Forum Discussion

Unnie's avatar
Unnie
Iron Contributor
Dec 12, 2016

SharePoint Extranet & intranet migration to SPO

I am trying to understand the possible appraches I can take for migrating my company's extranet & intranet  to SharePoint online. Below are some keys facts about existing extranet:   1. Identity p...
SharePoint Online
Unnie's avatar
Unnie
Iron Contributor
Jun 14, 2018
Thanks for sharing these info. Did you have any issue with people picker? Did the external users end up in people picker for internal sites, since they are in the same AAD?
Fromelard's avatar
Fromelard
Iron Contributor
Jun 14, 2018

There is only one AAD in our case, but when you invite an external user, the system will create a mapped user into your internal AAD pointing the MS Identity system he/she used.

You can filter that when you go into the AAD portal and select the GUEST user type.

 

So the people Picker is using that AAD list as source when you add someone into and work quite well.

The main issue observed is related with the invitation sent to someone "USERA" who (for any personal reason) decided to transfer the invitation email to someone else "USERB" (his/her assistant, colleague, …), that will create a mapping into the AAD and SharePoint with a name displayed with "USERA" but with the USERB email address.

 

That create a mess internally and we have many support case related to that cleanup task, because the only solution is to remove totally that account from our SharePoint and AAD.

 

I detailed that case issue here (in French):

 - http://blogs.developpeur.org/fabrice69/archive/2018/05/11/office-365-comment-supprimer-un-compte-externe-d-un-site-sharepoint-online-en-mode-extranet.aspx

 

Fab

 

  • Unnie's avatar
    Unnie
    Iron Contributor
    Jun 14, 2018
    You can prevent USERA transfer invites to USERB , by enabling the setting "External users must accept sharing invitations using the same account that the invitations were sent to" . But coming back to my question regarding people picker. Since you have a single tenant , all external users will be present in your AAD as Guest accounts. So, these users will end up in people picker of the internal sites as well. How did you solve this problem? Since in my case external users are like 50k+ , so finding some common name users will be tricky as there can be multiple people with the same names. Yes, it does show the email in the people picker , but did you find any solution to avoid showing the external users in internal site people picker?
    • Fromelard's avatar
      Fromelard
      Iron Contributor
      Jun 14, 2018

      This is a real good question, and to be honest I did not evaluate that question.

      I never took attention for that people picker question in Intranet site calling the Guest accounts

       

      But for your question I tested our case to call someone in our AAD from an Intranet site and that is not working

       

      So did you observed that issue or it's only a risk you imagine to have ?

       

      Fab

      • Unnie's avatar
        Unnie
        Iron Contributor
        Jun 19, 2018
        Thanks for the screenshot. We do see Guest accounts in people picker for site collections where Sharing is disabled. Could you confirm this is not the case for you?

Resources