SOLVED

How do I add a guest mail user to adress lists or create a mail contact using the same email address

Brass Contributor

Hello,

 

I'm trying to create a mail contact for an external user so we can add the user to an address list. Unfortunately, I can't create the contact because the primary smtp address is taken by a guest mail user. The guest mail user has access to our SharePoint site.

 

1. How do I add a guest mail user to an address list?

2. If I delete a guest mail user will the person lose access to SharePoint?

3. If a user has a mail contact in Exchange Online, can the user still receive and accept access to our SharePoint site?

 

Capture.JPG

31 Replies
best response confirmed by John Gruber (Brass Contributor)
Solution

To be honest, it's a bit of a mess as you can actually have the same address added twice:

 

[10:36:59][Login script]# Get-Recipient tempxxx@abv.bg | Ft Name,RecipientType*

Name                RecipientType RecipientTypeDetails
----                ------------- --------------------
temp                MailContact   MailContact
tempxxx_abv.bg#EXT# MailUser      GuestMailUser

The "trick" is to have the contact first, then provision the Guest account. Doesn't really make much sense to me, but @Tony Redmond seems to see the logic in all this and perhaps can explain it better :)

 

Re. Address Lists - Guest users are deliberately excluded from address lists like the GAL. Guest users are restricted to whatever information they are granted access to (in SharePoint for Groups, or to chats and other content for Teams).

 

Mail contacts are there if you want someone external to show up in an address list, and you can have a mail contact with the same SMTP address as a guest. That's by design to enable both scenarios because Exchange Online uses mail contacts in a number of different ways, including in hybrid configurations where guests users don't exist.

 

Eventually, when everyone is in the cloud and guest user objects are supported across all Office 365 apps, we might see a rationalization of the situation.

What's the best thing to do if I already have the guest user? If I delete the guest user's will they lose access to SharePoint?

If you remove the guest user object, that user loses all access to resources in your tenant. You could do that, then create the mail contact, recreate the guest user, and restablish sharing. I don’t have a better suggestion for now as I am on the road.

Thanks guys. I'll explain our options and let the users decide how they want to proceed.

 

If anyone else is having this issue you can vote and share more information with Microsoft using the Office 365 user voice website: https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/19966537-allow-a-guest-us...

 

Thanks again. Happy Holidays!

And how will this work with guest users in teams? Can we edit the username for those contacts, as they are currently uneditable

You can edit the details of guest users through the Office 365 Admin Center. Select them from the list of active users and edit their contact information as you would for any other user.

What I thought too. But there is a little "world" circle behidn the contact and it only allows to edit username which is "email adddress"#EXT#@domain.onmicrosoft.com

 

edit: so you cant do it in the exchange admin centre where they are listed under Contacts together with the same contact we have setup on-prem AD as contact  - but only on office 365 Active users and they are cloud only and have nothing todo with our on-prem setup . So now I have to manage the account for the same person twice if - they get married for example 

Open the user (the world symbol just indicates it is a guest user), then edit contact information, and you can update all these fields...

 

GuestUser.jpg

That is odd - my post has been marked as spam and removed :(. I post it here instead.

 

As regarding access for external users issues in both Office365 Groups and Teams - this looks by my tenant as follows:

 

SCENARIO I - external user (ex. @outlook.com or @gmail.com etc.) hasn't been present in my Azure Active Directory (AAD) before

 

When I add an external user, that is not present in my AAD (complete absence), as a guest to the group (I do it from within my Group site), then that user appears both:

 

1) in Exchange Admin Center (EAC) as "guest mail-user"

 

This category of recipient can not be created independently from within EAC as there is only possibility to create "mail-contact" or "mail-user". Therefore I assume that is another type of recipient that is being pulled into EAC from AAD, but can not be created or modified (ex. change of name) in EAC. Some data may be modified from Office 365 Admin>Users.

 

2)and in AAD as "guest".

 

 

That user gets not an inviation, but rather declaration: "You've joined the AAA group". 

 

There are two icons "Email with ease"" and "Read group files". As I click "Email with ease" am instantly redirected to new mail creation within my mail client. As I click "Read group files" am redirected to Office365 group site.

 

I can not enter "conversations tab" as pop up appears - informing that I should refer to my mailbox to get mails from the group. In case I lost my invitation mail - I would have no idea as what is the mail of the group, because it does not appear anywhere on group site.

 

This user has no problems to start Teams, but is not present in my Global Address List (GAL) within Outlook.

 

There are some errors as sometimes I am able to assign licenses to those "guest mail users". Certainly these are errors.

