Create Azure Guest User with PowerShell and MS Graph API

In this post, I want to show you how you create an Azure Guest User with PowerShell using MS GRAPH API.

Some of the Use cases❗
✔️Delegate the Guest User Invitation to Azure AD
✔️Control your Azure Guest Users outside Azure Portal.
✔️Customize the Invite Message for Azure Guest Users
✔️Mass Invitation of Guest Users
✔️Many more…

API Reference and Permissions

We used the following Docs to get this Script up and running

and I configured the following Permissions

  • User.Invite.All
  • User.ReadWrite.All
  • Directory.ReadWrite.All

To learn more from Microsoft GRAPH API, see my Blog Series:
Part 1 – Authentication and Azure App – Use Microsoft Graph API with PowerShell – Part 1 » TechGuy
Part 2 – Oauth2.0 – Use Microsoft Graph API with PowerShell – Part 2 » TechGuy
Part 3 – First Powershell Script to get a Teams Lis and Walkthrough – Use Microsoft Graph API with PowerShell – Part 3 » TechGuy
Part 4 – this one – Use Microsoft Graph API with PowerShell – Part 4 » TechGuy

The Script

#Define App Reg Details
# https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=http
$clientID = "your Application ID"
$Clientsecret = "your Secret"
$tenantID = "your Tenant ID"



# Set Variables
#Guest Details
$GuestUserName = "Michael Seidl (GMAIL)"
$GuestUserMail = "seidlmichael82@gmail.com"

#Send Invitation CC to this USer
$CCRecipientName = "Michael Seidl"
$CCRecipientMail = "michael@techguy.at"

#Add Personal Text do Invite Mail
$InviteMessage = "You have been invited to join the Tenant au2mator.com"
$InviteRedirectURL="https://au2mator.com" #URL where the USer is redirected after Invite Acceptance

#Auth MS Graph API and Get Header
$tokenBody = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    Client_Id     = $clientID  
    Client_Secret = $Clientsecret  
}   
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody  
$headers = @{
    "Authorization" = "Bearer $($tokenResponse.access_token)"
    "Content-type"  = "application/json"
}

#Build Request
$URL = "https://graph.microsoft.com/v1.0/invitations"
$Method = "POST"
$body = @"
{
    "invitedUserEmailAddress":"$GuestUserMail",
    "inviteRedirectUrl":"$InviteRedirectURL",
    "invitedUserDisplayName":"$GuestUserName",
    "sendInvitationMessage": true,
    "invitedUserMessageInfo": {
        "messageLanguage": null,
        "ccRecipients": [
             {
                "emailAddress": {
                    "name": "$CCRecipientName",
                    "address": "$CCRecipientMail"
                 }
             }
        ],
        "customizedMessageBody": "$InviteMessage"
     }
}
"@

#Send Request
Invoke-RestMethod -Method $Method -Uri $URL -Body $body -Headers $headers

GitHub Repo

Here you can find the GitHub Repo with a lot of other examples: Seidlm/Microsoft-Azure: Examples (github.com) and Seidlm/Microsoft-Graph-API-Examples (github.com)

Delegate create an Azure Guest User as Self Service with au2mator

With au2mator Self Service Portal, you can create a Service and delegate the task to Create and Invite an Azure Guest User.

Some of the Use cases❗
✔️Delegate the Guest User Invitation to Azure AD
✔️Control your Azure Guest Users outside Azure Portal.
✔️Customize the Invite Message for Azure Guest Users
✔️ Mass Invitation of Guest Users
✔️Many more…

More Details: www.au2mator.com

Michael Seidl aka Techguy
au2mate everything

2 thoughts on “Create Azure Guest User with PowerShell and MS Graph API”

  1. Hello,
    Any idea the script can check if users is already created as guest and skips if its ?

Leave a Comment

Your email address will not be published.

*

%d bloggers like this: