Sharing access across different tenants in one of the key benefits of Azure AD. My customers appreciate that they can provide azure-based solution to their cooperated users and to guest users as well. Cooperated users include users from the group and subsidiaries. They all can access resources with one identity – on-premises and in the cloud (Same-sign-on, single-sign on).
Guest users can be deployed manually via the Azure portal, via PowerShell or with a connector to another system (like SAP HR).
Adding users from an Excel file can be done with PowerShell. To show an example I created an Excel file with some headers:
- Company
- Surname
- Name
- Job role
Excel
To add this user, we must archive these steps:
- Login into Azure AD with appropriate rights
- Enumerate through the excel table
- Inviting the user
- Adding the right properties (company, name, surname, …) to the invited user object
To do this I prepared this script:
$invocation = (Get-Variable MyInvocation).Value
$directorypath = Split-Path $invocation.MyCommand.Path
$directorypath
$ExcelFile=$directorypath+"\Users2Invite.xlsx" # Path to the excel file
$InviteRedirectURL="https://mycompany.com" # Redirect url after the first logon
$WorkSheetNum="Tabelle1" # Name of the table in the excel file
if (!$lastLogin) {
# put your Azure AD tenant id here (Azure portal / Azure Active Directory / Properties / Directory ID)
$global:lastLogin=Connect-AzureAD -TenantId "xxxxxxxxxxxxx-xxxxxxxx-xxxxxxxxxxx-xxxxxxxxxxx"
}
$Excel = New-Object -ComObject Excel.Application
$WorkBook = $Excel.Workbooks.Open($ExcelFile)
$WorkSheet = $WorkBook.WorkSheets.Item($WorkSheetNum)
$RowNum = 2
While ($WorkSheet.Cells.Item($RowNum, 1).Text -ne "") {
# Read the first line from sheet
$Company = "Ext: "+$WorkSheet.Cells.Item($RowNum, 1).Text.trim()
$Surname = $WorkSheet.Cells.Item($RowNum, 2).Text.trim()
$Name = $WorkSheet.Cells.Item($RowNum, 3).Text.trim()
$Mailadress = $WorkSheet.Cells.Item($RowNum, 4).Text.trim()
$JobTitle = $WorkSheet.Cells.Item($RowNum, 5).Text.trim()
$userFullName=$Name+", "+$Surname
Write-Output("Adding user: "+$userFullName+" ("+$Mailadress+")")
$invitation=New-AzureADMSInvitation -InvitedUserDisplayName $userFullName -InvitedUserEmailAddress $Mailadress -SendInvitationMessage $true -InviteRedirectURL $InviteRedirectURL
$user = Get-AzureADUser -ObjectId $invitation.InvitedUser.Id
Set-AzureADUser -ObjectId $invitation.InvitedUser.Id -Surname $Name
Set-AzureADUser -ObjectId $invitation.InvitedUser.Id -GivenName $Surname
Set-AzureADUser -ObjectId $invitation.InvitedUser.Id -JobTitle $JobTitle
Set-AzureADUser -ObjectId $invitation.InvitedUser.Id -Department $Company
Set-AzureADUser -ObjectId $invitation.InvitedUser.Id -Displayname $user.Displayname
$RowNum++
}
If you run this script all users in the excel file will be invited to your Azure AD tenant.
About the Author:
Marcel works for an IT consulting company in Cologne, Germany. In his role as a division manager he is responsible for the consulting business. In this role he also work directly with customers and vendors to build solutions.
Reference:
Meurer, M (2018) Adding Guest Users to Azure AD from Excel with PowerShell. Available at: https://www.sepago.de/blog/adding-guest-users-to-azure-ad-from-excel-with-powershell/ [Accessed 10 August 2018]
