How to convert an Azure AD B2B user from guest to member
By default, when an Azure AD B2B collaboration user is added to a tenant, the UserType property of the user is set to “Guest.” However, it may be the case that the host organization wants to treat the invited user as a member rather than a guest. This property cannot be modified from the Azure portal and can only be modified through PowerShell. In this post, I will show you how to make this change. Important: The UserType property only indicates the user’s relationship to the host organization and allows the organization to enforce policies that depend on this property. It is recommended to change this property only if the user’s relationship with the organization changes.
PowerShell Workaround #
First, you need to ensure the MSOnline module is installed on your computer and then imported into your PowerShell session. To do that, you should use the following commands.
Install-Module MSOnline Import-Module MSOnline
Once you have imported the module, you are ready to start.
Connect to Azure Active Directory. #
The easiest way to get started is to log in interactively at the command line.
Filter for guest users in the directory #
To get the list of users treated as “Guest” in your tenant, you should use the Get-MsolUser cmdlet with the following syntax.
Get-MsolUser | Where-Object UserType -eq "Guest"
To change the UserType property on a user, you must know the value of the “ObjectId” property of the user in question. In my case, to improve the reading of the code, I will store the user object in the $user variable.
$user = Get-MsolUser -UserPrincipalName <UserPrincipalName>
Set the UserType property #
once the user object is stored in the $user variable, you should use the Set-MsolUser cmdlet with the following syntax to set the new value of the UserType property.
Set-MsolUser ` -ObjectId $user.ObjectId ` -UserType "Member"
You can always change the UserType property again using the following command.
Set-MsolUser ` -ObjectId $user.ObjectId ` -UserType "Guest"
Keep in mind that this property accepts two values:
- Member: This value indicates that the user is an employee of the host organization.
- Guest: This value indicates that the user is considered an external collaborator and does not belong to the host organization.
Verify the changes made #
Once the previous step is done, to verify that the change was successful, use the Get-MsolUser cmdlet with the following syntax.
Get-MsolUser ` -ObjectId $user.ObjectId ` | Select-Object DisplayName, UserType
Thanks for reading my post. I hope you find it helpful. If you want to learn more about password policy recommendations, check out this link.