Question

I want to create azure ad groups and a DevOps project. Then I want to grand azure ad group permission. But I understood that they don't sync instantly. 

import json

PAT = 'MY_PAT'

cred = HTTPBasicAuth({mymail}, PAT)


#create AAD groups

projectName = 'projectdeploy6'

URL = "https://graph.microsoft.com/v1.0/groups"

headers = {"Authorization": f"Bearer {JWT}"}

data= {

    'displayName': f'AAD_{projectName}_reader',

    'mailEnabled': 'false',

    'mailNickname': 'none',

    'securityEnabled': 'true'

    }

r = requests.post(URL, json=data,headers=headers)

string = r.content.decode('utf-8')

readerId=json.loads(string)['id']


data['displayName'] = f'AAD_{projectName}_ProjectAdmin'

r = requests.post(URL, json=data,headers=headers)

string = r.content.decode('utf-8')

adminId=json.loads(string)['id']



data['displayName'] = f'AAD_{projectName}_Contributor'

r = requests.post(URL, json=data,headers=headers)

string = r.content.decode('utf-8')

contrId=json.loads(string)['id']



# create project

requesturl = f"https://dev.azure.com/{org}/_apis/projects?api-version=6.0"

data = {

                "name": projectName,

                "description": "description is requred",

                "capabilities": {

                    "versioncontrol": {

                    "sourceControlType": "Git"

                    },

                    "processTemplate": {

                    "templateTypeId": "6b724908-ef14-45cf-84f8-768b5384da45"

                    }

                }

            } 

r = requests.post(requesturl, json = data, auth=cred)


time.sleep(15)


url = f"https://dev.azure.com/{org}/_apis/projects/{projectName}?api-version=6.0"

r = requests.get(url, auth=cred)

project = json.loads(r.content)


url= f"https://vssps.dev.azure.com/{org}/_apis/graph/descriptors/{project['id']}"

r = requests.get(url, auth=cred)

projectScp =json.loads(r.content)['value']



#get AAD groups

url = 'https://vssps.dev.azure.com/{org}/_apis/graph/groups?api-version=5.1-preview.1'

r = requests.get(url, auth=cred)

d = json.loads(r.content)

adminAADGroup =[group for group in d['value'] if group['originId'] == adminId][0]

readerAADGroup =[group for group in d['value'] if group['originId'] == readerId][0]

contrAADGroup =[group for group in d['value'] if group['originId'] == contrId][0]


# get ADO groups

url = f"https://vssps.dev.azure.com/{org}/_apis/graph/groups?api-version=6.0-preview.1&scopeDescriptor={projectScp}&$search='displayName:projectdeploy1 Team'"

r = requests.get(url, auth=cred)

d = json.loads(r.content)

adminADOGroup = [group for group in d['value'] if group['displayName'] == 'Project Administrators'][0]

contrADOGroup = [group for group in d['value'] if group['displayName'] == 'Contributors'][0]

readerADOGroup = [group for group in d['value'] if group['displayName'] == 'Readers'][0]



url = f"https://vssps.dev.azure.com/{org}/_apis/graph/memberships/{adminAADGroup['descriptor']}/{adminADOGroup['descriptor']}?api-version=6.1-preview.1"

r = requests.put(url, auth=cred)

json.loads(r.content)

It fails at this line:

adminAADGroup =[group for group in d['value'] if group['originId'] == adminId][0]

I captured the call in postman:

{

    "$id": "1",

    "innerException": null,

    "message": "TF400898: An Internal Error Occurred. Activity Id: GUID.",

    "typeName": "Microsoft.VisualStudio.Services.IdentityPicker.IdentityPickerArgumentException, Microsoft.TeamFoundation.Framework.Server",

    "typeKey": "IdentityPickerArgumentException",

    "errorCode": 0,

    "eventId": 0

}

Can someone help me solve this issue?