      'smtp:'.$alias.''
                    'passwordProfile' => array(
                        'forceChangePasswordNextSignIn' => 'false',
                        'password' => $passwd

    3. Assign licenses

    $data_to_encode = array(
                    'addLicenses' => array(
                            'disabledPlans' => array(),
                            'skuId' => 'skuid-1-for-license'
                            'disabledPlans' => array(),
                            'skuId' => 'skuid-2-for-license'
                    'removeLicenses' => array()

    Tuesday, April 25, 2017 3:21 PM

All replies