Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Re-inviting disabled Guest Users

Iron Contributor

We are contemplating a solution that will block sign-in for Guest Users that have not signed in for e.g. three months. I hoped that if a Guest Users that are blocked, are re-invited, the block would automatically be removed, but that is not the case. When I try to invite a blocked user, I get these messages: "We couldn't add member" and "We ran into an issue. Please try again later". 

 

Does anybody have a suggestion for how to do what we want to do in an effective way? 

 

2 Replies

@Jakob Rohde The User would still be present you directory and would answer as to why you get the error when trying to invite them once more. Blocking is not the same as deleting a user.

 

Get-AzureADUser -Top <maximum nr of users you want to view> | Where-Object {$_.UserType -eq 'Guest'} | Select-Object DisplayName, UserPrincipalName, AccountEnabled, mail, UserType | Format-Table would give you a view of what Guest Users you have in your directory and their status.

 

Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0

 

To run the commands above you need to have the Azure AD Module for Powershell installed.

 

You could then select the accounts you whish to re-enable from that list and run the following:

 

Set-AzureADUser -SearchString "Username@domain.com" -AccountEnabled $true

 

Reference: https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduser?view=azureadps-2.0

 

If that is not what you are looking for regarding "efficiency" I would recommend deleting the user entirely from your directory as step 1 instead of disabling the account. This would however require you to re-add the user to the groups, role assignments etc that the now-deleted user once had.

 

Hope some of this helps you!

 

//Viktor

@Jakob Rohde 

In your situation the likely cause is blocking vs deletion - but for future reference I had a client that had a similar issue - but removing and deleting the user via Azure still did not allow the user to be re-invited (error was that user already existed). This was caused by a SharePoint object that was created for that B2B user that was invisible to the normal search tools. This user object was found by the SharePoint admin and manually removed. The user could then be re-invited. So if anyone comes across this situation this could be the underlying cause.