Adding Internal and External users to SharePoint Sites and Teams using PowerShell

As part of the resolution process for a Guest Account issue, I recently had a need to be able to send out Teams invitations without using the Admin GUI. I thought others may also find this useful. As Teams is built on SharePoint I having included SharePoint in this too

There are two different types of user to consider in this scenario. Internal users and external users. The code is different for these user types. Users internal to your organisation (and tenant) are straightforward as they already have an ID within your Office 365 tenant. External users, however, do not. Therefore the command to invite external users also creates a guest account for the external user if one doesn’t already exist.

PowerShell Modules

You will need to install and connect to the ExchangeOnline, MicrosoftTeams and SharePointOnline modules.

Install-Module -Name ExchangeOnlineManagement
Install-Module -Name MicrosoftTeams
Install-Module -Name Microsoft.Online.SharePoint.PowerShell

$Cred = Get-Credential
Connect-MicrosoftTeams -Credential $Cred
Connect-ExchangeOnline -Credential $Cred
Connect-SPOService -Credential $Cred -URL https://<Office 365 org Name>-admin.sharepoint.com

Internal Users

Teams

To start with we need to get the Team information, we then need to add the user to the team.

$Team = Get-Team -displayname "<Name of Team>"
Add-TeamUser -GroupId $Team.GroupID -User <User Principal Name>

The first line of code returns the Team information for the Team we have specified. The second line then adds the users User Principal Name as a member of the underlying unified group.

SharePoint

Things are similar for Sharepoint, although there can be many different groups for the SharePoint site. So the first thing to do is list out the groups for the SharePoint site.

Get-SPOSiteGroup -Site https://contoso.sharepoint.com/sites/sc1

LoginName      : sc1 Members
Title          : sc1 Members
OwnerLoginName : sc1 Owners
OwnerTitle     : sc1 Owners
Users          : {spo-grid-all-users/********-203d-4107-9544-************}
Roles          : {Edit}

LoginName      : sc1 Owners
Title          : sc1 Owners
OwnerLoginName : sc1 Owners
OwnerTitle     : sc1 Owners
Users          : {SHAREPOINT\system}
Roles          : {Full Control}

LoginName      : sc1 Visitors
Title          : sc1 Visitors
OwnerLoginName : sc1 Owners
OwnerTitle     : sc1 Owners
Users          : {}
Roles          : {Read}

The first line of code will return an array containing all of the groups associated with the SharePoint site, as shown above. The next line of code, below, adds the user to the selected group

Add-SPOUser -Site https://contoso.sharepoint.com/sites/sc1 -LoginName joe.healy@contoso.com -Group "SC1 Owners"

External Users

Teams

External users are slightly different as they do not have an account in the Office 365 organisation. To get round this a guest account needs to be created in Azure AD, and an invitation needs to be sent to the external user. This means we also need to find the Team URL. Team groups have 3 SharePoint URLs associated with them. The one we are after is called the SharePointSiteURL and is the root URL for the team.

The code is shown below.

$Team = Get-Team -displayname "<Name of Team>"
$URL = Get-UnifiedGroup -Identity $Team.GroupId | Select -ExpandProperty SharePointSiteURL
New-AzureADMSInvitation -InvitedUserEmailAddress <users email address> -SendInvitationMessage $True -InviteRedirectUrl $URL

The first line of code returns the team details, exacly the same as for internal users.

The second line then returns the information about the unified group (using the GroupId property) which underpins the Team. This will provide us with the SharePointSiteURL property.

Now that we have the SharepointSiteURL for the Team, the third line then sends out the invitation (including a link to the SharePoint site for that Team) and automatically creates a guest account for the user, if one does not already exist.

SharePoint

This final line of code can also be used to send out invitations to external users for SharePoint sites. Simply set $URL to the SharePoint site URL.

To list all SharePoint sites use the following command.

Get-SPOSite -Limit All