 

SCENARIO II - external user (ex. @outlook.com or @gmail.com etc.) that is already present in my AAD directory as mail-user.

 

I add new user as "mail-user" in EAC (as I wanted to have these users be already authenticated for sharing ppurposes). At that time this user is being registered in AAS as "Member".

 

That user gets not an inviation, but rather declaration: "XXX XXX added you to the AAA group". 

 

There are two icons "Share notes" and "Check out the team site". As I click "Share notes" am redirected to the Notebook of the group - works fine. As I click "Check out the team site" am redirected to Office365 group site.

 

I can not enter "conversations tab" as pop up appears - stateing I have no mailbox license. In case I lost my invitation mail - I would have no idea as what is the mail of the group, because it does not appear anywhere on group site. What is more - I am unable to send any mails to that group - as I get postmaster reply stating: " The group AAA isn't set up to receive messages from BBB" ).

 

This user has problems to start Teams - pop up appears stating that the administrator should turn team for my domain on.

 

This user is present in my Global Address List (GAL) within Outlook.

 

This "mail-user" may be assigned license for Office365 without any problems.

I know it might be a little late but I share the solution here just in case :)

 

  • By default external Azure AD guest accounts are hidden from Global Address List.
  • External azure AD gues account cannot be added to distribution lists but it can be added to O365 groups, SharePolint and MS Teams
  • An email contact can be added to distribution lists but it cannot be added to O365 groups, sharepoint or MS teams.

 

There are two ways to show external Azure AD guest accounts in Address lists. Depending on the usage you may follow one of these steps:

  

  • If you are using an email contact: The email address MUST be added to office 365 as a mail contact before adding that user as a guest to Azure AD. The opposite is not possible.
  • If you are not using an email contact: Using this PowerShell command you can show guest emails in GAL, without adding them as email contact: 

 

                        Set-AzureADUser -ObjectId [of guest account] -ShowInAddressList $true

 

Using the PowerShell command you don't need to delete guest account to add it first as email contact. Not sure why, but Mictosoft likes to make simple things  a tiny bit more complicated ;)

I was able to resolve this problem with the help of Microsoft Support. I had this same issue, where we already had an external user that has a lot of access to SharePoint resources, and I was trying to add them to a Distribution List. This user was in the list of Guest Users, and I could not add them to the Contacts list because of the same email address.

 

Microsoft support reps were able to instruct me how to run some PowerShell scripts that manually added the guest user to the distribution list. I do not have the exact scripts I ran, sorry for that, but just know that this can be done without having to remove the Guest account, and without having to have them added as a Contact first. However, after encountering this, I will be trying to add new external team members as Contacts first, to avoid having to do this again. 

 

 

You have to get Access to Office 365 Exchange

 

$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

 

And this is the command to add the Guest User to the list

Add-DistributionGroupMember -identity [GroupName] -Member [UserMailAdress]

The important thing is to add the same email address used for the guest account to the distribution list. This example is from Chapter 12 of the Office 365 for IT Pros eBook. Azure AD is looked up to retrieve the address to make sure that we use the right one:

 

Add-DistributionGroupMember -Identity DL1 -Member (Get-AzureADUser -ObjectId stale.hansen_cloudway.no#EXT#@office365itpros.onmicrosoft.com).Mail

@John Gruber 

 

I know this is late but people are still trying to find a solution, so another option is to null the proxyaddresses attribute for the mail user. (Set-MailUser -Identity <Identityofmailuser> -EmailAddresses $Null). This is essentially what happens if you create the contact first anyway. Then you should be able to create your contact.

Hi everyone

If you created guest users first and want to add them to a distribution list, use the Microsoft 365 Admin app on Google Play Store / Apple App store to add the users. Create a blank distribution list first and then add them as members. I found that it's the only way to add them to the list if you've added them as guests first.

Otherwise yes, you had to create a mail contact first and THEN add them as guest users to a site/team.

Hope this helps.
1 best response

Accepted Solutions
best response confirmed by John Gruber (Brass Contributor)
Solution

To be honest, it's a bit of a mess as you can actually have the same address added twice:

 

[10:36:59][Login script]# Get-Recipient tempxxx@abv.bg | Ft Name,RecipientType*

Name                RecipientType RecipientTypeDetails
----                ------------- --------------------
temp                MailContact   MailContact
tempxxx_abv.bg#EXT# MailUser      GuestMailUser

The "trick" is to have the contact first, then provision the Guest account. Doesn't really make much sense to me, but @Tony Redmond seems to see the logic in all this and perhaps can explain it better :)

 

View solution in original post