Recently I wasted time with the following problem. In preparation for a penetration test, we should invite some test accounts (test01@example.com to test10@example.com) as guest users to Microsoft Entra ID. All straight forward we thought… Basically it is straight forward – just follow the steps listed in the docs. The first invitation worked as expected: a new guest user got created in Microsoft Entra ID and the invitation email was sent out to the email address of the account. However, when inviting the second test user, no second guest user was created in Microsoft Entra ID despite the success message in the Azure portal… consequently, the invitation email wasn’t sent either.
What’s going on? What is the problem? I was confused as I didn’t make sense to me. First I waited for a couple minutes due to possible delays. As this didn’t help, I tried to invite the second account in an incognito browser window – without success. Next I checked the properties of the successfully created user and noted that the last name didn’t match the last name provided on invitation of the first test account. The last name was equal to the last name provided on invitation of the second account (ending in 2 that stands for second account).
We finally found the cause thanks to a hint from the provider of the test accounts. There was only a single email inbox for all of the provided email addresses as 9 of these addresses were only redirections to the 10th.
So before inviting guests to Microsoft Entra ID make sure the email addresses to be invited are not only redirections/aliases to/of an email address of an already existing user.
Leave a Reply