UserType is not always accurate for identifying external or member users
If you search an Office 365 user with Get-AzureADUser
or Get-MsolUser
, you get details about the account type with the attribute UserType
. The value can be:
- Member: the user is part of the Azure AD tenant
- Guest: the user is a guest, for example to access to Microsoft Teams or SharePoint site
According to this Microsoft blog, the UserType
attribute was first introduced the 31st August 2014, so every user created before this date has the UserType attribute empty.
Identify empty UserType
In my environment, I had a few users with empty UserType. To verify, use one of these two commands (depends on which module you use):
Get-AzureADUser -All $true
Get-MsolUser| Select ObjectId,DisplayName,UserPrincipalName,UserType
When I check the user with UserType empty, I see these users are created before 31st August 2014:
Get-MsolUser -All | Where {$_.UserType -eq $null} | Select UserPrincipalName, WhenCreated
Fix the UserType empty value
To fix this issue, the UserType has to be filled with Member (or Guest for external user, but I don't think external user existed in 2014):
Get-MsolUser -All | Where {$_.UserType -eq $null} | Set-MsolUser -UserType Member
Clap
Comments