Dec 06 2017 12:48 PM
Dec 06 2017 12:48 PM
I'm trying to create a mail contact for an external user so we can add the user to an address list. Unfortunately, I can't create the contact because the primary smtp address is taken by a guest mail user. The guest mail user has access to our SharePoint site.
1. How do I add a guest mail user to an address list?
2. If I delete a guest mail user will the person lose access to SharePoint?
3. If a user has a mail contact in Exchange Online, can the user still receive and accept access to our SharePoint site?
Dec 07 2017 12:53 AMSolution
To be honest, it's a bit of a mess as you can actually have the same address added twice:
[10:36:59][Login script]# Get-Recipient firstname.lastname@example.org | Ft Name,RecipientType* Name RecipientType RecipientTypeDetails ---- ------------- -------------------- temp MailContact MailContact tempxxx_abv.bg#EXT# MailUser GuestMailUser
The "trick" is to have the contact first, then provision the Guest account. Doesn't really make much sense to me, but @Tony Redmond seems to see the logic in all this and perhaps can explain it better :)
Dec 07 2017 04:44 AM
Re. Address Lists - Guest users are deliberately excluded from address lists like the GAL. Guest users are restricted to whatever information they are granted access to (in SharePoint for Groups, or to chats and other content for Teams).
Mail contacts are there if you want someone external to show up in an address list, and you can have a mail contact with the same SMTP address as a guest. That's by design to enable both scenarios because Exchange Online uses mail contacts in a number of different ways, including in hybrid configurations where guests users don't exist.
Eventually, when everyone is in the cloud and guest user objects are supported across all Office 365 apps, we might see a rationalization of the situation.
Dec 07 2017 06:20 AM
What's the best thing to do if I already have the guest user? If I delete the guest user's will they lose access to SharePoint?
Dec 07 2017 06:41 AM
Dec 07 2017 01:23 PM - edited Dec 11 2017 07:32 AM
Thanks guys. I'll explain our options and let the users decide how they want to proceed.
If anyone else is having this issue you can vote and share more information with Microsoft using the Office 365 user voice website: https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/19966537-allow-a-guest-us...
Thanks again. Happy Holidays!
Apr 11 2018 06:19 AM
And how will this work with guest users in teams? Can we edit the username for those contacts, as they are currently uneditable
Apr 11 2018 07:22 AM
You can edit the details of guest users through the Office 365 Admin Center. Select them from the list of active users and edit their contact information as you would for any other user.
Apr 11 2018 07:34 AM - edited Apr 11 2018 07:38 AM
What I thought too. But there is a little "world" circle behidn the contact and it only allows to edit username which is "email adddress"#EXTemail@example.com
edit: so you cant do it in the exchange admin centre where they are listed under Contacts together with the same contact we have setup on-prem AD as contact - but only on office 365 Active users and they are cloud only and have nothing todo with our on-prem setup . So now I have to manage the account for the same person twice if - they get married for example
Apr 11 2018 07:38 AM
Open the user (the world symbol just indicates it is a guest user), then edit contact information, and you can update all these fields...
Jul 12 2018 09:08 AM
That is odd - my post has been marked as spam and removed :(. I post it here instead.
As regarding access for external users issues in both Office365 Groups and Teams - this looks by my tenant as follows:
SCENARIO I - external user (ex. @outlook.com or @gmail.com etc.) hasn't been present in my Azure Active Directory (AAD) before
When I add an external user, that is not present in my AAD (complete absence), as a guest to the group (I do it from within my Group site), then that user appears both:
1) in Exchange Admin Center (EAC) as "guest mail-user"
This category of recipient can not be created independently from within EAC as there is only possibility to create "mail-contact" or "mail-user". Therefore I assume that is another type of recipient that is being pulled into EAC from AAD, but can not be created or modified (ex. change of name) in EAC. Some data may be modified from Office 365 Admin>Users.
2)and in AAD as "guest".
