Home

Streamlining adding external users to our tenant and as members of a new SharePoint Online portal

%3CLINGO-SUB%20id%3D%22lingo-sub-829494%22%20slang%3D%22en-US%22%3EStreamlining%20adding%20external%20users%20to%20our%20tenant%20and%20as%20members%20of%20a%20new%20SharePoint%20Online%20portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-829494%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20adding%20a%20number%20of%20external%20users%20who%20all%20grouped%20by%20separate%20domains.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Ftutorial-bulk-invite%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EFrom%20the%20Bulk%20invite%20AD%20B2B%20docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Eforeach%20(%24email%20in%20%24invitations)%20%0A%20%20%20%7BNew-AzureADMSInvitation%20%60%0A%20%20%20%20%20%20-InvitedUserEmailAddress%20%24email.InvitedUserEmailAddress%20%60%0A%20%20%20%20%20%20-InvitedUserDisplayName%20%24email.Name%20%60%0A%20%20%20%20%20%20-InviteRedirectUrl%20%22%3CA%20href%3D%22https%3A%2F%2Fmytenant.sharepoint.com%2Fsites%2FYourNewPortal%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmytenant.sharepoint.com%2Fsites%2FYourNewPortal%3C%2FA%3E%22%60%0A%20%20%20%20%20%20-InvitedUserMessageInfo%20%24messageInfo%20%60%0A%20%20%20%20%20%20-SendInvitationMessage%20%24true%0A%20%20%20%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20this%20worked%20first%20time%20with%20a%20couple%20of%20users%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20625px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F129125i072854F1503D7C43%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Approva%20another%20external%20user2.png%22%20title%3D%22Approva%20another%20external%20user2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ETomorrow%20I%20want%20to%20add%20a%20load%20more%20so%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3E%26nbsp%3BCan%20I%20auto%20add%20each%20user%20to%20the%20tenant%20without%20the%20invite%20(%20toggling%20the%20switch%20above)%20.%20Indeed%20the%20current%20process%20means%20I%20have%20to%20approve%20each%20invite%20which%20in%20this%20case%20won't%20be%20necessary.%3C%2FLI%3E%3CLI%3E%26nbsp%3BCan%20I%20also%20add%20each%20user%20to%20the%20desired%20SharePoint%20group%20automatically%3C%2FLI%3E%3CLI%3E%26nbsp%3BIs%20there%20a%20way%26nbsp%3B%20to%20extend%202)%20and%20add%20my%20(ext)%20domain%20grouped%20users%20to%20a%20designated%20AD%20group%20and%20then%20add%20the%20AD%20group%20to%20my%20desired%20SharePoint%20group%20..%20so%20cut%20out%20the%20approvals.%26nbsp%3B%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-829494%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20B2B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878644%22%20slang%3D%22en-US%22%3ERe%3A%20Streamlining%20adding%20external%20users%20to%20our%20tenant%20and%20as%20members%20of%20a%20new%20SharePoint%20Online%20port%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878644%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5701%22%20target%3D%22_blank%22%3E%40Daniel%20Westerdale%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%201st%20question%2C%20I'm%20not%20a%20Sharepoint%20Expert%2C%20so%20I%20hope%20someone%20can%20answer%20that%20question.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%20others%2C%20if%20you%20have%20the%20Sharepoint%20Group%20Object%20ID%2C%20you%20just%20need%20to%20add%20a%20line%20in%20your%20code%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EAdd-AzureADGroupMember%20-ObjectId%20%24groupID%20-RefObjectId%20%24userid%20%23Adding%20B2B%20users%20directly%20to%20the%20Group%3C%2FCODE%3E%3C%2FPRE%3E%3CPRE%20class%3D%22lia-code-sample%20language-c%22%3E%3CCODE%3Eforeach%20(%24email%20in%20%24invitations)%20%0A%20%20%20%7BNew-AzureADMSInvitation%20%60%0A%20%20%20%20%20%20-InvitedUserEmailAddress%20%24email.InvitedUserEmailAddress%20%60%0A%20%20%20%20%20%20-InvitedUserDisplayName%20%24email.Name%20%60%0A%20%20%20%20%20%20-InviteRedirectUrl%20%22%3CA%20href%3D%22%26lt%3Ba%20href%3D%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Fmytenant.sharepoint.com%2Fsites%2FYourNewPortal%3C%2FA%3E%22%20target%3D%22_blank%22%26gt%3B%3CA%20href%3D%22https%3A%2F%2Fmytenant.sharepoint.com%2Fsites%2FYourNewPortal%26lt%3B%2Fa%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmytenant.sharepoint.com%2Fsites%2FYourNewPortal%3C%2FA%3E%26gt%3B%22%60%0A%20%20%20%20%20%20-InvitedUserMessageInfo%20%24messageInfo%20%60%0A%20%20%20%20%20%20-SendInvitationMessage%20%24true%0A%20%20%20Add-AzureADGroupMember%20-ObjectId%20%24groupID%20-RefObjectId%20%24userid%20%23Adding%20B2B%20users%20directly%20to%20the%20Group%0A%20%20%20%0A%20%20%20%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%203rd%20questions%2C%20from%20what%20I%20know%2C%20nested%20groups%20are%20not%20supported.%3C%2FP%3E%3CP%3EHowever%2C%20you%20can%20use%20%26nbsp%3BDynamic%20Groups%20(You%20need%20a%20Premium%20license)%20and%20assign%20that%20group%20to%20SharePoint.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20this%20Dynamic%20Rule%20will%20be%20enough%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-php%22%3E%3CCODE%3E(user.userPrincipalName%20-match%20%22%23EXT%23%40DomainYouWantToAssignUsers.com%22)%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879893%22%20slang%3D%22en-US%22%3ERe%3A%20Streamlining%20adding%20external%20users%20to%20our%20tenant%20and%20as%20members%20of%20a%20new%20SharePoint%20Online%20port%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879893%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F267638%22%20target%3D%22_blank%22%3E%40Corsino%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20interesting%20answers.%20Thanks%20you%2C%20I%20like%20your%20approach.%26nbsp%3B%20I%20was%20code%20going%20to%20add%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fsharepoint-pnp%2Fadd-pnpusertogroup%3Fview%3Dsharepoint-ps%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAdd-PnPUserToGroup%26nbsp%3B%20%3C%2FA%3Ebut%20i%20think%20your%20approach%20is%20more%20elegant.%20I%20did%20find%20that%20trying%20to%20add%20external%20user%20who%20was%20already%20on%20the%20tenant%20caused%20and%20exception%20which%20needed%20to%20handle%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20will%20look%20at%20dynamic%20groups%20as%20it%20looks%20useful%20if%20the%20domain%20in%20question%20is%20%22safe%22%20.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Daniel Westerdale
Regular Contributor

