An Azure Active Directory (Azure AD) business-to-business (B2B) collaboration user is a user with UserType = Guest. There are two different user types: guests, and members. What is the difference between a guest, and a member? A guest is a user who isn’t considered internal to the company, such as an external collaborator, partner, or customer. A member is an employee of the host organization and a user in the organization’s payroll. So why change the UserType for an Azure AD B2B user? Let’s say for instance, you have a partner company that is not a member of your tenant. You send them a guest invite to access applications, but you want them to see settings that are only applicable to accounts that are members of your tenant. This can easily be done by converting the UserType from Guest to Member.
Microsoft mentions that you can convert users from Guests to Members, however, they do not explicitly explain how to do so. Here is a reference to the Microsoft document that talks about converting the UserType: (https://docs.microsoft.com/en-us/azure/active-directory/b2b/user-properties#convert-usertype).
Before we can get started, we need to cover some basics:
- Converting an Azure AD B2B user from Guest to Member can be done through PowerShell only. You can not make this change in the Azure Portal.
- The UserType property represents the user’s relationship to the organization. So, if the relationship changes, this will allow you to change relationship from Guest to Member or vice-versa.
- MSOnline Module must be installed through Windows PowerShell.
Now, let’s get started:
First, open a Windows PowerShell command prompt as an administrator. If you already have the MSOnline Module installed, you can skip this step. To install the MSOnline Module, run the following command:
|Install-Module MSOnline -Force|
Next, you will need to authenticate access by running the command below. This will prompt you to sign in to your Azure account.
After logging into your Azure account, run the command below. This will return a list of all the users associated to your Azure AD (this includes external guest users).
Finally, find the User Principle Name (UPN) you would like to convert and run the Set-MSolUser command below. Make sure you define the UserPrincipleName in the command line.
|Set-MsolUser -UserPrincipleName <UserPrincipleName here> -UserType Member|
Double-check in the Azure Portal to make sure that the changes were successful. First, navigate to Azure Active Directory in the Azure Portal:
Secondly, under Manage, click Users.
Lastly, filter through and select the appropriate user. Under User Type, you will now see that the property is Member instead of Guest.
If you do not see the changes, you may need to click Refresh.
In addition, to convert the user back, you will just repeat the steps and make sure that the -UserType is set to Guest. Hope this helps!