How to change Email attribute to invite internal user to B2B collaboration

GCAdmin 35 Reputation points
2023-01-19T20:45:02.6833333+00:00

I have internal users (usertype=Members) in my AAD domain that I need to convert to B2B Collaboration users but have them remain usertype = Members.

The process is clearly described in the following: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/invite-internal-users

However, I'm stuck at the first pre-req:

Before you invite the user, make sure the User.Mail property of the internal user object (the user's Email property in the Azure portal) is set to the external email address they'll use for B2B collaboration.

For discussion convenience:

  • User's current AAD Email property = ******@internal.com (this is also their PrimarySmtpAddress)
  • Need to change it to = ******@external.com

Every attempt I've made to change the Email property fails:

  • Editing Email field in the Azure portal - Azure reports success but the Email value does not change (I waited overnight, just in case).
    Note: I successfully edited the Email field to an address within my validated domain (******@internal.com) so the Azure Portal is working.
  • Adding as an alias using Exchange Admin Center - trying to add @external.com as a new alias fails with:
    Error executing request. You can't use the domain because it's not an accepted domain for your organization.
    Note: I successfully added an alias within my validated domain (
    @internal.com) so the EAC is working.
  • Adding as an alias using Exchange Online PowerShell - trying to add @external.com as a new email alias: Set-Mailbox "user" -EmailAddresses @{add="******@external.com"} fails with:
    Write-ErrorMessage : ExD48BF8|Microsoft.Exchange.Configuration.ObjectModel.NotAcceptedDomainException|You can't use the domain because it's not an accepted domain for your organization.
    Note: I successfully added an alias within my validated domain (
    @internal.com) so Exchange Online PS is working.
  • Editing Email using the Graph API via Graph Explorer: https://graph.microsoft.com/v1.0/users/{user}
    {
    "email": "******@external.com"
    } The response is No Content - 204 and the Email value does not change nor is a new alias added for the user.
    Note: I successfully changed the Email value to an email within my validated domain (******@internal.com) so the script in Graph Explorer is working.

My logic for trying the new alias option: I know adding ******@external.com as an alias would not change the Email value in AAD (which is what I need to do to be able to send the B2B Collaboration email). If it had worked, however, I would next have tried to make it the primarySMTPaddress, which would change the Email value in AAD.

Some notes:

  • The internal user's UPN remains unchanged thoughout this conversion process.
  • I am a Global Admin for both the internal and external domains.
  • Both the internal and external domains are Azure cloud-only domains. There is no on-prem, therefore, AD Connect is not in use.
  • The external domain is not one of the validated domains in my AAD.

Any help would be greatly appreciated!

Thanks in advance!

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,740 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,024 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,210 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 113.5K Reputation points MVP
    2023-01-20T08:52:01.2133333+00:00

    If the user has a mailbox, you cannot change this to external value. And mailboxes for Guest users are not really a supported scenario, afaik.

    As to changing the mail property, this should do:

    Set-MailUser ******@domain.com -WindowsEmailAddress ******@externaldomain.com

    But again, cannot do this for a mailbox, only a mail user.


  2. JamesTran-MSFT 36,811 Reputation points Microsoft Employee
    2023-02-07T17:44:57.8733333+00:00

    @GCAdmin

    I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.