That user gets not an inviation, but rather declaration: "You've joined the AAA group".
There are two icons "Email with ease"" and "Read group files". As I click "Email with ease" am instantly redirected to new mail creation within my mail client. As I click "Read group files" am redirected to Office365 group site.
I can not enter "conversations tab" as pop up appears - informing that I should refer to my mailbox to get mails from the group. In case I lost my invitation mail - I would have no idea as what is the mail of the group, because it does not appear anywhere on group site.
This user has no problems to start Teams, but is not present in my Global Address List (GAL) within Outlook.
There are some errors as sometimes I am able to assign licenses to those "guest mail users". Certainly these are errors.
SCENARIO II - external user (ex. @outlook.com or @gmail.com etc.) that is already present in my AAD directory as mail-user.
I add new user as "mail-user" in EAC (as I wanted to have these users be already authenticated for sharing ppurposes). At that time this user is being registered in AAS as "Member".
That user gets not an inviation, but rather declaration: "XXX XXX added you to the AAA group".
There are two icons "Share notes" and "Check out the team site". As I click "Share notes" am redirected to the Notebook of the group - works fine. As I click "Check out the team site" am redirected to Office365 group site.
I can not enter "conversations tab" as pop up appears - stateing I have no mailbox license. In case I lost my invitation mail - I would have no idea as what is the mail of the group, because it does not appear anywhere on group site. What is more - I am unable to send any mails to that group - as I get postmaster reply stating: " The group AAA isn't set up to receive messages from BBB" ).
This user has problems to start Teams - pop up appears stating that the administrator should turn team for my domain on.
This user is present in my Global Address List (GAL) within Outlook.
This "mail-user" may be assigned license for Office365 without any problems.
Jan 16 2019 02:32 PM - edited Jan 16 2019 02:37 PM
I know it might be a little late but I share the solution here just in case :)
There are two ways to show external Azure AD guest accounts in Address lists. Depending on the usage you may follow one of these steps:
Set-AzureADUser -ObjectId [of guest account] -ShowInAddressList $true
Using the PowerShell command you don't need to delete guest account to add it first as email contact. Not sure why, but Mictosoft likes to make simple things a tiny bit more complicated ;)
Jan 17 2019 09:30 AM
I was able to resolve this problem with the help of Microsoft Support. I had this same issue, where we already had an external user that has a lot of access to SharePoint resources, and I was trying to add them to a Distribution List. This user was in the list of Guest Users, and I could not add them to the Contacts list because of the same email address.
Microsoft support reps were able to instruct me how to run some PowerShell scripts that manually added the guest user to the distribution list. I do not have the exact scripts I ran, sorry for that, but just know that this can be done without having to remove the Guest account, and without having to have them added as a Contact first. However, after encountering this, I will be trying to add new external team members as Contacts first, to avoid having to do this again.
Jan 18 2019 01:05 AM
You have to get Access to Office 365 Exchange
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
And this is the command to add the Guest User to the list
Add-DistributionGroupMember -identity [GroupName] -Member [UserMailAdress]
Jan 18 2019 01:54 AM
The important thing is to add the same email address used for the guest account to the distribution list. This example is from Chapter 12 of the Office 365 for IT Pros eBook. Azure AD is looked up to retrieve the address to make sure that we use the right one:
Add-DistributionGroupMember -Identity DL1 -Member (Get-AzureADUser -ObjectId stale.hansen_cloudway.no#EXTfirstname.lastname@example.org).Mail
Apr 18 2019 03:56 AM
@Elham KarshenasThanks a lot for this, solved the issue for us.
May 19 2019 11:53 PM
I know this is late but people are still trying to find a solution, so another option is to null the proxyaddresses attribute for the mail user. (Set-MailUser -Identity <Identityofmailuser> -EmailAddresses $Null). This is essentially what happens if you create the contact first anyway. Then you should be able to create your contact.
Aug 27 2019 02:27 AM