快速入门:使用 PowerShell 添加来宾用户Quickstart: Add a guest user with PowerShell

有很多种方法可用于邀请外部合作伙伴通过 Azure Active Directory B2B 协作访问你的应用和服务。There are many ways you can invite external partners to your apps and services with Azure Active Directory B2B collaboration. 在上个快速入门中,你已了解如何在 Azure Active Directory 管理门户中直接添加来宾用户。In the previous quickstart, you saw how to add guest users directly in the Azure Active Directory admin portal. 此外还可以使用 PowerShell 添加来宾用户,可以选择一次添加一个,也可以选择批量添加。You can also use PowerShell to add guest users, either one at a time or in bulk. 在本快速入门中,你将使用 New-AzureADMSInvitation 命令将一个来宾用户添加到 Azure 租户。In this quickstart, you’ll use the New-AzureADMSInvitation command to add one guest user to your Azure tenant.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don’t have an Azure subscription, create a Trial before you begin.

先决条件Prerequisites

安装最新的 AzureADPreview 模块Install the latest AzureADPreview module

确保已安装最新版本的 Azure AD PowerShell for Graph 模块 (AzureADPreview)。Make sure that you install the latest version of the Azure AD PowerShell for Graph module (AzureADPreview).

首先,检查已安装了哪些模块。First, check which modules you have installed. 以已提升的用户身份打开 Windows PowerShell(以管理员身份运行),然后运行以下命令:Open Windows PowerShell as an elevated user (Run as administrator), and run the following command:

Get-Module -ListAvailable AzureAD*

如果显示了 AzureADPreview 模块,但没有任何指示还有更高版本的消息,请进行设置。If the AzureADPreview module displays with no message indicating there’s a later version, you’re set. 否则,请根据输出,执行以下操作之一:Otherwise, based on the output, do one of the following:

  • 如果未返回任何结果,请运行以下命令来安装 AzureADPreview 模块:If no results are returned, run the following command to install the AzureADPreview module:

    Install-Module AzureADPreview
    
  • 如果结果中仅显示了 AzureAD 模块,请运行以下命令来安装 AzureADPreview 模块:If only the AzureAD module shows up in the results, run the following commands to install the AzureADPreview module:

    Uninstall-Module AzureAD 
    Install-Module AzureADPreview 
    
  • 如果结果中仅显示了 AzureADPreview 模块,但收到消息指出存在更新的版本,请运行以下命令来更新此模块:If only the AzureADPreview module shows up in the results, but you receive a message that indicates there's a later version, run the following commands to update the module:

    Uninstall-Module AzureADPreview 
    Install-Module AzureADPreview 
    

你可能会收到正在从不受信任的存储库安装模块的提示。You might receive a prompt that you're installing the module from an untrusted repository. 如果之前未将 PSGallery 存储库设置为受信任的存储库,则可能出现此情况。This occurs if you haven't previously set the PSGallery repository as a trusted repository. 按 Y 以安装模块。Press Y to install the module.

获取测试电子邮件帐户Get a test email account

需要可向其发送邀请的测试电子邮件帐户。You need a test email account that you can send the invitation to. 这些帐户必须来自组织外部。The account must be from outside your organization.

登录租户Sign in to your tenant

运行以下命令以连接到租户域:Run the following command to connect to the tenant domain:

Connect-AzureAD -AzureEnvironmentName AzureChinaCloud -TenantDomain "<Tenant_Domain_Name>"

例如,Connect-AzureAD -AzureEnvironmentName AzureChinaCloud -TenantDomain "contoso.partner.onmschina.cn"For example, Connect-AzureAD -AzureEnvironmentName AzureChinaCloud -TenantDomain "contoso.partner.onmschina.cn".

在系统提示时输入凭据。When prompted, enter your credentials.

发送邀请Send an invitation

  1. 要向测试电子邮件帐户发送邀请,请运行以下 PowerShell 命令(将“Sanda”和“sanda@fabrikam.com”替换为你的测试电子邮件帐户名和电子邮件地址) :To send an invitation to your test email account, run the following PowerShell command (replace "Sanda" and sanda@fabrikam.com with your test email account name and email address):

    New-AzureADMSInvitation -InvitedUserDisplayName "Sanda" -InvitedUserEmailAddress sanda@fabrikam.com -InviteRedirectURL https://account.activedirectory.windowsazure.cn/r#/applications -SendInvitationMessage $true
    
  2. 该命令向指定的电子邮件地址发送邀请。The command sends an invitation to the email address specified. 查看输出,输出应如下所示:Check the output, which should look similar to the following:

    显示“等待用户接受”的 PowerShell 输出

验证用户是否存在于目录中Verify the user exists in the directory

  1. 要验证邀请的用户是否已添加到 Azure AD,请运行以下命令:To verify that the invited user was added to Azure AD, run the following command:

    Get-AzureADUser -Filter "UserType eq 'Guest'"
    
  2. 查看输出,确保已列出受邀用户,其中用户主体名称 (UPN) 采用 emailaddress#EXT#@domain 的格式 。Check the output to make sure the user you invited is listed, with a user principal name (UPN) in the format emailaddress#EXT#@domain. 例如,sanda_fabrikam.com#EXT#@contoso.partner.onmschina.cn ,其中 contoso.partner.onmschina.cn 是你从中发送邀请的组织。For example, sanda_fabrikam.com#EXT#@contoso.partner.onmschina.cn, where contoso.partner.onmschina.cn is the organization from which you sent the invitations.

    显示已添加的来宾用户的 PowerShell 输出

清理资源Clean up resources

目录中不再需要测试用户帐户时,请将其删除。When no longer needed, you can delete the test user account in the directory. 运行以下命令来删除用户帐户:Run the following command to delete a user account:

 Remove-AzureADUser -ObjectId "<UPN>"

例如: Remove-AzureADUser -ObjectId "sanda_fabrikam.com#EXT#@contoso.partner.onmschina.cn"For example: Remove-AzureADUser -ObjectId "sanda_fabrikam.com#EXT#@contoso.partner.onmschina.cn"

后续步骤Next steps

在本快速入门中,你已邀请一个来宾用户并使用 PowerShell 将其添加到目录。In this quickstart, you invited and added a single guest user to your directory using PowerShell. 接下来,了解如何使用 PowerShell 批量邀请来宾用户。Next, learn how to invite guest users in bulk using PowerShell.