Lost access to B2B organization after tenant migration

%3CLINGO-SUB%20id%3D%22lingo-sub-1081912%22%20slang%3D%22en-US%22%3ELost%20access%20to%20B2B%20organization%20after%20tenant%20migration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1081912%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%20We%20recently%20migrated%20to%20a%20new%20tenant.%20Several%20users%2C%20including%20myself%2C%20have%20lost%20access%20to%20other%20organizations'%20Team(s)%20they%20were%20invited%20to.%20Our%20tenant%20name%20changed%20(and%20of%20course%20our%20onmicrosoft.com%20email%20addresses)%2C%20but%20not%20our%20company%20email%20addresses.%20Using%20the%20original%20redemption%20email%20link%20does%20not%20work.%20I%20am%20assuming%20now%20that%20these%20are%20connected%20to%20the%20tenant%20and%20not%20just%20the%20email.%20How%20can%20we%20gain%20access%20to%20our%20external%20partners%3F%20(We%20are%20not%20all%20accessing%20the%20same%20company.)%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20assume%20the%20organization%20will%20have%20to%20reinvite%20people.%20But%20how%20would%20they%20go%20about%20doing%20that%3F%20Looking%20at%20our%20own%20Azure%20AD%20and%20external%20profiles%2C%20I%20do%20not%20see%20a%20way%20to%20resend%20an%20invitation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETIA%3C%2FP%3E%3CP%3E(Edited%20to%20update%20title)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1081912%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20B2B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1308403%22%20slang%3D%22en-US%22%3ERe%3A%20Lost%20access%20to%20B2B%20organization%20after%20tenant%20migration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1308403%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F492885%22%20target%3D%22_blank%22%3E%40LauraFW%3C%2FA%3E%26nbsp%3BRecently%20ran%20in%20this%20situation%20too.%20Since%20your%20UPN%20is%20unique%20per%20tenant%20%2F%20per%20IDP%2C%20the%20Guest%20account%20cannot%20match%20your%20claim.%20In%20my%20case%20the%20B2B%20hosts%20were%20large%20companies%20without%20an%20easy%20solution%20to%20delete%20Guest%20accounts%20or%20request%20assistance%20from%20an%20AAD%20user%20admin%20to%20resend%20invites.%20Think%20of%20Microsoft-size%20companies.%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20solution%20I%20could%20think%20of%20is%20to%20create%20a%20mail%20alias%20and%20ask%20the%20owner(s)%20of%20the%20Teams%20to%20send%20a%20new%20invite.%20And%20remove%20the%20permissions%20for%20other%20account%20in%20Teams...%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIt%20would%20be%20a%20great%20idea%20to%20have%20a%20way%20to%20reset%20the%20Guest%20UPN%20and%20resend%20the%20redeem%20invite%20in%20a%20single%20action.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1085715%22%20slang%3D%22en-US%22%3ERe%3A%20Lost%20access%20to%20B2B%20organization%20after%20tenant%20migration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085715%22%20slang%3D%22en-US%22%3EIf%20you%20remove%20the%20malfunctioning%20B2B%20users%20you%20will%20be%20able%20to%20re-invite%20these.%20Been%20looking%20into%20this%20during%20the%20day%20and%20from%20what%20I%C2%B4ve%20found%20your%20%22new%22%20user%20is%20no%20longer%20the%20same%20user%20regardless%20of%20the%20email%20address.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Ftutorial-bulk-invite%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Ftutorial-bulk-invite%3C%2FA%3E%20this%20page%20guides%20you%20and%20your%20partners%20on%20how%20to%20perform%20bulk%20invites%20rather%20than%201-by-1.%3C%2FLINGO-BODY%3E
New Contributor

Hi. We recently migrated to a new tenant. Several users, including myself, have lost access to other organizations' Team(s) they were invited to. Our tenant name changed (and of course our onmicrosoft.com email addresses), but not our company email addresses. Using the original redemption email link does not work. I am assuming now that these are connected to the tenant and not just the email. How can we gain access to our external partners? (We are not all accessing the same company.) 

 

I also assume the organization will have to reinvite people. But how would they go about doing that? Looking at our own Azure AD and external profiles, I do not see a way to resend an invitation.

 

TIA

(Edited to update title)

7 Replies
If you remove the malfunctioning B2B users you will be able to re-invite these. Been looking into this during the day and from what I´ve found your "new" user is no longer the same user regardless of the email address.

https://docs.microsoft.com/en-us/azure/active-directory/b2b/tutorial-bulk-invite this page guides you and your partners on how to perform bulk invites rather than 1-by-1.

@LauraFW Recently ran in this situation too. Since your UPN is unique per tenant / per IDP, the Guest account cannot match your claim. In my case the B2B hosts were large companies without an easy solution to delete Guest accounts or request assistance from an AAD user admin to resend invites. Think of Microsoft-size companies. 

The only solution I could think of is to create a mail alias and ask the owner(s) of the Teams to send a new invite. And remove the permissions for other account in Teams...


It would be a great idea to have a way to reset the Guest UPN and resend the redeem invite in a single action.

@Paul Slijkhuis That is an exceptional idea "Reset my guest account". We just had to go through this with Azure DevOps access after a migration and it is PAINFUL. 

@scottkercred 

 

I am having a similar problem. I migrated o365 tenant single user with mailbox and Azure account. Cant find the Azure account. do you have a starting point and contacts with microsoft from your case? 

@jschleider I've tried many different avenue to get this fixed. Teams is proving to be problematic. The fastest path to a solution is to add a secondary alias to your e-mail account (Ex: bob.smith@xxx.com is current, add bsmith@xxx.com as a secondary). 

 

We've been able to solve the Azure DevOps access problem by deleting and re-adding the AAD guest account because ADO has an admin functionality for re-solving orphaned user issues (See attached image). Teams does not appear to have this same functionality for resolving orphans.

@scottkercred this has proven to be one of the biggest nightmares I have experienced in the 25 years I have been in IT. I have given up hope in recovering anything but the applications and data running on the Azure portal. The group I am working with says they will be able to transfer ownership from the Sub ID to my email which they state will give me access to my accounts without the users, which i will deal with.

 

My suggestion for Microsoft would be to have a specific group that deals with tenant migration and understands partner, Azure, Office and any other pieces.

@jschleider Agreed. I've been in IT longer, as well as being a Microsoft FTE for 13 years, and when you don't have basic functionality like "Reset Guest Account Access" which would allow the system to rediscover information associated with an e-mail address without ruining every Microsoft application association it is pretty pathetic.