3
votes

Some customers of ours are using external Microsoft accounts to access AAD services. Since we're not linked with their domain, and some of them use Gmail account, adding their entire domain to our AAD is hardly possible.

The old portal (manage.windowsazure.com) had the following screen:

manage.windowsazure.com AAD Add User

The new portal has a guest system which hardly works (adding an external guest results in a generic B2BError: Unable to invite user with no other details -- even if the old portal still works), and "New user" can only create users with registered domains.

Is there a way, in the new portal (portal.azure.com), to add Microsoft accounts?

I'm asking this now, since this is technically a duplicate of How do I add a Microsoft account to Azure Active Directory?, because the old portal is sunsetting on November 30, 2017, at which point working like this will no longer be possible.

1
Have you try to use global admin account to add guest users?Jason Ye
I am already using an account with the Global administrator directory role to manage the AAD.bcrosnier
Could you please try use Azure AD powershell to invite guest user? connect-azuread then use this command to invite guest user New-AzureADMSInvitation -InvitedUserEmailAddress [email protected] -SendInvitationMessage $True -InviteRedirectUrl "http://myapps.onmicrosoft.com"Jason Ye
That helped me solve the issue. Thanks.bcrosnier

1 Answers

1
votes

Running New-AzureADMSInvitation helped me to get it working, with some more steps for our own setup:

  • Executed New-AzureADMSInvitation -InvitedUserEmailAddress [email protected] -SendInvitationMessage $True -InviteRedirectUrl "http://mybusiness.com"
  • New-AzureADMSInvitation failed with an error, but one I could understand this time: The object either is sourced from an on prem directory or is undergoing migration
  • Went to check our on-prem AD if it had a user with the affected e-mail. It did not. Huh.
  • Ran a complete AD Sync cycle, just in case, on our on-prem AD with Start-ADSyncSyncCycle -PolicyType Initial
  • Waited until (Get-ADSyncScheduler).SyncCycleInProgress went back to False
  • Reexecuted New-AzureADMSInvitation, which worked this time.