Forum Discussion
Adding B2B guests and adding to security group
Hi,
New-ish to Powershell so hoping this isn't a dumb question.
It all seems to work as parts but wont run as a whole. The inviting the guest works, just wont add the user to the test security group.
When (Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID is run it returns the correct ObjectID.
When the whole Add-AzureAdGroupMember is run it doesn't return any errors but isn't adding the user to the group.
$invitations = import-csv C:\B2BUploads\Test.csv
$messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo
$messageInfo.customizedMessageBody = "Welcome message"
$GroupID = ((Get-AzureADGroup -Filter "Displayname eq 'Test'").ObjectID)
foreach ($email in $invitations)
{New-AzureADMSInvitation `
-InvitedUserEmailAddress $email.InvitedUserEmailAddress `
-InvitedUserDisplayName $email.Name `
-InviteRedirectUrl https://sharepoint site here `
-InvitedUserMessageInfo $messageInfo `
-SendInvitationMessage $true
}
and
{Add-AzureADGroupMember
-ObjectId $GroupID
-RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID)
}
- Varun_GhildiyalBrass Contributor
Hello!
From what I can see, the issue is likely related to the fact that the Add-AzureADGroupMember command is running outside of the foreach loop. This means that it's trying to add the user to the group using the last value of $email.Name, which is likely not what you intended.
To fix this, you should move the Add-AzureADGroupMember command inside the foreach loop, like this:
$invitations = import-csv C:\B2BUploads\Test.csv $messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo $messageInfo.customizedMessageBody = "Welcome message" $GroupID = ((Get-AzureADGroup -Filter "Displayname eq 'Test'").ObjectID) foreach ($email in $invitations) { New-AzureADMSInvitation ` -InvitedUserEmailAddress $email.InvitedUserEmailAddress ` -InvitedUserDisplayName $email.Name ` -InviteRedirectUrl https://sharepoint site here ` -InvitedUserMessageInfo $messageInfo ` -SendInvitationMessage $true Add-AzureADGroupMember ` -ObjectId $GroupID ` -RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID) }
This should ensure that the Add-AzureADGroupMember command is run once for each email address in the CSV file, using the correct value of $email.Name each time.
- Tim_OpieCopper Contributor
Thank you very much for your reply!
I have tried the changes you have suggested but is now giving this error below. I wonder if it is because its trying to add the user before its been created? (If the user isnt created yet then the RefObjectID being equal to null would make sence).
Add-AzureADGroupMember : Cannot bind argument to parameter 'RefObjectId' because it is null. At line:19 char:22 + ... RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayNa ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Add-AzureADGroupMember], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.AddGroupMem ber
- Tim_OpieCopper Contributor
Think I have somehow got it, this seems to run with a single user, will test with multiples soon. Probably not technically right but it works so far so thats the main thing!
$invitations = import-csv C:\B2BUploads\Test.csv $messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo $messageInfo.customizedMessageBody = "Welcome message" $GroupID = ((Get-AzureADGroup -Filter "Displayname eq 'Test'").ObjectID) $newuser = foreach ($email in $invitations) { New-AzureADMSInvitation ` -InvitedUserEmailAddress $email.InvitedUserEmailAddress ` -InvitedUserDisplayName $email.Name ` -InviteRedirectUrl https://google.com ` -InvitedUserMessageInfo $messageInfo ` -SendInvitationMessage $true } $newuser ` Start-Sleep -Seconds 2 foreach ($email in $invitations) { Add-AzureADGroupMember ` -ObjectId $GroupID ` -RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID) }