Forum Discussion

Adam Fowler's avatar
Adam Fowler
Iron Contributor
Mar 19, 2017

Azure AD B2B Inviting

Hi, There's been a lot of changes with Azure AD B2B and I wanted to see if anyone had already implemented a method to let internal users invite external accounts themselves?   There's both PowerSh...
Azure AD
Adam Fowler's avatar
Adam Fowler
Iron Contributor
Mar 20, 2017

I've been testing some of this in PowerShell using the Azure AD Preview module.

 

Inviting a user is easy enough:

 

New-AzureADMSInvitation -InvitedUserEmailAddress someexternaluser@externaldomain.com -SendInvitationMessage $True -InviteRedirectUrl "http://myapps.microsoft.com"

But adding that user to a group for them to access something I'm finding much tricker to automate.

 

First you'd have to find the group and then get the Object ID. But you also need to Object ID of the user you just invited.

 

Getting the Object ID of the user is tricky because the invite itself generates an ID in the ID field, but that's not the Object ID. That's hidden in the InvitedUser field, which contains other data too.

 

Getting the user via email address doesn't work, so this was the quickest way I could work it out:

 

$group = get-azureadgroup -SearchString "Sharepoint Online Testsite" | where {$_.dirsyncenabled -eq $null}

$newuser = New-AzureADMSInvitation -InvitedUserEmailAddress testy@contoso.com -InvitedUserDisplayName "Full Name" -sendinvitationmessage $true -InviteRedirectUrl "http://myapps.microsoft.com"

$newuser2 = get-azureaduser -SearchString $newuser.InvitedUserEmailAddress

Add-AzureADGroupMember -objectid $group.objectid -RefObjectId $newuser2.objectid

  • Adam Fowler's avatar
    Adam Fowler
    Iron Contributor
    Mar 23, 2017

    I've now found out that script won't work for inviting people who are using a public email account such as gmail or hotmail, as it parses the email address differently.

     

    Thankfully I can cut out a step and just use an object from inside an object inside an object :)

     

    $group = get-azureadgroup -SearchString "Sharepoint Online Testsite" | where {$_.dirsyncenabled -eq $null}

    $newuser = New-AzureADMSInvitation -InvitedUserEmailAddress testy@contoso.com -InvitedUserDisplayName "Full Name" -sendinvitationmessage $true -InviteRedirectUrl "http://myapps.microsoft.com/"

    Add-AzureADGroupMember -objectid $group.objectid -RefObjectId $newuser.InvitedUser.Id

    • Ianoo335's avatar
      Ianoo335
      Copper Contributor
      Jun 05, 2020
      Thank you very much for this post, was extremely helpful in my work.

      I do have a question though. How can I get the objectID of an invited user outside the scope of this script?

      For example, if I had already invited a user but then I want to create a separate script which calls for an objectID of a given invited user and then, let's say, add them to a group.

Resources