Update the Azure AD group with member list

Which IIQ version are you inquiring about?

8.3.x

Need to update the azure ad group with the list of members
The below is the code and this is not adding the members.
Getting error as “Resource ’ ’ doesn’t exist or one of the queried reference property objects are not present.”
Is there any issue in code or need any change in schema config
it will be helpful if there are any other ways to update member list for a group

Code:

ProvisioningPlan plan = new ProvisioningPlan();
List accountReqList = new ArrayList();

ObjectRequest objectReq = new ObjectRequest();
objectReq.setOperation(ObjectOperation.Modify);
objectReq.setApplication(“Azure AD”);
objectReq.setNativeIdentity(groupObjectId);

// Add member 1
AttributeRequest memberReq1 = new AttributeRequest(“member”, Operation.Add, member1ObjectId);
objectReq.add(memberReq1);

// Add member 2
AttributeRequest memberReq2 = new AttributeRequest(“member”, Operation.Add, member2ObjectId);
objectReq.add(memberReq2);

accountReqList.add(objectReq);
plan.setObjectRequests(accountReqList);

Provisioner provisioner = new Provisioner(context);
provisioner.execute(provisioner.compile(plan));

Hi @satheeshv ,

Instead of creating an Object Request, use Account Request for each member.

Please refer the plan.

ProvisioningPlan plan = new ProvisioningPlan();
AccountRequest acctReq = new AccountRequest();

acctReq.setOperation(ProvisioningPlan.AccountRequest.Operation.Modify);

acctReq.setApplication("Azure AD");

acctReq.setNativeIdentity(link.getNativeIdentity());

acctReq.add(new AttributeRequest("groups",ProvisioningPlan.Operation.Add,"group id")));

accreqs.add(acctReq);

plan.setAccountRequests(accreqs);

plan.setIdentity(identity); 
Provisioner provisioner = new Provisioner(context);
provisioner.execute(provisioner.compile(plan));

Hi @Arun-Kumar
Thanks for your reply.

Do we need to create multiple provisioning plans (one plan for one user) to handle the multiple users provisioning

Thanks

Hi @satheeshv ,

Separate ProvisioningPlan is required for each identity. If you have a list of identities, you can iterate through the list and generate an individual ProvisioningPlan for each identity

Refer the below code.

QueryOptions q = new QueryOptions();
  q.add(Filter.eq("application.name", "Azure AD"));
  q.setCloneResults(true);
  Iterator i = context.search(Link.class, q);

  while (i.hasNext()) {
    Link link = i.next(); 
    Identity identity = link.getIdentity(); 
    String identityName = identity.getName(); 
    String nativeIdentity = link.getNativeIdentity(); 

    if (identity != null) { 
      AccountRequest acctReq = new AccountRequest();

      acctReq.setOperation(ProvisioningPlan.AccountRequest.Operation.Modify);

      acctReq.setApplication("Azure AD");

      acctReq.setNativeIdentity(link.getNativeIdentity());
      acctReq.add(new AttributeRequest("groups",ProvisioningPlan.Operation.Add,"group id")));


      ProvisioningPlan plan = new ProvisioningPlan();
      plan.add(acctReq); 
      plan.setIdentity(identity);

      try {
        Provisioner provisioner = new Provisioner(context);
        provisioner.execute(plan); 
      } catch (Exception e) {
        log.error("Could not provision", e);
      }
    }
  }

  return "success"; 

Hi Arunkumar,
Part of the requirement , we have around 50 to 60 users to add to the Azure AD group, It is difficult to execute this number of provisioning plans.
Is there any optimal solution as how we do in Active directory to add the members to a group,
AttributeRequest memberReq1 = new AttributeRequest(“member”, Operation.Add, memberList);

This way we have one plan to achieve the task. Any thoughts on this approach ?

Hi @satheeshv ,

You can go with Batch Request.
Prepare the csv file for add Entitlement and run the batch request.

Hi @Arun-Kumar

BatchRequest will not work for this case.
We need to handle the request for form submission in ServiceNow.
Form is about selecting a group with multiple users selection.

Thanks