Forum Discussion

Tim_Opie's avatar
Tim_Opie
Copper Contributor
Mar 08, 2023

Adding B2B guests and adding to security group

Hi,

 

New-ish to Powershell so hoping this isn't a dumb question.

It all seems to work as parts but wont run as a whole. The inviting the guest works, just wont add the user to the test security group.

When (Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID is run it returns the correct ObjectID.

When the whole Add-AzureAdGroupMember is run it doesn't return any errors but isn't adding the user to the group.

 

 

 

$invitations = import-csv C:\B2BUploads\Test.csv

$messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo

$messageInfo.customizedMessageBody = "Welcome message"

$GroupID = ((Get-AzureADGroup -Filter "Displayname eq 'Test'").ObjectID)

foreach ($email in $invitations)
   {New-AzureADMSInvitation `
      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
      -InvitedUserDisplayName $email.Name `
      -InviteRedirectUrl https://sharepoint site here `
      -InvitedUserMessageInfo $messageInfo `
      -SendInvitationMessage $true
   }
   and
   {Add-AzureADGroupMember
   -ObjectId $GroupID
   -RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID)
   }

 

 

 

  • Tim_Opie 

     

    Hello!

    From what I can see, the issue is likely related to the fact that the Add-AzureADGroupMember command is running outside of the foreach loop. This means that it's trying to add the user to the group using the last value of $email.Name, which is likely not what you intended.

    To fix this, you should move the Add-AzureADGroupMember command inside the foreach loop, like this:

     

     

    $invitations = import-csv C:\B2BUploads\Test.csv
    
    $messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo
    $messageInfo.customizedMessageBody = "Welcome message"
    
    $GroupID = ((Get-AzureADGroup -Filter "Displayname eq 'Test'").ObjectID)
    
    foreach ($email in $invitations) {
        New-AzureADMSInvitation `
            -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
            -InvitedUserDisplayName $email.Name `
            -InviteRedirectUrl https://sharepoint site here `
            -InvitedUserMessageInfo $messageInfo `
            -SendInvitationMessage $true
    
        Add-AzureADGroupMember `
            -ObjectId $GroupID `
            -RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID)
    }

     

    This should ensure that the Add-AzureADGroupMember command is run once for each email address in the CSV file, using the correct value of $email.Name each time.

    • Tim_Opie's avatar
      Tim_Opie
      Copper Contributor

      Varun_Ghildiyal 

       

      Thank you very much for your reply!

      I have tried the changes you have suggested but is now giving this error below. I wonder if it is because its trying to add the user before its been created? (If the user isnt created yet then the RefObjectID being equal to null would make sence).

       

      Add-AzureADGroupMember : Cannot bind argument to parameter 'RefObjectId' because it is null.
      At line:19 char:22
      + ... RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayNa ...
      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidData: (:) [Add-AzureADGroupMember], ParameterBindingValidationException
          + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.AzureAD16.PowerShell.AddGroupMem 
         ber
       

       

       

      • Tim_Opie's avatar
        Tim_Opie
        Copper Contributor

        Think I have somehow got it, this seems to run with a single user, will test with multiples soon. Probably not technically right but it works so far so thats the main thing!

         

        $invitations = import-csv C:\B2BUploads\Test.csv
        
        $messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo
        
        $messageInfo.customizedMessageBody = "Welcome message"
        
        $GroupID = ((Get-AzureADGroup -Filter "Displayname eq 'Test'").ObjectID)
        
        $newuser = foreach ($email in $invitations) {
            New-AzureADMSInvitation `
                -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
                -InvitedUserDisplayName $email.Name `
                -InviteRedirectUrl https://google.com `
                -InvitedUserMessageInfo $messageInfo `
                -SendInvitationMessage $true
        }
        
        $newuser `
        
        Start-Sleep -Seconds 2
        
        foreach ($email in $invitations) {
            Add-AzureADGroupMember `
                -ObjectId $GroupID `
                -RefObjectID ((Get-AzureAdUser -All $true | Where-Object {$_.DisplayName -in $email.Name}).ObjectID)
        }

         

         

Resources