Forum Discussion
New external/local user in B2C tenant
Hello,
I'm trying to use Microsoft Graph API in PowerShell to create external/local users in our B2C tenant, but I receive the following error: "The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization." There must be a parameter to switch from an internal or federated user to an external one, but I've been unable to find it. Any help you can offer would be appreciated! Here is my script:
- balasubramanimIron ContributorError message indicates that the userPrincipalName is not in the correct format for an external user.To fix this, you need to modify the identities parameter in your script.Please try this..identities = @(
@{
signInType = "emailAddress"
issuer = "<YourTenant>"
issuerAssignedId = $NewUser.UserPrincipalName
}
)Replace <YourTenant> with your actual B2C tenant name.Also, make sure the userPrincipalName in your CSV file is in the correct format for an external user, like username_<YourTenant>.- bstrootCopper ContributorThank you for your reply. For anyone finding this in the future, my problem was that I was trying to specify the user principal name. My script works fine if I do not specify the user principal name.
- balasubramanimIron Contributor
the issue arose because you were explicitly specifying the UserPrincipalName. In Azure AD B2C, it's better to exclude the UserPrincipalName for external/local users and let the system handle it through the identities field.
For anyone facing a similar issue, the key solution is:
Do not manually specify the UserPrincipalName when creating external or local users in an Azure AD B2C tenant. Instead, focus on defining the user identity using the identities parameter to ensure the user is correctly recognized as an external user.
By exclude the UserPrincipalName, the system can handle the user creation process correctly.