We've been able to add guest accounts to our AAD from our corporate AAD for a long time now. For some reason attempting to add a user now results in an error message.
When in portal.azure.com when we enter the email we now see:
'ourcorpdomain.com' is not a verified domain name in this directory
Interestingly, trying to add the user from manage.azure.com results in a different error
No user exists with this user name in a directory to which you have access
I've talked to our corporate AAD team and they believe they haven't changed anything and morever they themselves can't add guest users either which would seem to preclude this being a rights issue. This is fairly urgent for us as we can't provision new users to our MS applications without this.
You could try Graph API to add users - https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/invitation and let us know if that doesn't help.
So after a fair amount of hassle I managed to use this API (a link to the PowerShell docs rather than the raw REST API definition would have been appreciated).
For the benefits of other poor innocent AAD users the process is:
Make sure you have PowerShell 5 and running as admin
install-module azure install-module azureadpreview #the word preview should go soonish(?)
Connect-AzureAD #you have to use a inbuilt AAD admin account i.e. ending in "OnMicrosoft.com" $invite = New-Object -TypeName Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo $invite.customizedMessageBody = "Here is your invite" New-AzureADMSInvitation -InvitedUserEmailAddress "John.Doe@example.com" -InvitedUserDisplayName "John Doe" -InviteRedirectUrl https://example.com -InvitedUserMessageInfo $messageInfo -SendInvitationMessage $true
After doing all this, yes I can invite a user.
Question then remains why can't I do this via the UI anymore? As far as I can see it is still documented as an available method here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-admin-add-users
- Edited by Lex Mitchell Monday, April 24, 2017 5:56 PM
No... I hadn't used the brand new button I'd never seen before and isn't documented. I generally use the quick task links which makes that there is a new option even harder to spot.
Thanks for pointing it out, although I'd have preferred this as the first answer than go use Graph API. Can we at least get the documentation updated so others don't have to go through this pain.
Lastly was there anywhere I could/should be subscribed to hear about such flow breaking changes to services?