An Azure Active Directory (Azure AD) business-to-business (B2B) collaboration user is a user with UserType = Guest. There are two different user types: guests, and members. What is the difference between a guest, and a member? A guest is a user who isn’t considered internal to the company, such as an external collaborator, partner, or customer. A member is an employee of the host organization and a user in the organization’s payroll. So why change the UserType for an Azure AD B2B user? Let’s say for instance, you have a partner company that is not a member of your tenant. You send them a guest invite to access applications, but you want them to see settings that are only applicable to accounts that are members of your tenant. This can easily be done by converting the UserType from Guest to Member.

Microsoft mentions that you can convert users from Guests to Members, however, they do not explicitly explain how to do so. Here is a reference to the Microsoft document that talks about converting the UserType: (https://docs.microsoft.com/en-us/azure/active-directory/b2b/user-properties#convert-usertype).

Before we can get started, we need to cover some basics:

  • Converting an Azure AD B2B user from Guest to Member can be done through PowerShell only. You can not make this change in the Azure Portal.
  • The UserType property represents the user’s relationship to the organization. So, if the relationship changes, this will allow you to change relationship from Guest to Member or vice-versa.
  • MSOnline Module must be installed through Windows PowerShell.

Now, let’s get started:

Powershell

First, open a Windows PowerShell command prompt as an administrator. If you already have the MSOnline Module installed, you can skip this step. To install the MSOnline Module, run the following command:

Install-Module MSOnline -Force

Next, you will need to authenticate access by running the command below. This will prompt you to sign in to your Azure account.

Connect-MsolService

After logging into your Azure account, run the command below. This will return a list of all the users associated to your Azure AD (this includes external guest users).

Get-MsolUser

Finally, find the User Principle Name (UPN) you would like to convert and run the Set-MSolUser command below. Make sure you define the UserPrincipleName in the command line.

Set-MsolUser -UserPrincipleName <UserPrincipleName here> -UserType Member

Azure Portal

Double-check in the Azure Portal to make sure that the changes were successful. First, navigate to Azure Active Directory in the Azure Portal:

Secondly, under Manage, click Users.

Lastly, filter through and select the appropriate user. Under User Type, you will now see that the property is Member instead of Guest.

If you do not see the changes, you may need to click Refresh.

In addition, to convert the user back, you will just repeat the steps and make sure that the -UserType is set to Guest. Hope this helps!

Convert UserType Guest to Member
Tagged on:     

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.