Forum Discussion

Daniel Westerdale's avatar
Daniel Westerdale
Iron Contributor
Aug 29, 2019

Streamlining adding external users to our tenant and as members of a new SharePoint Online portal

Hi

 

I am adding a number of external users who all grouped by separate domains. From the Bulk invite AD B2B docs

 

 

foreach ($email in $invitations) 
   {New-AzureADMSInvitation `
      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
      -InvitedUserDisplayName $email.Name `
      -InviteRedirectUrl "<a href="https://mytenant.sharepoint.com/sites/YourNewPortal" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a>"`
      -InvitedUserMessageInfo $messageInfo `
      -SendInvitationMessage $true
   }

 

 

Now this worked first time with a couple of users  

 

 

Tomorrow I want to add a load more so 

  1.  Can I auto add each user to the tenant without the invite ( toggling the switch above) . Indeed the current process means I have to approve each invite which in this case won't be necessary.
  2.  Can I also add each user to the desired SharePoint group automatically
  3.  Is there a way  to extend 2) and add my (ext) domain grouped users to a designated AD group and then add the AD group to my desired SharePoint group .. so cut out the approvals. 

 

 

 

 

  • Corsino's avatar
    Corsino
    Copper Contributor

    Hi Daniel Westerdale,

     

    Regarding the 1st question, I'm not a Sharepoint Expert, so I hope someone can answer that question.

     

    Regarding the others, if you have the Sharepoint Group Object ID, you just need to add a line in your code:

    Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid #Adding B2B users directly to the Group
    foreach ($email in $invitations) 
       {New-AzureADMSInvitation `
          -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
          -InvitedUserDisplayName $email.Name `
          -InviteRedirectUrl "<a href="<a href="https://mytenant.sharepoint.com/sites/YourNewPortal" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a>" target="_blank"><a href="https://mytenant.sharepoint.com/sites/YourNewPortal</a" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a</a>>"`
          -InvitedUserMessageInfo $messageInfo `
          -SendInvitationMessage $true
       Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid #Adding B2B users directly to the Group
       
       }

     

    Regarding the 3rd questions, from what I know, nested groups are not supported.

    However, you can use  Dynamic Groups (You need a Premium license) and assign that group to SharePoint.

     

    I think this Dynamic Rule will be enough:

     

    (user.userPrincipalName -match "#EXT#@DomainYouWantToAssignUsers.com")
    • Daniel Westerdale's avatar
      Daniel Westerdale
      Iron Contributor

      Corsino 

       

      Very interesting answers. Thanks you, I like your approach.  I was code going to add Add-PnPUserToGroup  but i think your approach is more elegant. I did find that trying to add external user who was already on the tenant caused and exception which needed to handle 

       

      I will look at dynamic groups as it looks useful if the domain in question is "safe" . 

Resources