Forum Discussion
Existing external users no longer found in company directory
More often we are seeing external users who have been successfully accessing sharepoint losing access with their company adopts Office 365 - however it is becoming more and more difficult to successfully re-grant them access to a site.
The whole process looks like this:
Invite an external user whose company does not use Office 365
They register their work account as a microsoft account
They access SharePoint successfully as an external user using an MSA
Their company adopts Office 365
Their MSA account is not longer found in our company SharePoint directory
Using Powershell, we purge the external user from SharePoint & AAD
We send a new invite instructing the external user to use the Organizational account option to sign in.
This is a process we have experienced over and over again - and while it has been a pain, it has worked, until recently.
Now when we send the new invite and instuct the user to sign in with an org account, they are getting the new erorr message that "something went wrong and so and so cannot accept the invitation at this time, please wait while microsoft magically fixes the issue". Only microsoft never fixes the issues, and the users are never able to accept the invite.
Any guidance on a better way to manage external users - especially those whose companies adopt Office 365 after they have already created MS accounts would be great. We have 14,000+ external users, and nothing but headaches with the sign in process.
Four days after removing the user from sharepoint and deleting them from the AAD recycle bin, this user now has access.
The solution was to withrdaw and resend their invitation two or three times a day for four days, and then without any change in process, or indication of any changes from Microsoft, an invitation finally worked.
If anyone from Microsoft is reading this - the process for sharing with external users, how accounts are broken when a firm adopts Office 365, the steps for removing and reinviting external users who had access, and lost it... this whole process is terrible, a drain on our help desk resources, and a constant black eye for collaboration using Microsoft products.
11 Replies
First and foremost I'd like to say that the ability to add external users is a great game-changing feature by Microsoft. Kudos!
As far as this specific post, are there any worthwhile updates regarding this issue? I'm embarking on a O365 user adoption project with a new client. And we just had an external user lose access to our environment as a result of a O365 setup within that external users org. It is essential that the users can add external users in a simple, straightforward, painfree manner to their O365 groups. I'm dreading this portion of the project as some of the external users will most likely require multiple access to different groups.
On top of it all many external users are members of existing distribution lists which, currently, will not allow them to be added as guests to a group if they already exist in a DL. It's nice to know that fixing of this issue is 'in development' and scheduled to be resolved sometime within the next 3 months. But we're receiving pressure from our executive sponsor to get a clear concise technique ASAP.
Thank Frigg it's Friday!
Four days after removing the user from sharepoint and deleting them from the AAD recycle bin, this user now has access.
The solution was to withrdaw and resend their invitation two or three times a day for four days, and then without any change in process, or indication of any changes from Microsoft, an invitation finally worked.
If anyone from Microsoft is reading this - the process for sharing with external users, how accounts are broken when a firm adopts Office 365, the steps for removing and reinviting external users who had access, and lost it... this whole process is terrible, a drain on our help desk resources, and a constant black eye for collaboration using Microsoft products.
Also - my apologies if I sound upset. This issue coupled with the inability for users to create MSA accounts even when their company doesn't appear to be using Office 365 / AAD has flooded my inbox over the last week - and I have no answers on how to allow my project teams to share their sites with external users.
Looping in Eugene Lin who is our SME and can parse what you're attempting with how the service is designed for external sharing. Eugene?
- I have experienced also weird problems with external users that have access granted to a site and after that, trying to grant access to another site seems to be not working
I don't think B2B is the correct answer for inviting and sharing team sites with external users. As a construction company we have +-400 active projects, each with their own team site / site collection. Each one of those sites is managed by the project team, and they each manage their own external users - some of those users work for companies that use Office 365, while other users are still using @aol.com accounts.
Maybe I am missing something - and please correct me if I am wrong - but setting up and managing B2B users appears to fall under more of an Office 365 admin role, and is not something a typical site owner can do. Is this correct?
Can someone point me towards a resource that shows that B2B is the answer to my situation?