Hi

 

I am adding a number of external users who all grouped by separate domains. From the Bulk invite AD B2B docs

 

 

foreach ($email in $invitations) 
   {New-AzureADMSInvitation `
      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
      -InvitedUserDisplayName $email.Name `
      -InviteRedirectUrl "<a href="https://mytenant.sharepoint.com/sites/YourNewPortal" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a>"`
      -InvitedUserMessageInfo $messageInfo `
      -SendInvitationMessage $true
   }

 

 

Now this worked first time with a couple of users  

 

 

Approva another external user2.png

Tomorrow I want to add a load more so 

  1.  Can I auto add each user to the tenant without the invite ( toggling the switch above) . Indeed the current process means I have to approve each invite which in this case won't be necessary.
  2.  Can I also add each user to the desired SharePoint group automatically
  3.  Is there a way  to extend 2) and add my (ext) domain grouped users to a designated AD group and then add the AD group to my desired SharePoint group .. so cut out the approvals. 

 

 

 

 

2 Replies

Hi @Daniel Westerdale,

 

Regarding the 1st question, I'm not a Sharepoint Expert, so I hope someone can answer that question.

 

Regarding the others, if you have the Sharepoint Group Object ID, you just need to add a line in your code:

Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid #Adding B2B users directly to the Group
foreach ($email in $invitations) 
   {New-AzureADMSInvitation `
      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
      -InvitedUserDisplayName $email.Name `
      -InviteRedirectUrl "<a href="<a href="https://mytenant.sharepoint.com/sites/YourNewPortal" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a>" target="_blank"><a href="https://mytenant.sharepoint.com/sites/YourNewPortal</a" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a</a>>"`
      -InvitedUserMessageInfo $messageInfo `
      -SendInvitationMessage $true
   Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid #Adding B2B users directly to the Group
   
   }

 

Regarding the 3rd questions, from what I know, nested groups are not supported.

However, you can use  Dynamic Groups (You need a Premium license) and assign that group to SharePoint.

 

I think this Dynamic Rule will be enough:

 

(user.userPrincipalName -match "#EXT#@DomainYouWantToAssignUsers.com")

@Corsino 

 

Very interesting answers. Thanks you, I like your approach.  I was code going to add Add-PnPUserToGroup  but i think your approach is more elegant. I did find that trying to add external user who was already on the tenant caused and exception which needed to handle 

 

I will look at dynamic groups as it looks useful if the domain in question is "safe" . 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies