Convert-MgBetaUserExternalToInternalMemberUser
Convert an externally authenticated user into an internal user. The user is able to sign into the host tenant as an internal user and access resources as a member. For more information about this conversion, see Convert external users to internal users.
Syntax
Convert-MgBetaUserExternalToInternalMemberUser
-UserId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Mail <String>]
[-PasswordProfile <IMicrosoftGraphPasswordProfile>]
[-UserPrincipalName <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Convert-MgBetaUserExternalToInternalMemberUser
-UserId <String>
-Body <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Convert-MgBetaUserExternalToInternalMemberUser
-InputObject <IUsersActionsIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Mail <String>]
[-PasswordProfile <IMicrosoftGraphPasswordProfile>]
[-UserPrincipalName <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Convert-MgBetaUserExternalToInternalMemberUser
-InputObject <IUsersActionsIdentity>
[-ResponseHeadersVariable <String>]
-BodyParameter <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Convert an externally authenticated user into an internal user. The user is able to sign into the host tenant as an internal user and access resources as a member. For more information about this conversion, see Convert external users to internal users.
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | User-ConvertToInternal.ReadWrite.All | User.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | User-ConvertToInternal.ReadWrite.All | User.ReadWrite.All |
Examples
Example 1: Convert a cloud user and require them to reset their password on next sign in
Import-Module Microsoft.Graph.Beta.Users.Actions
$params = @{
userPrincipalName = "AdeleVance@contoso.com"
passwordProfile = @{
password = "Zdi087#2jhkahf"
forceChangePasswordNextSignIn = "true"
}
}
Convert-MgBetaUserExternalToInternalMemberUser -UserId $userId -BodyParameter $paramsThis example will convert a cloud user and require them to reset their password on next sign in
Example 2: Convert a cloud user, change their mail address, and require password reset on next sign in
Import-Module Microsoft.Graph.Beta.Users.Actions
$params = @{
userPrincipalName = "AdeleVance@contoso.com"
passwordProfile = @{
password = "Zdi087#2jhkahf"
forceChangePasswordNextSignIn = "true"
}
mail = "AdeleV@contoso.com"
}
Convert-MgBetaUserExternalToInternalMemberUser -UserId $userId -BodyParameter $paramsThis example will convert a cloud user, change their mail address, and require password reset on next sign in
Example 3: Convert external User to internal for a user synchronized from on-premises AD
Import-Module Microsoft.Graph.Beta.Users.Actions
Convert-MgBetaUserExternalToInternalMemberUser -UserId $userIdThis example will convert external user to internal for a user synchronized from on-premises ad
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Body
. To construct, see NOTES section for BODY properties and create a hash table.
| Type: | IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-BodyParameter
. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IUsersActionsIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PasswordProfile
passwordProfile To construct, see NOTES section for PASSWORDPROFILE properties and create a hash table.
| Type: | IMicrosoftGraphPasswordProfile |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserId
The unique identifier of user
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserPrincipalName
.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema
Microsoft.Graph.Beta.PowerShell.Models.IUsersActionsIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphConversionUserDetails
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODY <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>: .
[(Any) <Object>]: This indicates any property can be added to this object.[Mail <String>]:[PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile[(Any) <Object>]: This indicates any property can be added to this object.[ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change their password on the next sign-in; otherwise false. If not set, default is false.[ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multifactor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multifactor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.[Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next sign-in. The password must satisfy minimum requirements as specified by the user's passwordPolicies property. By default, a strong password is required.
[UserPrincipalName <String>]:
BODYPARAMETER <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>: .
[(Any) <Object>]: This indicates any property can be added to this object.[Mail <String>]:[PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile[(Any) <Object>]: This indicates any property can be added to this object.[ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change their password on the next sign-in; otherwise false. If not set, default is false.[ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multifactor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multifactor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.[Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next sign-in. The password must satisfy minimum requirements as specified by the user's passwordPolicies property. By default, a strong password is required.
[UserPrincipalName <String>]:
INPUTOBJECT <IUsersActionsIdentity>: Identity Parameter
[AccessReviewInstanceId <String>]: The unique identifier of accessReviewInstance[AccessReviewStageId <String>]: The unique identifier of accessReviewStage[AppLogCollectionRequestId <String>]: The unique identifier of appLogCollectionRequest[AuthenticationMethodId <String>]: The unique identifier of authenticationMethod[CalendarId <String>]: The unique identifier of calendar[ChatId <String>]: The unique identifier of chat[ChatMessageId <String>]: The unique identifier of chatMessage[ChatMessageId1 <String>]: The unique identifier of chatMessage[CloudPcId <String>]: The unique identifier of cloudPC[ContactFolderId <String>]: The unique identifier of contactFolder[ContactFolderId1 <String>]: The unique identifier of contactFolder[ContactId <String>]: The unique identifier of contact[ContentTypeId <String>]: The unique identifier of contentType[DeviceEnrollmentConfigurationId <String>]: The unique identifier of deviceEnrollmentConfiguration[DeviceLogCollectionResponseId <String>]: The unique identifier of deviceLogCollectionResponse[DocumentSetVersionId <String>]: The unique identifier of documentSetVersion[DriveId <String>]: The unique identifier of drive[DriveItemId <String>]: The unique identifier of driveItem[DriveItemVersionId <String>]: The unique identifier of driveItemVersion[EventId <String>]: The unique identifier of event[EventId1 <String>]: The unique identifier of event[JoinWebUrl <String>]: Alternate key of onlineMeeting[ListItemId <String>]: The unique identifier of listItem[ListItemVersionId <String>]: The unique identifier of listItemVersion[MailFolderId <String>]: The unique identifier of mailFolder[MailFolderId1 <String>]: The unique identifier of mailFolder[ManagedDeviceId <String>]: The unique identifier of managedDevice[MessageId <String>]: The unique identifier of message[MobileAppTroubleshootingEventId <String>]: The unique identifier of mobileAppTroubleshootingEvent[NotebookId <String>]: The unique identifier of notebook[OnenotePageId <String>]: The unique identifier of onenotePage[OnenoteSectionId <String>]: The unique identifier of onenoteSection[OnlineMeetingId <String>]: The unique identifier of onlineMeeting[OutlookTaskFolderId <String>]: The unique identifier of outlookTaskFolder[OutlookTaskGroupId <String>]: The unique identifier of outlookTaskGroup[OutlookTaskId <String>]: The unique identifier of outlookTask[PermissionId <String>]: The unique identifier of permission[PlannerPlanId <String>]: The unique identifier of plannerPlan[SensitivityLabelId <String>]: The unique identifier of sensitivityLabel[SubscriptionId <String>]: The unique identifier of subscription[TeamsAppInstallationId <String>]: The unique identifier of teamsAppInstallation[TodoTaskId <String>]: The unique identifier of todoTask[TodoTaskListId <String>]: The unique identifier of todoTaskList[UserId <String>]: The unique identifier of user
PASSWORDPROFILE <IMicrosoftGraphPasswordProfile>: passwordProfile
[(Any) <Object>]: This indicates any property can be added to this object.[ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change their password on the next sign-in; otherwise false. If not set, default is false.[ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multifactor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multifactor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.[Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next sign-in. The password must satisfy minimum requirements as specified by the user's passwordPolicies property. By default, a strong password is required.