CODEWITHSUNDEEP
powershellazureazure-powershell
trailmax
trailmax

Reputation: 35106

Azure Powershell throws "Unknown User Type"

I'm trying to authenticate Powershell script against the AD Account (as per this guide):

$userName = "[email protected]"
$securePassword = ConvertTo-SecureString -String "myPassword1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword)
Add-AzureAccount -Credential $cred

However I'm getting error:

Add-AzureAccount : unknown_user_type: Unknown User Type
At line:2 char:1
+ Add-AzureAccount -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Add-AzureAccount], AadAuthenticationFailedException
    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount

And it does not matter what I type into the username/password, even "adsfasdf" for both username and password give me the same result.

Anybody had and fixed this problem before?

Upvotes: 10

Views: 16606

Answers (4)

Larry Golding
Larry Golding

Reputation: 71

When I encountered this error, the problem was that the account I was logging in with (my Windows Live account) requires two-factor authentication. The documentation describes three ways to log in:

  1. Interactively, with Connect-AzureAD -Confirm. This pops a dialog, so can't be used for unattended scripts.

  2. With a variable, as the OP and I attempted. But the docs say:

If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication.

  1. As a service principal, using a self-signed certificate -- which was more work than I was willing to do, and fortunately I didn't need unattended operation, so I could use option #1.

Upvotes: 0

LazerPanther
LazerPanther

Reputation: 1

To elaborate on the UPN issue in this post, I just started using Azure AD myself and was receiving this error. What they mean by "Using the userPrincipalName" is actually as silly and easy as it sounds. I was trying to use connect-azuread with stored credentials and receiving this same error. What I found was the connection was failing when using as the login. Once I changed it to [email protected] I was able to automate the connection.

I hope this is helpful as it solved my issue right away!

Upvotes: 0

Jeisson delgado cuentas
Jeisson delgado cuentas

Reputation: 35

I was trying to change the password for a B2C user.

I was using a .NET solution that uses the GraphAPI library

But when I did the password change tests I got the message "Unknown User Type"

For fix the error I changed the value of the username in the information to change the password with the value in the property "userPrincipalName" instead of using the "username". This property can be seen in the portal of Azure clasico or with GraphApi:

{ "odata.type": "Microsoft.DirectoryServices.User", "objectType": "User", "objectId": "xxxxxxxxxxxxxxxxxxxx", "deletionTimestamp": null, "accountEnabled": true, "signInNames": [ { "type": "userName", "value": "joeconsumer" } ], "userPrincipalName": "[email protected]", "userType": "Member" }

I hope this helps you

Upvotes: 0

Aman Sharma
Aman Sharma

Reputation: 1990

For anyone coming to this question, I am providing my analysis which resolved the similar issue in my environment. I am also considering very helpful comments from the original question in the response below.

  1. Do check if you are able to use these credentials and manually log into the Azure portal
  2. Ensure that the account you are using is an Organizational account. Microsoft has security restriction where you can't log in using your Microsoft Account (earlier known as live id) which you use for various purposes and sites. This organizational account must be separate from Microsoft account.

Read more about the requirement regarding Organization account here on official Microsoft published document: Windows Azure Organizational Accounts FAQ

Upvotes: 1

Related Questions