How to create guest AD user invitation then add to a SharePoint Online site in PowerShell

1
votes

This script creates a guest user invitation, but errors when trying to add that newly created user to a SharePoint Online site with the following error:

Add-SPOUser : The specified user [email protected] could not be found.

$tenant = "companyname"
Connect-SPOService -url "https://$tenant-admin.sharepoint.com"
Connect-AzureAD -TenantDomain "$tenant.onmicrosoft.com"

New-AzureADMSInvitation -InvitedUserDisplayName "Jane Doe" -InvitedUserEmailAddress "[email protected]" -InviteRedirectURL "https://$tenant.sharepoint.com/sites/client1" -SendInvitationMessage $true

Start-Sleep -s 60

Add-SPOUser -Group "Client Site 1 Visitors" –LoginName "[email protected]" -Site "https://$tenant.sharepoint.com/sites/client1"

Disconnect-SPOService
Disconnect-AzureAD

How long does it take for Azure AD to populate that user into Office 365?

1
powershellsharepointactive-directoryazure-active-directorysharepoint-online
It appears the SPO UPS (user profile service) has not run in two days. Even though the user is in AzureAD, they are not showing in SPO (even if you try to add the user to a site group manually in the GUI). There is no GUI manual sync like SP Server. Can this be done in PS? This is BAD for extranet clients because when the user accepts the invitation, they will be redirected to a site that shows access denied.detailCode
It is also true though that invite + GET /users/id in MS Graph API can result in a 404 for around 5-10 seconds :\juunas
Correction: The user profile was added after the UPS sync period, but still cannot be added to a SP group via the GUI.detailCode

1 Answers

0
votes

When trying to add the external user email (outside tenancy) to a SP group via the GUI, tabbing away shows the following error:

"Your organization's policies don't allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it."

To fix this and the PS script error, after the creation of your extranet SP site run the following PS command after connecting to SPO (only need to run ONCE before adding an external user to a site):

Set-SPOSite -identity https://companyname.sharepoint.com/sites/client1 -sharingcapability ExternalUserAndGuestSharing

Now the PS script will work without error. Start-Sleep is not necessary.