Article updated in 2025 to switch to Microsoft Graph

UserType is not always accurate for identifying external or member users

If you search an Office 365 user with Get-MgUser (or legacy CMDlets Get-AzureADUser or Get-MsolUser), you get details about the account type with the attribute UserType. The value can be:

  • Member: the user is part of the Azure AD tenant
  • Guest: the user is a guest, for example to access to Microsoft Teams or SharePoint site

According to this Microsoft blog, the UserType attribute was first introduced the 31st August 2014, so every user created before this date has the UserType attribute empty.

Identify empty UserType

In my environment, I had a few users with empty UserType. To verify, use one of these two commands (depends on which module you use):

Connect-MgGraph -Scopes User.Read.All

Get-MgUser -All -Property UserPrincipalName,UserType,CreatedDateTime | Where-Object UserType -eq $null | Select-Object UserPrincipalName, UserType, CreatedDateTime

When I check the user with UserType empty, I see these users are created before 31st August 2014:

Fix the UserType empty value

To fix this issue, the UserType has to be filled with Member (or Guest for external user, but I don't think external user existed in 2014):

Get-MgUser -All -Property UserPrincipalName,UserType,CreatedDateTime | Where-Object UserType -eq $null | Update-MgUser -UserType Member

Legacy CMDlets

Get-MsolUser -All | Where {$_.UserType -eq $null} | Select UserPrincipalName, WhenCreated

Get-MsolUser -All | Where {$_.UserType -eq $null} | Set-MsolUser -UserType Member

Microsoft 365
Next Post La boîte aux lettres locale de cet expéditeur n’a pas été migrée vers Exchange Online

Comments

banner-Bastien Perez
Bastien Perez's avatar

Freelance Microsoft 365 - Active Directory - Modern Workplace

France