Azure AD: accept invitation of guest user programmatically with Powershell

1
votes

I have two separate Azure AD instances, 'a' and 'b'. I want to invite users of 'b' into 'a' (as a guest user) programmatically. For this, I'm using the AzureAD Powershell module:

$Result = New-AzureADMSInvitation `
        -InvitedUserEmailAddress $Email `
        -InvitedUserDisplayName $DisplayName `
        -InviteRedirectUrl $InviteRedirectUrl `
        -SendInvitationMessage $false

The invitation should be accepted automatically, without sending an invitation email. That's why I pass the parameter -SendInvitationMessage $false . I noticed, however, that a user cannot log in before accepting the invitation (eventhough no email was sent).

Is there a way to programmatically accept the invitation on behalf of the user? Either by using the AzureAD Powershell module, or through a workaround (e.g. calling the Graph API)?

I'm admin of both Azure AD instances, and since I just created the user myself, I also have the credentials. I'm looking to avoid the hassle of manually accepting the invitation.

1
powershellazure-active-directoryazure-ad-graph-api

1 Answers

1
votes

By default , if you add a foreign user to your tenant an invitation mail is send to this user you add and the user has to redeem the invitation.

User can open the redemption link and complete the user creation process. An invitation email is sent to the corresponding invited email Id which contains the redemption link. sendInvitationMessage = false will disable the invitation email so that you can use your own email mechanism for custom content along with the redemption link. But user still need to redeem the invitation .

If you want to skip the part of invitation redemption so users from your partner organization are added without any further interaction . Please try :

  1. Make the guest users behave like members in your tenant and have the permission to invite other guest users. Please click here for detailed AAD setting .

  2. Invite one user with directory read permission/global admin of the partners tenant (the foreign tenant) using powershell. That user should redeem that invitation manually .

  3. Connect Azure AD using above account in powershell(Connect-AzureAD) , invite additional users from that same partner company .Now the new added guest users don't need to redeem the invitations .

Please refer to this article for detail explanation and steps for how to add guest users without invitation redemption.