For the last few months, we have been working on an Internal IT project pushing more of Mirazon’s resources up into the Microsoft Office 365 cloud.
The setup of AAD Connect, the newest iteration of the DirSync process, was painless. In the past, we’ve blogged on ADFS vs. DirSync and Migration and even setting up basic DirSync. Our own Kevin Oppihle wrote a great article on his personal blog about DirSync filtered by OU. So, you can assume we’ve followed the appropriate guidelines and have things set up properly.
We have some Cloud-only users here and there, but for the most part, our internal AD is synced and we are licensing users for Office 365 Pro/Plus via our E3 accounts.
All is well, except we have one pesky user that is “br0k3d” for some reason.
See that? His account, even though it is synced with our own Active Directory, gives this strange error: “You cannot edit users outside your organization”.
I’d like to know more about his account. Let’s follow Ed’s awesome instructions to get into Office 365 via PowerShell.
See that command? It’s: “Get-MsolUser –Userprincipalname user@domain.com | fl displayname, userprincipalname, usertype”
I want to know a few things about Derek. If I wanted to know everything about Derek, I would do “|fl * | more” in order to get more details. But for this purpose, that’s not important.
Did you notice that he is “UserType” of Guest? Let’s compare that to my own account.
Strange, I’m a member and Derek is a guest. Let’s change that.
Notice the new command: “Set-MsolUser –Userprincipalname user@domain.com –usertype Member”
And also notice that he is now a member.
Let’s go back to our Office 365 Portal and see what we have adjusted.
Hooray! He now is a member of our Office 365 tenant and is ready for us to assign licensing, etc. All is well!
Disclaimer: I didn’t find and make this answer up myself. The Microsoft Office 365 Community Forum led us to this answer here. Thanks MarlinTodd2016 whoever you are!