Missing “UserType” attribute in Azure AD

UserType is not always accurate for identifying external or member users

If you search an Office 365 user with Get-AzureADUser or Get-MsolUser, you get details about the account type with the attribute UserType. The value can be:

  • Member: the user is part of the Azure AD tenant
  • Guest: the user is a guest, for example to access to Microsoft Teams or SharePoint site

According to this Microsoft blog, the UserType attribute was first introduced the 31st August 2014, so every user created before this date has the UserType attribute empty.

Identify UserType empty

In my environment, I had a few users with empty UserType. To verify, use one of these two commands (depends on which module you use):

Get-AzureADUser -All $true

Get-MsolUser | Select ObjectId,DisplayName,UserPrincipalName,UserType

When I check the user with UserType empty, I see these users are created before 31st August 2014:

Get-MsolUser -All | Where {$_.UserType -eq $null} | Select UserPrincipalName, WhenCreated

Fix the UserType issue

To fix this issue, the UserType has to be filled with Member (or Guest for external user, but I do not thing external user exist in 2014):

Get-MSOLUser -All | Where {$_.UserType -eq $null} | Set-MsolUser -UserType Member