Office 365 B2B Guest invites with Powershell (without invite email)

Intro add guest user in office 365 with B2B

Sometimes you need to let external users get access to your Office 365 tenant . When this is one user you can just invite the user from the site (Office 365 B2B Guest invites). But what will you do when you need to give access to lots of users without a invite.

In this article i explain how you can add multiple users (10, 100, 1000, 10000 ) as a guest to you office 365 tenant.

First of all you need to do the manual invite Once and give the user you have invite 2 roles.

  1. Usermanagement
  2. Invite guests

The invite guests role explains itself, but you need the usermanagement for changing attributes or removing the user from the tenant.

Ok lets start with Office 365 B2B Guest invites

Invite a users from your source tenant in your destination tenant. When you have done this the user should be in your office 365 tenant under guest with a name like.

user_domain.com#EXT#@j3rmeyerDEV.onmicrosoft.com

When you have checked this you can execute the following command to give the right permissions to that user.

Add-MsolRoleMember -RoleObjectId 95e79109-95c0-4d8e-aee3-d01accf2d47b -RoleMemberEmailAddress “user_domain.com#EXT#@j3rmeyerDEV.onmicrosoft.com”
*note: the invited user gets an email which he needs to accept so for testing purposes give him a Exchange online license.
OK now we have done this you can check this in AzureAD under Map role under the user account and it should be looking like this (sorry for the Dutch).
Untitled
Oke so now we have created a invite account in the destination tenant which is allow to invite users from his Own tenant into your tenant. And the good part is that the users he will invite will not get a Invitation email when you execute the following powershell command.
#Connect to destination tenant with the credential of the inviter account (yes i know you can use a keyfile)
$Username = “Inviteraccount”
$Password = “Inviteraccount password”
$PasswordSecured = Convertto-SecureString –String $Password –AsPlainText –Force
$UserCredential = New-object System.Management.Automation.PSCredential $Username,$PasswordSecured
Connect-AzureAD -Credential $UserCredential -TenantDomain “j3rmeyerDEV.onmicrosoft.com”
#Invite the user
$newuser = New-AzureADMSInvitation -InvitedUserEmailAddress “user2@domain.com” -InvitedUserDisplayName “User2” -sendinvitationmessage $false -InviteRedirectUrl “https://j3rmeyerdev.sharepoint.com”

In a following blog post i will show you how you can easily loop true the users in Activedirectory and add them as a guest without a invite in you Office 365 tenant.

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *