We know that there is no good way of managing external users in the Admin Portal today and we are thinking about ways to solve this.
Please see my other (recent) comment. You MAY better understand what Microsoft were trying to do if you had created a 'contact' for Fabrice first, then shared with that contact. You would have had some management through Contacts. Contacts is Microsoft's Exchange Online way of dealing with external users for many Exchange purposes, other than Sharing (which comes more from the SharePoint side of development). This is an area that needs better unification. However if you create a Contact first, then Share, an #EXT# user is created with a graceful link made between the two, and that has been the case for several years. Microsoft need to build on that.
(https://answers.microsoft.com/en-us/msoffice/forum/all/issues-syncing-ext-accounts/8b6e6d4f-895a-4920-8052-ad3faa70cec0) - posted by somebody back in 2015.
Unfortunately if you share first (resulting in automatic creation of an #EXT# user, you cannot create a matching Contact (error generated due to an address conflict, no handling mechanism provided). You have to delete the #EXT# user, create a Contact then re-share with that Contact.
I think the best solution is for Microsoft to better harmonise the concepts of Contacts and External users, that would work within the logic of what they are already doing (I think).
a) Contacts should become a special type of user, or
b) A Contact should in future be automatically created, rather than one of these #EXT# users, and a Contact be made into an entity that can handle permissions.
Please would people mind looking at my post here:
I have come across a closely related problem. By creating a 'contact' for external people before sharing, you solve a lot of problems, because when you later share, Office 365 can set up a matching #EXT# user with the same address and no errors.
Unfortunately a lot of people don't realise they need to do this until too late. If they have already made shares with the external person (so an #EXT# user already exists) AND THEN they realise they need a contact....
....well then they have a problem, because they just get given an error saying basically the proxy or address is already in use, but in my opinion they SHOULD get asked 'are you trying to create an associated contact'?
Basically, for matching Contacts=#EXT# user, currently you must create Contact first, then share. If you don't, you are forced to delete the #EXT# user, create a contact, then redo all the shares with that person if you can remember them to recreate the #EXT# user, which finally is allowed to match the Contact.
23 votesAnonymous shared this idea ·
I do not agree with this. I have just gone through a difficult call with Technical Support. At first they missed the point, but eventually we understood each other, and I feel I understand this better. Please consider the following (also evidenced here by another person: https://answers.microsoft.com/en-us/msoffice/forum/all/issues-syncing-ext-accounts/8b6e6d4f-895a-4920-8052-ad3faa70cec0).
What this link shows, and what my call to technical support showed (eventually) is that if you create a 'contact' FIRST, then share a site/document with that contact, an external user (#EXT#) will get created with a matching email address. That is clearly what Microsoft wants people in your case to do, and what I suggest you should do. Contacts are the correct place to record people who can be emailed.
I think you have mis-identified the problem. The problem is the connection between Contacts and External users, as Microsoft have programmed it. If you create the Contact FIRST, then no problem. HOWEVER, if you share with an external user first AND THEN try to create the contact you get an error:
'The proxy address "SMTP:email@example.com" is already being used by the proxy addresses or LegacyExchangeDN of "blah_blah.com#EXT#"
So, currently you have to delete your external user, create a contact, then share all appropriate sites/documents with that contact, at which point an external user is created again, grafefully linked to the contact.
Microsoft SHOULD, when you create the contact AFTER already having an #EXT# user ask:
'An external user already exists with this address, would you like to create a contact for that user?' And then you could click OK if you wanted to, and not have to destroy all the shares just to get the Contact set up.