Create Entra ID Guest invite using PowerShell and Graph API

It’s easy to create an Entra ID guest account using the interface. But as usual, the automation and bulk are the challenges.

In Entra ID, there is the option to create bulk invitations, but I still find it limited. So, I wrote a PowerShell script that uses Microsoft Graph API to send invitations to external users.

This is great to be part of an automation journey for the guest invitation process that can give you better control of the workflow.

You need first to create an application and grant the application User.Invite.All Permission

Read More on how to create the application and grant it the required permission. Registering Application in Azure Active Directory

Using this script will help you in achieving the following:

Create and invite guest account
Add CC to the invitation
include a custom message for the guest
Uses Graph API, no need for Graph PowerShell SDK Module

Hope that helps..

#Define the Guest info
# Define user details
$UserEmail = 'External@domain.com'
$userDisplayName = "External Guest Name"
$CCName = "CC Account Email address"
$ccAddress = "ccemail@ccexternaldomain.com"
$MessageToInclude="Welcome as a new guest member in our environemnt"

# Define your Azure AD application details
$tenantId = 'XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX' # Change this value
$clientId = 'XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX'  # Change this value
$clientSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' # Change this value
$scope = "https://graph.microsoft.com/.default"

# Build the token request URI
$tokenRequestUri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"

# Define the request body for authentication
$body = @{
    grant_type    = "client_credentials"
    scope         = $scope
    client_id     = $clientId
    client_secret = $clientSecret
}

# Get the access token
$response = Invoke-RestMethod -Method Post -Uri $tokenRequestUri -ContentType "application/x-www-form-urlencoded" -Body $body
$accessToken = $response.access_token

# Define the authorization header
$headers = @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type"  = "application/json"
}

# Define the request URI
$requestUri = "https://graph.microsoft.com/v1.0/invitations"

# Create the JSON payload
$jsonObject = @{
    invitedUserDisplayName = $userDisplayName
    invitedUserEmailAddress = $UserEmail
    invitedUserMessageInfo = @{
        messageLanguage = "en-US"
        ccRecipients = @(
            @{
                emailAddress = @{
                    name = $CCName
                    address = $ccAddress
                }
            }
        )
        customizedMessageBody = $MessageToInclude
    }
    sendInvitationMessage = $true
    inviteRedirectUrl = "https://myapps.microsoft.com"
}

# Convert to properly formatted JSON
$json = $jsonObject | ConvertTo-Json -Depth 10 -Compress

# Send the request
$response = Invoke-RestMethod -Uri $requestUri -Headers $headers -Method Post -Body $json

# Output the response
$response

5/5 - (1 vote)

Faris Malaeb

Create Entra ID Guest invite using PowerShell and Graph API

Like this:

Related

Leave a ReplyCancel reply

Create Entra ID Guest invite using PowerShell and Graph API

Like this:

Related

Leave a ReplyCancel reply

Related Posts

PowerShell Script to Simplify Send-MgUserMail

Manage AD User Logon Hours using PowerShell

PowerShell: Moving data from FSLogix to another VirtualDesktop Environment