Send Custom Email Invite for B2B Users in SPO using PowerShell

If external sharing is enabled in SharePoint Online then we can invite users by simply typing in Email address and they will asked to login using a Live ID or an Office 365 Credentials but in controlled envirornment it is not a good Idea and B2B Guest account is used to control that.  The below script send a custom invitation to users from a CSV file.  You can specify the Site Urls that the user has access to.  The script uses a Azure AD Security Group which we assumed is already added to the sites.  The invite is sent and then user is automatically added to the group.  You would need Azure AD PowerShell Module to get this done.  The invitation email is based on Office 365 SMTP for secure email.

CSV Format
Email,DisplayName,SharePointSite,ADGroupName,SPOGroup
user@gmail.com,UserName,”https://tenant.sharepoint.com,https://tenant.sharepoint.com/sites/Test,https://tenant.sharepoint.com/teams/migration/”,Dynamic Group,Members

param
(
  [String]
  [Parameter(Mandatory=$false)]
  $CSVPath
)
$EmailFrom = “Help-SP@mail.com”
function Send-Mail($To,$Body,$Credentials)
{
  try
  {
    $emailSmtpServerPort = “587”
    $emailSmtpUser = $Credentials.UserName
    
    $emailMessage = New-Object System.Net.Mail.MailMessage
    $emailMessage.From = New-Object System.Net.Mail.MailAddress($Credentials.UserName)
    $emailMessage.To.Add($To)
    $emailMessage.Subject = “Invitation to Access: Lumileds SharePoint Online Sites”
    $emailMessage.IsBodyHtml = $true #true or false depends
    $emailMessage.Body = $Body
 
    $SMTPServer = “smtp.office365.com”
    $SMTPClient = New-Object System.Net.Mail.SmtpClient($SMTPServer,$emailSmtpServerPort)
    $SMTPClient.UseDefaultCredentials = $false
    $SMTPClient.EnableSsl = $true
   
    $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($Credentials.UserName, $Credentials.Password)
    #$SMTPClient.Credentials = New-Object System.Net.NetworkCredential($UserName, $Password)
 
    $SMTPClient.Send($emailMessage)
  }
  catch
  {
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName
    Write-Host “Send Mail Failed :” $ErrorMessage $FailedItem
  }
 
}

$CSVPath = “C:\temp\O365GuestUsersLum.csv”
function Get-ADGroupFromTenant($GroupName)
{
  $groupID = “”
  $AzureADGroup = Get-AzureADGroup -All $true | Where-Object {$_.DisplayName -eq $GroupName}
  if($AzureADGroup)
  {
    $groupID = $AzureADGroup.ObjectId
  }
  else
  {
    $AzureADGroup = New-AzureADGroup -DisplayName $ADGroupName -MailEnabled $false -SecurityEnabled $true
    $groupID = $AzureADGroup.ObjectId
  }

  $groupID = $AzureADGroup.ObjectId
  if(!$groupID)
  {
    Write-Host “Group Could not be created. Please check the connectivit.”
  }
  return $groupID
}

$Creds = Get-Credential -Message “Please enter Office 365 Administrator credentials.”
Connect-AzureAD -Credential $Creds

$invitations = Import-Csv $CSVPath
if($invitations)
{
    foreach ($externalUser in $invitations) {
      if($externalUser.Email)
      {
        try
        {
          Write-Host “Adding user $($externalUser.Email)”
          $SharePointUrls = $externalUser.SharePointSite
          $option = [System.StringSplitOptions]::RemoveEmptyEntries
          $AllUrls = $SharePointUrls.split(“,”,$option)
          #loop over each user in the CSV and create an invite for that user but does not email the user
          try
          { 
            $result= New-AzureADMSInvitation -InvitedUserEmailAddress $externalUser.Email -InvitedUserDisplayName $externalUser.DisplayName -InviteRedirectUrl $AllUrls[0] -InvitedUserMessageInfo $messageInfo -SendInvitationMessage $false
          }
          catch
          {
            Write-Host “User $($externalUser.Email)… Its already exists…” -ForegroundColor Yellow
          }
          $inviteurl = $result.InviteRedeemUrl
          $userid = $result.InvitedUser.Id
          try
          {
            #automatically add the new user to your Security Group
            Add-AzureADGroupMember -ObjectId $groupID -RefObjectId $userid
          }
          catch
          {
            Write-Host “Failled to Add User $($externalUser.Email) to the Group… Its already exists…” -ForegroundColor Yellow
          }
          #send the user a custom email from your Office 365 tenant. Supports HTML.
          $LinkHTML = “<a href=’$inviteurl’>click here</a>”
          $Sites = “”;
       
          foreach($site in $AllUrls)
          {
            $Sites += “<a href=’$site’>$site</a><br/>”
          }
       
          $Image = “<a href=’http://www.domain.com’ title=’lumileds’> <img src=’http://www.domain.com/uploads/images/design/Logo_RGB_195x40.png’/></a>”
       
          #$a = $a + “<tr>”
          #$a = $a + “<td>”
          #$a = $a + “</td>”
          #$a = $a + “</tr>”
       
          $a = “”
       
          $a = “<TABLE style=’border-width: 1px;width:95%;’>”
          $a = $a + “<tr><td>$Image <h1>SharePoint Online Access Invitation!</h1><br><strong>”
          $a = $a + “</td></tr>”
       
          $bt = “”
          $bt = $bt + “<strong>Hello</strong> $($externalUser.DisplayName),<br />”
          $bt = $bt + “You have been invited to access the following SharePoint Site(s).<br/><br/>$Sites<br/>”
          $bt = $bt + “You must $LinkHTML, click or copy the link listed below.<br /><br />”
          $bt = $bt + “<strong>Note:</strong> After completing the signup, please add the SharePoint sites to your browser favourites. Do not use the same invitation link again to login to the site as.”
          $bt = $bt + “the link will expire once it is used.<br/><br/>$inviteurl <br/><br/>”
          $bt = $bt + “You can use your organization’s (Office 365 Only) email and password or a “
          #$bt = $bt + “Microsoft Live ID (Live.com, Hotmail.com, Outlook.com) and password to login to SharePoint site(s).<br /><br />”       
          $bt = $bt + “Thanks,<br/><strong>Office 365 Administrator</strong><br/>”
       
          $a = $a + “<tr><td>$bt”
          $a = $a + “</td></tr></table>”

          Send-Mail -To $result.InvitedUserEmailAddress -Credentials $Creds -Body $a
          Write-Host “User $($result.InvitedUserEmailAddress) is added as Guest and invitation email has been sent…” -ForegroundColor Green
        }
        catch
        {
            Write-Host “Failled to Add User $($externalUser.Email)… But script will continue…” -ForegroundColor Yellow
        }
      }
     
    }
}

Update: Code is also available below.

https://gallery.technet.microsoft.com/Send-Custom-Email-Invite-9b690297

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s