Create Azure Guest User with PowerShell and MS Graph API

In this post, I want to show you how you create an Azure Guest User with PowerShell using MS GRAPH API.

Some of the Use cases❗
✔️Delegate the Guest User Invitation to Azure AD
✔️Control your Azure Guest Users outside Azure Portal.
✔️Customize the Invite Message for Azure Guest Users
✔️Mass Invitation of Guest Users
✔️Many more…

API Reference and Permissions

We used the following Docs to get this Script up and running

and I configured the following Permissions

  • User.Invite.All
  • User.ReadWrite.All
  • Directory.ReadWrite.All

To learn more from Microsoft GRAPH API, see my Blog Series:
Part 1 – Authentication and Azure App – Use Microsoft Graph API with PowerShell – Part 1 » TechGuy
Part 2 – Oauth2.0 – Use Microsoft Graph API with PowerShell – Part 2 » TechGuy
Part 3 – First Powershell Script to get a Teams Lis and Walkthrough – Use Microsoft Graph API with PowerShell – Part 3 » TechGuy
Part 4 – this one – Use Microsoft Graph API with PowerShell – Part 4 » TechGuy

The Script

#Define App Reg Details
# https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=http
$clientID = "your Application ID"
$Clientsecret = "your Secret"
$tenantID = "your Tenant ID"



# Set Variables
#Guest Details
$GuestUserName = "Michael Seidl (GMAIL)"
$GuestUserMail = "seidlmichael82@gmail.com"

#Send Invitation CC to this USer
$CCRecipientName = "Michael Seidl"
$CCRecipientMail = "michael@techguy.at"

#Add Personal Text do Invite Mail
$InviteMessage = "You have been invited to join the Tenant au2mator.com"
$InviteRedirectURL="https://au2mator.com" #URL where the USer is redirected after Invite Acceptance

#Auth MS Graph API and Get Header
$tokenBody = @{  
    Grant_Type    = "client_credentials"  
    Scope         = "https://graph.microsoft.com/.default"  
    Client_Id     = $clientID  
    Client_Secret = $Clientsecret  
}   
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $tokenBody  
$headers = @{
    "Authorization" = "Bearer $($tokenResponse.access_token)"
    "Content-type"  = "application/json"
}

#Build Request
$URL = "https://graph.microsoft.com/v1.0/invitations"
$Method = "POST"
$body = @"
{
    "invitedUserEmailAddress":"$GuestUserMail",
    "inviteRedirectUrl":"$InviteRedirectURL",
    "invitedUserDisplayName":"$GuestUserName",
    "sendInvitationMessage": true,
    "invitedUserMessageInfo": {
        "messageLanguage": null,
        "ccRecipients": [
             {
                "emailAddress": {
                    "name": "$CCRecipientName",
                    "address": "$CCRecipientMail"
                 }
             }
        ],
        "customizedMessageBody": "$InviteMessage"
     }
}
"@

#Send Request
Invoke-RestMethod -Method $Method -Uri $URL -Body $body -Headers $headers

GitHub Repo

Here you can find the GitHub Repo with a lot of other examples: Seidlm/Microsoft-Azure: Examples (github.com) and Seidlm/Microsoft-Graph-API-Examples (github.com)

Delegate create an Azure Guest User as Self Service with au2mator

With au2mator Self Service Portal, you can create a Service and delegate the task to Create and Invite an Azure Guest User.

Some of the Use cases❗
✔️Delegate the Guest User Invitation to Azure AD
✔️Control your Azure Guest Users outside Azure Portal.
✔️Customize the Invite Message for Azure Guest Users
✔️ Mass Invitation of Guest Users
✔️Many more…

More Details: www.au2mator.com

Michael Seidl aka Techguy
au2mate everything

Leave a Comment

Your email address will not be published.

*

%d bloggers like this: