cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Streamlining adding external users to our tenant and as members of a new SharePoint Online portal

Daniel Westerdale
Iron Contributor

‎Aug 29 2019 08:41 AM - last edited on ‎Jan 14 2022 04:45 PM by

‎Aug 29 2019 08:41 AM - last edited on ‎Jan 14 2022 04:45 PM by

Streamlining adding external users to our tenant and as members of a new SharePoint Online portal

Hi

 

I am adding a number of external users who all grouped by separate domains. From the Bulk invite AD B2B docs

 

 

foreach ($email in $invitations) 
   {New-AzureADMSInvitation `
      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
      -InvitedUserDisplayName $email.Name `
      -InviteRedirectUrl "<a href="https://mytenant.sharepoint.com/sites/YourNewPortal" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a>"`
      -InvitedUserMessageInfo $messageInfo `
      -SendInvitationMessage $true
   }

 

 

Now this worked first time with a couple of users  

 

 

Approva another external user2.png

Tomorrow I want to add a load more so 

  1.  Can I auto add each user to the tenant without the invite ( toggling the switch above) . Indeed the current process means I have to approve each invite which in this case won't be necessary.
  2.  Can I also add each user to the desired SharePoint group automatically
  3.  Is there a way  to extend 2) and add my (ext) domain grouped users to a designated AD group and then add the AD group to my desired SharePoint group .. so cut out the approvals. 

 

 

 

 

Labels:
1,158 Views
0 Likes
2 Replies
Reply
2 Replies
Corsino

‎Sep 27 2019 02:07 AM

‎Sep 27 2019 02:07 AM

Re: Streamlining adding external users to our tenant and as members of a new SharePoint Online port

Hi @Daniel Westerdale,

 

Regarding the 1st question, I'm not a Sharepoint Expert, so I hope someone can answer that question.

 

Regarding the others, if you have the Sharepoint Group Object ID, you just need to add a line in your code:

Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid #Adding B2B users directly to the Group
foreach ($email in $invitations) 
   {New-AzureADMSInvitation `
      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
      -InvitedUserDisplayName $email.Name `
      -InviteRedirectUrl "<a href="<a href="https://mytenant.sharepoint.com/sites/YourNewPortal" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a>" target="_blank"><a href="https://mytenant.sharepoint.com/sites/YourNewPortal</a" target="_blank">https://mytenant.sharepoint.com/sites/YourNewPortal</a</a>>"`
      -InvitedUserMessageInfo $messageInfo `
      -SendInvitationMessage $true
   Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid #Adding B2B users directly to the Group
   
   }

 

Regarding the 3rd questions, from what I know, nested groups are not supported.

However, you can use  Dynamic Groups (You need a Premium license) and assign that group to SharePoint.

 

I think this Dynamic Rule will be enough:

 

(user.userPrincipalName -match "#EXT#@DomainYouWantToAssignUsers.com")
0 Likes
Reply
Daniel Westerdale

‎Sep 27 2019 01:19 PM

‎Sep 27 2019 01:19 PM

Re: Streamlining adding external users to our tenant and as members of a new SharePoint Online port

@Corsino 

 

Very interesting answers. Thanks you, I like your approach.  I was code going to add Add-PnPUserToGroup  but i think your approach is more elegant. I did find that trying to add external user who was already on the tenant caused and exception which needed to handle 

 

I will look at dynamic groups as it looks useful if the domain in question is "safe" . 

0 Likes
Reply