Reputation: 3035
Create Azure AD B2C local account user with Powershell New-AzureADUser
I'm trying to create a local user in an Azure AD B2C directory which can be used for authentication immediately after creation.
Connect-AzureAD -TenantId $targetB2cTenant
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.Password = "Test-User-Password-Here"
$userName = "[email protected]"
$signInNames = @(
(New-Object `
Microsoft.Open.AzureAD.Model.SignInName `
-Property @{Type = "userName"; Value = $userName})
)
$newUser = New-AzureADUser -AccountEnabled $True -DisplayName "testpowershellusercreation" -PasswordProfile $passwordProfile -SignInNames $signInNames -CreationType "LocalAccount"
Disconnect-AzureAD
From reading the documentation I need to specify the CreationType parameter as "LocalAccount":
https://learn.microsoft.com/en-us/powershell/module/azuread/new-azureaduser?view=azureadps-2.0
Creating a B2C user with MFA that can immediately login
However when I run the powershell code I receive the following error:
New-AzureADUser : Error occurred while executing NewUser
Code: Request_BadRequest
Message: One or more properties contains invalid values.
This error message is not present when I remove the -CreationType parameter.
What is the correct way to create a local account in a B2C directory using Powershell?
Upvotes: 2
Views: 3789
Answers (2)
Reputation: 1
I think you could also change the type of sign-in name from "userName" to "email", to work around this issue and allow users to continue using their foreign domain email addresses as login, if required.
$signInNames = (
(New-Object `
Microsoft.Open.AzureAD.Model.SignInName `
-Property @{Type = "email"; Value = "[email protected]"})
)
Upvotes: 0
Reputation: 14654
A sign-in name of type "userName" can't contain the '@' character in the value property.
i.e. You can't set it to an email address.
You might want to also set the following parameters for the new user:
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.ForceChangePasswordNextLogin = $False
$passwordProfile.Password = "<Password>"
$newUser = New-AzureADUser ... -PasswordPolicies "DisablePasswordExpiration"
Upvotes: 4
Related Questions
- Creating new AD B2C user via Microsoft Graph API
- Register a user in Azure AD B2C and login with username
- Azure AD B2C - How to create a consumer user programatically?
- Microsoft Graph API - Create user in Azure AD B2C with local account identity gives Request_ResourceNotFound error
- Using Azure AD Graph API to create a User in Azure AD B2C
- Creating a B2C user with MFA that can immediately login
- Unable to create a local account via graph api in Azure B2C
- Create user using Azure AD Graph API in Azure AD B2C
- Azure AD B2C Create User with the Graph API
- Create an Azure AD B2C (Preview) User Programmatically