May 05 2019
11:39 PM
- last edited on
Jan 14 2022
04:45 PM
by
TechCommunityAP
May 05 2019
11:39 PM
- last edited on
Jan 14 2022
04:45 PM
by
TechCommunityAP
We are contemplating a solution that will block sign-in for Guest Users that have not signed in for e.g. three months. I hoped that if a Guest Users that are blocked, are re-invited, the block would automatically be removed, but that is not the case. When I try to invite a blocked user, I get these messages: "We couldn't add member" and "We ran into an issue. Please try again later".
Does anybody have a suggestion for how to do what we want to do in an effective way?
Jul 08 2019 02:51 AM
@JakobRohde The User would still be present you directory and would answer as to why you get the error when trying to invite them once more. Blocking is not the same as deleting a user.
Get-AzureADUser -Top <maximum nr of users you want to view> | Where-Object {$_.UserType -eq 'Guest'} | Select-Object DisplayName, UserPrincipalName, AccountEnabled, mail, UserType | Format-Table would give you a view of what Guest Users you have in your directory and their status.
Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0
To run the commands above you need to have the Azure AD Module for Powershell installed.
You could then select the accounts you whish to re-enable from that list and run the following:
Set-AzureADUser -SearchString "Username@domain.com" -AccountEnabled $true
Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduser?view=azureadps-2.0
If that is not what you are looking for regarding "efficiency" I would recommend deleting the user entirely from your directory as step 1 instead of disabling the account. This would however require you to re-add the user to the groups, role assignments etc that the now-deleted user once had.
Hope some of this helps you!
//Viktor
Jul 16 2019 08:20 AM
In your situation the likely cause is blocking vs deletion - but for future reference I had a client that had a similar issue - but removing and deleting the user via Azure still did not allow the user to be re-invited (error was that user already existed). This was caused by a SharePoint object that was created for that B2B user that was invisible to the normal search tools. This user object was found by the SharePoint admin and manually removed. The user could then be re-invited. So if anyone comes across this situation this could be the underlying cause.