Sharepoint Error: This username may be incorrect for Guest User

Copper Contributor

Hi all,

I am a Sharepoint and O365 admin (not super admin) for my organization.

For all our sites the current External sharing setting is: "New and existing guests - Guests must use sign in or provide a verification code".

Whenever I want to share a site with an external user, I create a guest account on Azure, add them to the Sharepoint group, and they can navigate normally.

There is one site created for this specific business partner of ours, let's call them P. There is one user guest1@P.com that is able upload, edit, etc. normally on our site since April-August 2021. But recently, they have been receiving the error:

This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin

We checked on our Azure directory, and the guest username invited is still the same, we did not make any changes to any setting. Other external sites and guest users are still working normally.

We tried incognito, clear cookies, different browser.

 

Our local O365 provider IT support insisted that we have to open the External sharing setting to "Anyone - Users and share files and folders using links that don't require sign-in", and explained that Microsoft is changing their policy so guest1@P.com error was the result of that.

 

I'm not satisfied with their answer since all our other sites with the guest setting are still working, and we certainly do not want our Sharepoint links to be public. Any other suggestion to the solution will be appreciated. Can anyone please share the notice of this policy change if possible?

7 Replies
Difficult to say the exact reason. What has changed could be the introduction of SharePoint and OneDrive integration with Azure AD B2B (leaving the SharePoint external sharing process). I would probably ask the users home org. if all is good with that account. And if so simply delete it from Azure AD and the AAD bin, followed by a re-invitation or manual re-creation. Would probably save some troubleshooting time as well.

@ChristianJBergstrom thank you! I've tried re-inviting and the user received the following error:

image_thumb-2.png

 Their organization probably changed their policy recently. I am also informed that their domain is a Microsoft one, so they probably run Azure. Their IT is not very savvy, so I may have to help them.

I've searched for this article about enabling: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-sign...

However, I'm not very sufficient with PowerShell, is there a way to make settings in the Azure interface?

 

Many thanks!!!

 

 

 

Hello again, try creating this user first instead as previously mentioned. The message indicates that a email invitation isn't allowed. You should perhaps also reach out to your IT administrator and walk through the MsolCompanySettings if the manually created account doesn't work.

https://docs.microsoft.com/sv-se/powershell/module/msonline/set-msolcompanysettings?view=azureadps-1...
Hi, is this something for the partner's domain (p.com) or ours ?

@ChristianJBergstrom this is from my org setting:

 

camha_0-1637388090616.png

Am I correct to infer that the problem is not from our side?

I want to clarify the re-invitation issue:

- The user from p.com did receive an email invite, prompted to sign up for MS account

- They also get a verification code

- Once clicked Finish, they received:

camha_1-1637388196061.png

the blurred out names are p.com (partner's domain)

@camha Hello again, I've actually never worked with Set-MsolCompanySettings as I've haven't stumbled across a scenario that required that config. But let me add some parts that might explain it further.

 

-AllowEmailVerifiedUsers
Indicates whether users can join the tenant by email validation. To join, the user must have an email address in a domain which matches one of the verified domains in the tenant. This setting is applied company-wide for all domains in the tenant.

 

Set-MsolCompanySettings (MSOnline) | Microsoft Docs

 

AllowEmailVerifiedUsers controls whether users can join the tenant by email validation. To join, the user must have an email address in a domain which matches one of the verified domains in the tenant. This setting is applied company-wide for all domains in the tenant. If you set that parameter to $false, no email-verified user can join the tenant.


AllowAdHocSubscriptions controls the ability for users to perform self-service sign-up. If you set that parameter to $false, no user can perform self-service sign-up.


AllowEmailVerifiedUsers and AllowAdHocSubscriptions are tenant-wide settings that can be applied to a managed or unmanaged tenant.

 

Here's an example where:

 

You administer a tenant with a verified domain such as contoso.com
You use B2B collaboration from a different tenant to invite a user that does not already exist (userdoesnotexist@contoso.com) in the home tenant of contoso.com
The home tenant has the AllowEmailVerifiedUsers turned on


If the preceding conditions are true, then a member user is created in the home tenant, and a B2B guest user is created in the inviting tenant.

 

https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-sign...

 

As the message indicates that the other org. has this disabled this you should probably reach out to them and either have them create an account or toggle this setting to true.

 

Let me know how it goes, I like learning new stuff!