In August I posted this that detailed Automating Azure AD B2B Guest Invitations using Microsoft Identity Manager. More recently Microsoft updated the Microsoft Graph to include additional information about Azure AD B2B Guest users and I wrote this that creates HTML Reports based off these new attributes.
That information is also handy when managing the lifecyle of Azure AD B2B Users. As we do that using Microsoft Identity Manager I’ve updated my Azure AD B2B Guest Invitation Management Agent for these attributes so they can be used in the lifecycle logic.
I’ve updated the Schema script to include three new attributes that are shown in bold below in an extract from the Microsoft Graph.
odata.type : Microsoft.DirectoryServices.User objectType : User objectId : 38154c4c-a539-4920-a656-b5f8413768b5 deletionTimestamp : accountEnabled : True creationType : Invitation displayName : Rick Sanchez givenName : Rick mail : Rick.Sanchez@customer.com.au mailNickname : Rick.Sanchez_customer.com.au#EXT# otherMails : {Rick.Sanchez@customer.com.au} proxyAddresses : {SMTP:Rick.Sanchez@customer.com.au} refreshTokensValidFromDateTime : 2018-08-26T02:05:36Z showInAddressList : False surname : Sanchez userPrincipalName : Rick.Sanchez_customer.com.au#EXT#@corporationone.onmicrosoft.com userState : PendingAcceptance userStateChangedOn : 2018-08-26T02:05:36Z userType : Guest
Each are String attributes and I’ve named these;
Here is the full updated Schema.ps1 Script.
The Import Script requires the following changes to bring in the B2B User State attributes.
# B2B External User State for B2B Users from other AAD's if ($user.creationType) {$obj.Add("B2BCreationType", $user.creationType)} [string]$B2BUpdatedDateTime = $null if ($user.userStateChangedOn) {$B2BUpdatedDateTime = get-date($user.userStateChangedOn); $obj.Add("B2BUpdatedDateTime", $B2BUpdatedDateTime)} if ($user.userState) {$obj.Add("B2BExternalUserState", $user.userState)}
The full script with these additions is below. As per this post, make the following updates;
With the updated Schema.ps1 and Import.ps1 scripts in place on the Synchronisation Server, using the Microsoft Identity Manager Synchronisation Service Manager right-click on the B2B Invitiation PSMA and select Refresh Schema.
Select the Properties of the MA and choose Select Attributes. Select the new Attributes.
Select Ok.
With the Schema updated and the Attributes selected a Stage/Full Sync can be performed. We now see the External User State, User Creation Type and External User Updated DateTime.
With a change to the Schema and Import B2B Invitation PSMA scripts we can now leverage the new B2B Attributes from the Microsoft Graph for use in our lifecycle management logic.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.
View Comments