Convert Azure AD B2B Users from Guest to Member: How and Why

The primary difference between a Guest and a Member user lies in their lookup rights in the Azure AD domain. There are some important differences between UserType of Guest vs Member, specifically:

  • Member. A user expects to have access to internal-only sites. This user is not considered an external collaborator. This will be important when trying to exercise rights that come with privileged roles like Global Administrator.
  • Guest. indicates a user who isn’t considered internal to the company. This type of user will have restricted access and lookup rights in the directory.

Read more about this in “Understand the B2B user”.

To convert a user from UserType Guest to Member

Install the Azure AD PowerShell module

Install-Module AzureAD

Authenticate to your Azure AD tenant

Connect-AzureAD

Search for your user by upn (just to be sure).

Get-AzureADUser -SearchString pete.zerger@lumagatena.com

Now, pass the output to Set-AzureADUser, setting UserType to member

Get-AzureADUser -SearchString pete.zerger@lumagatena.com | Set-AzureADUser -UserType member

Repeat the Get-AzureADUser search to confirm the output shows Usertype = Member

Get-AzureADUser -SearchString pete.zerger@lumagatena.com

This would be a handy feature in the UI for sure. There is an actually a request on User Voice for this feature. Vote it up if you agree: Update UserType from portal.

Print Friendly, PDF & Email

Leave a Reply