Forum Discussion

bstroot's avatar
bstroot
Copper Contributor
Sep 24, 2024

New external/local user in B2C tenant

Hello,

I'm trying to use Microsoft Graph API in PowerShell to create external/local users in our B2C tenant, but I receive the following error: "The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization." There must be a parameter to switch from an internal or federated user to an external one, but I've been unable to find it. Any help you can offer would be appreciated! Here is my script:

 

$NewUsers = Import-Csv $NewCSVPath

ForEach($NewUser in $NewUsers){

    $TestTheUser = $null
    $TestTheUser = (Get-MGUser -UserId $NewUser.UserPrincipalName -ErrorAction SilentlyContinue).Id

    IF ($TestTheUser) {
        Continue
    }
    else {
        $PasswordProfile = @{
            Password = "Ninja%67#Dangerous"
            ForceChangePasswordNextSignIn = $false
        }    
        $UserParams = @{
            DisplayName = $NewUser.DisplayName
            UserPrincipalName = $NewUser.UserPrincipalName
            PasswordProfile = $PasswordProfile
            AccountEnabled = $true
            MailNickname = $NewUser.MailNickname
            identities = @(
                @{
                    signInType = "emailAddress"
                    issuer = "<MyTenant>.onmicrosoft.com"
                    issuerAssignedId = $NewUser.UserPrincipalName
                }
            )
            passwordPolicies = "DisablePasswordExpiration"
        }
        New-MgUser @UserParams
    }
}
  • bstroot 

     

    Error message indicates that the userPrincipalName is not in the correct format for an external user.
    To fix this, you need to modify the identities parameter in your script. 
    Please try this..
    identities = @(
    @{
    signInType = "emailAddress"
    issuer = "<YourTenant>"
    issuerAssignedId = $NewUser.UserPrincipalName
    }
    )
    Replace <YourTenant> with your actual B2C tenant name.
    Also, make sure the userPrincipalName in your CSV file is in the correct format for an external user, like username_<YourTenant>.
    • bstroot's avatar
      bstroot
      Copper Contributor
      Thank you for your reply. For anyone finding this in the future, my problem was that I was trying to specify the user principal name. My script works fine if I do not specify the user principal name.
      • balasubramanim's avatar
        balasubramanim
        Iron Contributor

        bstroot 

        the issue arose because you were explicitly specifying the UserPrincipalName. In Azure AD B2C, it's better to exclude the UserPrincipalName for external/local users and let the system handle it through the identities field.

        For anyone facing a similar issue, the key solution is:

        Do not manually specify the UserPrincipalName when creating external or local users in an Azure AD B2C tenant. Instead, focus on defining the user identity using the identities parameter to ensure the user is correctly recognized as an external user.
        By exclude the UserPrincipalName, the system can handle the user creation process correctly.

Resources