This script creates a guest user invitation, but errors when trying to add that newly created user to a SharePoint Online site with the following error:
Add-SPOUser : The specified user janedoe#email.com could not be found.
$tenant = "companyname"
Connect-SPOService -url "https://$tenant-admin.sharepoint.com"
Connect-AzureAD -TenantDomain "$tenant.onmicrosoft.com"
New-AzureADMSInvitation -InvitedUserDisplayName "Jane Doe" -InvitedUserEmailAddress "janedoe#email.com" -InviteRedirectURL "https://$tenant.sharepoint.com/sites/client1" -SendInvitationMessage $true
Start-Sleep -s 60
Add-SPOUser -Group "Client Site 1 Visitors" –LoginName "janedoe#email.com" -Site "https://$tenant.sharepoint.com/sites/client1"
Disconnect-SPOService
Disconnect-AzureAD
How long does it take for Azure AD to populate that user into Office 365?
When trying to add the external user email (outside tenancy) to a SP group via the GUI, tabbing away shows the following error:
"Your organization's policies don't allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it."
To fix this and the PS script error, after the creation of your extranet SP site run the following PS command after connecting to SPO (only need to run ONCE before adding an external user to a site):
Set-SPOSite -identity https://companyname.sharepoint.com/sites/client1 -sharingcapability ExternalUserAndGuestSharing
Now the PS script will work without error. Start-Sleep is not necessary.
Related
I have a AWS FSx configured to my Domain. I ran the below command on my powershell to provide "Authenticated Users" access to my FSx share "Test":
Grant-FSxSmbShareAccess -Name "Test" -AccountName "Autheticated Users" -AccessRight 1 -Force -Confirm $false
And the output on the Powershell console shows that the requested access has been provided.
Name ScopeName AccountName AccessControlType AccessRight PSComputerName
Test XXXXXXXX NT AUTHORITY\Authenticated Users Allow Change XXXXX.some.com
But now if I go to the same share from my windows machine, right-click, o to Properties and go to the Security tab, I dont see Authenticated users added there.
I can only see the SYSTEM Account and the Default Admin Group Added to the FSx
Again if I go to the share and add Change Access to the same share for a certain user from the Windows share drive properties window, and then do a Get-FSxSmbShareAccess from my powershell window, I don't see this added user. But I still see the same table I saw previously.
Where am I going wrong?
I have been given a task to setup a scheduled task which will run daily to pull down the list of allowed domains from SPO. This is not an issue if I use Connect-SPOService and Get-SPOTenant, like this:
Connect-SPOService –url https://xxxx-admin.sharepoint.com
Get-SPOTenant | select -ExpandProperty SharingAllowedDomainList > d:\allowedDomains.txt
The issue issue is that this has to be automated. There is also a requirement to use an ClientId and Secret in the script, rather than providing me with an account which bypasses MFA and has SP Admin rights.
Because of that, I've turned to SharePointPnP, which does allow you to connect with ClientId and Secret. I'm able to connect to connect with the following:
Connect-PnPOnline -url https://xxxx-admin.sharepoint.com -ClientId "xxxxx" -ClientSecret "xxxxx"
Where I'm struggling now is trying to how I can retrieve the SharingAllowedDomainList property through SharePointPnP, or if that is even possible?
#THTX,
Can you please have a try below pnp powershell cmdlet?
Get-PnPTenant
Get-PnPTenantSite
It has SharingAllowedDomainList property:
BR
I want to Remove a SharePoint Site via PowerShell by using Remove-PnPTenantSite.
This is not working because my Site is still part of an Office 365-Group and i have to delete that first.
To delete the Office 365-Group i have to get the Unified Group.
I tried to use Get-PnPUnifiedGroup, but that throws this:
Get-PnPUnifiedGroup : Exception while invoking endpoint https://login.microsoftonline.com/TOKEN/oauth2/token.
It would already help to get one of this two Methods to work,
Thanks in advance!
I had to create an app with the Microsoft-Graph-Api permissions, connect pnp online with the app credentials, then delete the unified Group , connect with the normal credentials and then delete the site:
Connect-PnPOnline -AppId AppID -AppSecret AppSecret -AADDomain Domain
Connect-PnPOnline -Url $siteUrl -Credentials $cred
Remove-PnPUnifiedGroup -Identity Title
Remove-PnPTenantSite Url -Force
I need to prevent users created on the active directory of our Office 365 business account to change the password into their Office 365 Web Interface. I was trying to use Active Directory module from Windows PowerShell with the following command:
Set-ADAccountControl -Identity JaneDow -CannotChangePassword $true
But I got an exception "Set-ADAccountControl : Unable to find a default server with Active Directory Web Services running."
Is there another way to get rid of the password change ability in office 365?
I am working on proofing out if there is a way to automate a Global administrator's Azure AD access for other User role accounts in the same tenant to grant access to OneDrive.
If you navigate to portal.office.com and then click on a user's name, that will bring up some settings for that user. The setting I am referring to is under the dropdown for OneDrive Settings, (see attached image).
Is there a way to automate this process via some PowerShell cmdlet?
Solved
I found an article that shows how to run PowerShell commands via the SharePoint Online Management Shell
Tutorial link has the section for Prerequisites for setup: Easy Manage Multiple Office 365 Tenants with Windows PowerShell
Actual PowerShell commands:
$site = Get-SPOSite -Identity https://mydemo-my.sharepoint.com/personal/sarad_mydemo_onmicrosoft_com
Set-SPOUser -Site $site.Url -LoginName admin#mydemo.onmicrosoft.com -IsSiteCollectionAdmin $true
Tutorial: How to Get Administrative Access to the OneDrive for Business Environment for a User