Description:
You are configuring Azure B2B to allow external users to access your on-premise application securely.
You have configure the Azure B2B setting and have publish the on-premise application using Azure AD Application Proxy. Now you want to use the Azure B2B script to create the Guest account in on-premise Active Directory automatically.
You downloaded the script from https://www.microsoft.com/en-us/download/details.aspx?id=51495.
However when you run it, you saw some error and the users never get created in on-premise Active Directory.
During troubleshooting, you found out that the script has not enough application permission to connect or query to Azure AD. You even triple check the API permission, but cannot found the cause of the error.
Resolution:
The "AppProxy-GuestAccountCreation-v1.0.3.ps1" script is not updated. PowerShell script still uses deprecated Azure AD Graph API instead of MS Graph API.
You can download the updated script from https://github.com/MicrosoftDocs/azure-docs/files/7090340/AppProxy-GuestAccountCreation-v1.0.3.txt.