Missing “UserType” attribute in Azure AD
UserType is not always accurate for identifying external or member users
If you search an Office 365 user with Get-AzureADUser or Get-MsolUser, you get details about the account type with the attribute UserType. The value can be:
- Member: the user is part of the Azure AD tenant
- Guest: the user is a guest, for example to access to Microsoft Teams or SharePoint site
According to this Microsoft blog, the UserType attribute was first introduced the 31st August 2014, so every user created before this date has the UserType attribute empty.
Identify UserType empty
In my environment, I had a few users with empty UserType. To verify, use one of these two commands (depends on which module you use):
Get-AzureADUser -All $true
Get-MsolUser | Select ObjectId,DisplayName,UserPrincipalName,UserType
When I check the user with UserType empty, I see these users are created before 31st August 2014:
Get-MsolUser -All | Where {$_.UserType -eq $null} | Select UserPrincipalName, WhenCreated
Fix the UserType issue
To fix this issue, the UserType has to be filled with Member (or Guest for external user, but I do not thing external user exist in 2014):
Get-MSOLUser -All | Where {$_.UserType -eq $null} | Set-MsolUser -UserType Member