Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to convert an Azure AD B2B user from guest to member

·453 words·3 mins· 100 views · 5 likes ·
Azure AD Connect-MsolService Get-MsolUser Import-Module

By default, when an Azure AD B2B collaboration user is added to a tenant, the UserType property of the user is set to “Guest.” However, it may be the case that the host organization wants to treat the invited user as a member rather than a guest. This property cannot be modified from the Azure portal and can only be modified through PowerShell. In this post, I will show you how to make this change. Important: The UserType property only indicates the user’s relationship to the host organization and allows the organization to enforce policies that depend on this property. It is recommended to change this property only if the user’s relationship with the organization changes.

PowerShell Workaround>

PowerShell Workaround #

First, you need to ensure the MSOnline module is installed on your computer and then imported into your PowerShell session. To do that, you should use the following commands.

Install-Module MSOnline
Import-Module MSOnline

Once you have imported the module, you are ready to start.

Connect to Azure Active Directory.>

Connect to Azure Active Directory. #

The easiest way to get started is to log in interactively at the command line.

Connect-MsolService
Filter for guest users in the directory>

Filter for guest users in the directory #

To get the list of users treated as “Guest” in your tenant, you should use the Get-MsolUser cmdlet with the following syntax.

Get-MsolUser | Where-Object UserType -eq "Guest"

To change the UserType property on a user, you must know the value of the “ObjectId” property of the user in question. In my case, to improve the reading of the code, I will store the user object in the $user variable.

$user = Get-MsolUser -UserPrincipalName <UserPrincipalName>
Set the UserType property>

Set the UserType property #

once the user object is stored in the $user variable, you should use the Set-MsolUser cmdlet with the following syntax to set the new value of the UserType property.

Set-MsolUser `
    -ObjectId $user.ObjectId `
    -UserType "Member"

Get-MsolUser
You can always change the UserType property again using the following command.

Set-MsolUser `
    -ObjectId $user.ObjectId `
    -UserType "Guest"

Keep in mind that this property accepts two values:

  • Member: This value indicates that the user is an employee of the host organization.
  • Guest: This value indicates that the user is considered an external collaborator and does not belong to the host organization.
Verify the changes made>

Verify the changes made #

Once the previous step is done, to verify that the change was successful, use the Get-MsolUser cmdlet with the following syntax.

Get-MsolUser `
    -ObjectId $user.ObjectId `
    | Select-Object DisplayName, UserType

Thanks for reading my post. I hope you find it helpful. If you want to learn more about password policy recommendations, check out this link.