administrativeUnit resource type

An administrative unit provides a conceptual container for User and Group directory objects. Using administrative units, a company administrator can now delegate administrative responsibilities to manage the users and groups contained within or scoped to an administrative unit to a regional or departmental administrator.

Let's look at an example. Imagine that Contoso Corp is made up of two divisions - a West Coast Division and an East Coast Division. Directory roles at Contoso are scoped to the entire tenant. Lee, a Contoso company administrator, wants to delegate administrative responsibilities, but scope them to the West Coast Division or the East Coast division. Lee can create a West Coast admistrative unit and place all West Coast users into this administrative unit. Similarly, Lee can create an East Coast adminstrative unit. Now Lee, can start delegating administrative responsibilities to others, but scoped to the new administrative units he's created. Lee places Jennifer in a helpdesk administrator role scoped to the West Coast administrative unit. This allows Jennifer to reset any user's password, but only if those users are in the West Coast administrative unit. Similarly, Lee places Dave in a user account administrator role scoped to the East Coast administrative unit. This allows Dave to update users, assign licenses and reset any user's password, but only if those users are in the East Coast administrative unit. For a video overview, please see Introduction to Azure Active Directory Administrative Units.

This resource lets you add your own data to custom properties using extensions.

This topic provides descriptions of the declared properties and navigation properties exposed by the administrativeUnit entity, as well as the operations and functions that can be called on the administrativeUnits resource.

Methods

Method Return Type Description
Create administrativeUnit administrativeUnit Create a new administrative unit.
List administrativeUnits administrativeUnit collection List properties of all administrativeUnits.
Get administrativeUnit administrativeUnit Read properties and relationships of a specific administrativeUnit object.
Update adminstrativeUnit administrativeUnit Update administrativeUnit object.
Delete adminstrativeUnit None Delete administrativeUnit object.
Add a member directoryObject Add a member (user or group).
List members directoryObject collection Get the list of (user and group) members.
Get a member directoryObject Get a specific member.
Remove a member directoryObject Remove a member.
Add scoped-role administrator scopedRoleMembership Add a scoped-role administrator.
List scoped-role administrators scopedRoleMembership collection Get the list of scoped-role adminstrators.
Get a scoped-role administrator scopedRoleMembership Get a specific scoped-role administrator.
Remove a scoped-role administrator scopedRoleMembership Remove a scoped-role administrator.
Open extensions
Create open extension openTypeExtension Create an open extension and add custom properties to a new or existing resource.
Get open extension openTypeExtension collection Get an open extension identified by the extension name.

Properties

Property Type Description
description string An optional description for the administrative unit.
displayName string Display name for the administrative unit.
id string Unique identifier for the administrative unit. Read-only.
visibility string Controls whether the adminstrative unit and its members are hidden or public. Can be set to HiddenMembership or Public. If not set, default behavior is Public. When set to HiddenMembership, only members of the administrative unit can list other members of the adminstrative unit.

Relationships

Relationship Type Description
extensions extension collection The collection of open extensions defined for this Administrative Unit. Nullable.
members directoryObject collection Users and groups that are members of this Adminsitrative Unit. HTTP Methods: GET (list members), POST (add members), DELETE (remove members).
scopedAdministrators scopedRoleMembership collection Scoped administrators of this Administrative Unit. HTTP Methods: GET (list scopedRoleMemberships), POST (add scopedRoleMembership), DELETE (remove scopedRoleMembership).

JSON representation

Here is a JSON representation of the resource.

{
  "description": "string",
  "displayName": "string",
  "id": "string (identifier)",
  "visibility": "string"
}

See also