Comments on: How to Convert Azure B2B Guest Users to Members While Maintaining User Collaboration https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/ Practical Office 365 News, Tips, and Tutorials Thu, 10 Aug 2023 17:42:09 +0000 hourly 1 https://wordpress.org/?v=6.6.1 By: Richard Dean https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-271790 Thu, 10 Aug 2023 17:42:09 +0000 https://practical365.com/?p=53323#comment-271790 I was so informed today that due to constant updates to the Microsoft 365 substrate, that if one follows the process outlined in the article in 2023, then there is a potential that the converted accounts won’t work with shared channels in Teams. We are unsure why at this time. Potentially synchronization of properties between Entra ID directory and Teams. So I caution using this process further since it is almost 2 years old now.

]]>
By: Adam https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-267696 Fri, 30 Jun 2023 21:47:26 +0000 https://practical365.com/?p=53323#comment-267696 This caused big problems if you want to use a shared channel within your org as the concerted members aren’t seen a true members so cannot be invited, as it’s not supported by Microsoft they won’t offer any solutions, has anyone been able to resolve this problem?

]]>
By: Bobby W https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-262530 Tue, 09 May 2023 20:26:02 +0000 https://practical365.com/?p=53323#comment-262530 In reply to Valentin.

It doesn’t delete the account if you delete the source account from the source tenant. The account remains in the target tenant and remains useable.

My concern is, if you leave Federated-ExternalAzureAD on the migrated account, are there any limitations or drawbacks to that configuration. Will it bite the org in the future!?

Cheers,

Bobby.

]]>
By: Valentin https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-258584 Wed, 05 Apr 2023 09:39:33 +0000 https://practical365.com/?p=53323#comment-258584 Considering an M&A scenario, have you deleted the originating identity after converting the guest to a member? When you do that your converted identity will be deleted. Right?

]]>
By: Graham Lindsay https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-258074 Fri, 31 Mar 2023 18:45:31 +0000 https://practical365.com/?p=53323#comment-258074 Hi Rich

I’m curious how supported and viable this method is since the account will remain as an “external federated account”. I’ve done everything I can to clear this with no joy. The idea of this is great and would save a lot of hassle. But my worry would be the linkage back to the source account.

Ignoring the fact that teams doesn’t support the conversion

If I was performing a migration with say quest on demand. I could

1. Convert target azureAD user to member and licence
2. Match accounts src/trg with questOD
3. Soft match the account with the migrated onPrem AD (optional if using ADDS)
4. Migrate and switch mailbox with questOD

With the migrated account as source being ExternalAzureAD surely this will have some long term consequences

1. Would deleting the source remove the target converted guest?
2. Resetting password in portals is blocked as it’s seen as a federated account. Does that mean SSPR would fail?

]]>
By: Ash https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-248317 Wed, 14 Dec 2022 01:27:24 +0000 https://practical365.com/?p=53323#comment-248317 You can reset the user’s redemption status which will clear the federated “ExternalAzureAD”.
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status

However, the user can always re-accept the invitation.

It would be nice to be able to clear the following attributes, Userstate and creationtype

PS C:\> get-AzureADUser -ObjectId 5e2cjb26-hc1790-0e1-ad23-0e5825aac74e | select Userstate,creationtype,UserType

UserState CreationType UserType
——— ———— ——–
Accepted Invitation Member

Running;
Set-AzureADUser -ObjectId 5e2cjb26-hc1790-0e1-ad23-0e5825aac74e -CreationType $null -UserState $null

does nothing.

]]>
By: Ash https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-248316 Wed, 14 Dec 2022 01:26:49 +0000 https://practical365.com/?p=53323#comment-248316 Thanks Richard for the write up.

A few things to mindful of after converting guest to member account:
If the guest account accepted the invite, the converted member account will still have the federated “ExternalAzureAD” as the issuer.

From graph, https://graph.microsoft.com/v1.0/users/user@domain.com?$select=identities

“@odata.context”: “https://graph.microsoft.com/v1.0/$metadata#users(identities)/$entity”,
“identities”: [
{
“signInType”: “federated”,
“issuer”: “ExternalAzureAD”,
“issuerAssignedId”: null
},
{
“signInType”: “userPrincipalName”,
“issuer”: “domain.onmicrosoft.com”,
“issuerAssignedId”: “user@domain.com”
}

This means the user can authenticate with two different credentials.

]]>
By: Rich Dean https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-243061 Fri, 16 Sep 2022 17:16:28 +0000 https://practical365.com/?p=53323#comment-243061 Check out … https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-direct-connect-overview

Azure Active Directory (Azure AD) B2B direct connect is a feature of External Identities that lets you set up a mutual trust relationship with another Azure AD organization for seamless collaboration. This feature currently works with Microsoft Teams shared channels.

]]>
By: Rich Dean https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-243060 Fri, 16 Sep 2022 17:15:16 +0000 https://practical365.com/?p=53323#comment-243060 In reply to JVG.

Thanks JVG,

Must have been a typo in the publication transfer. Thanks for calling it out.

]]>
By: Rich Dean https://practical365.com/how-to-convert-azure-b2b-guest-users-to-members-while-maintaining-user-collaboration/#comment-243059 Fri, 16 Sep 2022 17:14:25 +0000 https://practical365.com/?p=53323#comment-243059 In reply to Peter.

Hi Peter,

I honestly do not know, I would say it is a gray zone that would need to be tested.

]]>