Home

Teams Guest user and UPN/SMTP blocks AADSync

Highlighted
Senior Member

Hello all,

 

I have an issue with Teams Guest users and their UPN (more likely secondary SMTP). As my client organization invites a user to our Teams the invited user receives an identity (firstname.surname_userdomain#EXT#@tenant.onmicrosoft.com). This ok, but the issue is in the email address used in invitation. This email address is saved in users identity as SMTP address, which causes a rather annoying issue with AADSync.

I work in government. Usually these invited users are from organization under our government, which are not yet added to government tenant. And when this is done (=organization is added to government tenant), these former guest users are blocked from Azure AD. AADSync checks if users UPN or SMTP is already in use.

So I ask you experts; is there any way to force AADSync to override these "duplicate" identities, or is there a setting that prevents using guest users mail address as a SMTP address in guest identity?

 

Oh yes, it would be easy to run PowerShell commands like "$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection" and continue searching via Exchange Online PS-addon, but our security is so tight that WinRM sessions are blocked.. This throws me to the deep end of the pool?

2 Replies
Highlighted

Hi! I don't think converting a guest user to a tenant user is possible at this time!

I guess deleting the guest account and sync the user vi ADconnect after, is the way to do it for now..

Keep in mind you loose all the permissions..

 

/ Adam

You can use actually "convert" a guest user to "regular" user object in Azure AD, but that is not really a supported operation. Meaning it works, but Microsoft has not documented this or mentioned that it's supposed to work. Once you "convert" the object, you can do with it as you please, just like with any other object. But again, probably not supported. So use on your own risk, there are some examples on what you can do here: https://www.michev.info/Blog/Post/2256/some-new-interesting-experiences-with-guest-users-in-office-3...

 

Outside of that method, there are limited set of operations that you can perform on guest users in the O365 admin portal or via PowerShell. Changing the Primary SMTP address can be done, but you cannot remove aliases, thus it will not solve your problem. So you might as well just recreate the Guest user.

Related Conversations
How to install Teams in WVD?
Jgq85 in Windows Virtual Desktop on
0 Replies
Microsoft Forms in Meetings in Teams - wont send
lewisgrimes in Microsoft Forms on
0 Replies
Contacts removed in MS Teams
Ummernayeem in Microsoft Teams on
2 Replies
End user training for Microsoft Teams
pavanverma365 in Enabling Remote Work on
0 Replies