Adding external users to Team

Joost van der Linden 96 Reputation points
2021-12-03T15:02:39.12+00:00

Hi all,

I am trying to add an external user to a team in Microsoft Teams using Microsoft Graph PowerShell with a service principal account because MFA is enforced on my tenant.

I read the following article https://learn.microsoft.com/en-us/answers/questions/76273/adding-external-users-to-teams-using-graph-api-or.html which describes that the user should first be added to Azure AD. In my scenario, that is the case.
The external user is added to Azure AD.

I use the following script to add the user to the team:

$teammailnickname = "teamname"  
$spConnection = Get-AutomationConnection -Name "AzureRunAsConnection"  
Connect-MgGraph -ClientID $spConnection.ApplicationID -TenantId "xxxxxx-xxxxxx-xxxxxx" -CertificateThumbprint $spConnection.CertificateThumbprint  
$object = Get-MgGroup -Filter "mailNickname eq '$teammailnickname'"  
$MSTeamsGroupID = $object.Id  
  
$hashGast = @{"@odata.type" = "microsoft.graph.aadUserConversationMember";"user@odata.bind" = "https://graph.microsoft.com/v1.0/users/41300318-6ec3-4142-a07f-9009e72922ac"}  
New-MgTeamMember -TeamId $MSTeamsGroupID -AdditionalProperties $hashGast -Roles "Member"  
Disconnect-MgGraph  

The following error is returned:

An unknown error has occurred.

Before MFA was enforced, I was successfully able to add external users using the Microsoft-Teams module.

Add-TeamUser -GroupId $MSTeamsGroupID -User $Gast -Role Member  

Is this unsupported through Microsoft Graph or am I missing something here?

Thanks for all help provided.
BR,
Joost

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,829 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Joost van der Linden 96 Reputation points
    2022-01-14T16:01:17.59+00:00

    Answer from Microsoft Support:

    The API that you are using does not allow for adding guest users in this way Update document to state that guest members cannot be added to a team with app permissions · Issue #11757 · microsoftgraph/microsoft-graph-docs · GitHub -> https://github.com/microsoftgraph/microsoft-graph-docs/issues/11757

    You will need to add the member using the Group API instead, and the cmdlet respective to the API will be New-MgGroupMember (Microsoft.Graph.Groups) | Microsoft Learn -> https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.groups/new-mggroupmember?view=graph-powershell-beta

    The only caveat is that the guest users will get a Teams notification saying that "Unknown has added you to a Team". Also, for a user to sync from a Group to a Team, it can take up to 48 hours.

    0 comments No comments

  2. Alex De Marco 1 Reputation point
    2022-02-16T02:42:23.913+00:00

    @Joost van der Linden -- I just wanted to let you know that I ran into this same issue while using the REST API. As a workaround, I tried using the "Add members in bulk" endpoint with just one External/Guest user and it worked for me.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.