I have internal users (usertype=Members) in my AAD domain that I need to convert to B2B Collaboration users but have them remain usertype = Members.
The process is clearly described in the following: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/invite-internal-users
However, I'm stuck at the first pre-req:
Before you invite the user, make sure the User.Mail property of the internal user object (the user's Email property in the Azure portal) is set to the external email address they'll use for B2B collaboration.
For discussion convenience:
- User's current AAD Email property = ******@internal.com (this is also their PrimarySmtpAddress)
- Need to change it to = ******@external.com
Every attempt I've made to change the Email property fails:
- Editing Email field in the Azure portal - Azure reports success but the Email value does not change (I waited overnight, just in case).
Note: I successfully edited the Email field to an address within my validated domain (******@internal.com) so the Azure Portal is working.
- Adding as an alias using Exchange Admin Center - trying to add @external.com as a new alias fails with:
Error executing request. You can't use the domain because it's not an accepted domain for your organization.
Note: I successfully added an alias within my validated domain (@internal.com) so the EAC is working.
- Adding as an alias using Exchange Online PowerShell - trying to add @external.com as a new email alias:
Set-Mailbox "user" -EmailAddresses @{add="******@external.com"}
fails with:
Write-ErrorMessage : ExD48BF8|Microsoft.Exchange.Configuration.ObjectModel.NotAcceptedDomainException|You can't use the domain because it's not an accepted domain for your organization.
Note: I successfully added an alias within my validated domain (@internal.com) so Exchange Online PS is working.
- Editing Email using the Graph API via Graph Explorer:
https://graph.microsoft.com/v1.0/users/{user}
{
"email": "******@external.com"
}
The response is No Content - 204
and the Email value does not change nor is a new alias added for the user.
Note: I successfully changed the Email value to an email within my validated domain (******@internal.com) so the script in Graph Explorer is working.
My logic for trying the new alias option: I know adding ******@external.com as an alias would not change the Email value in AAD (which is what I need to do to be able to send the B2B Collaboration email). If it had worked, however, I would next have tried to make it the primarySMTPaddress, which would change the Email value in AAD.
Some notes:
- The internal user's UPN remains unchanged thoughout this conversion process.
- I am a Global Admin for both the internal and external domains.
- Both the internal and external domains are Azure cloud-only domains. There is no on-prem, therefore, AD Connect is not in use.
- The external domain is not one of the validated domains in my AAD.
Any help would be greatly appreciated!
Thanks in advance!