我尝试在Azure AD B2C目录中创建本地用户,该目录可在创建后立即用于身份验证。
Connect-AzureAD -TenantId $targetB2cTenant
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.Password = "Test-User-Password-Here"
$userName = "TestUser@MyTestB2CTenant.onmicrosoft.com"
$signInNames = @(
(New-Object `
Microsoft.Open.AzureAD.Model.SignInName `
-Property @{Type = "userName"; Value = $userName})
)
$newUser = New-AzureADUser -AccountEnabled $True -DisplayName "testpowershellusercreation" -PasswordProfile $passwordProfile -SignInNames $signInNames -CreationType "LocalAccount"
Disconnect-AzureAD
从阅读文档中我需要将CreationType参数指定为" LocalAccount":
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduser?view=azureadps-2.0
Creating a B2C user with MFA that can immediately login
但是当我运行powershell代码时,我收到以下错误:
New-AzureADUser : Error occurred while executing NewUser
Code: Request_BadRequest
Message: One or more properties contains invalid values.
删除-CreationType参数时,此错误消息不存在。
使用Powershell在B2C目录中创建本地帐户的正确方法是什么?
答案 0 :(得分:2)
类型“userName”的登录名称不能包含值属性中的“@”字符。
即。您无法将其设置为电子邮件地址。
您可能还想为新用户设置以下参数:
$passwordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$passwordProfile.ForceChangePasswordNextLogin = $False
$passwordProfile.Password = "<Password>"
$newUser = New-AzureADUser ... -PasswordPolicies "DisablePasswordExpiration"
答案 1 :(得分:0)
我认为您也可以将登录名的类型从“ userName”更改为“ email”,以解决此问题,并允许用户在需要时继续使用其外部域电子邮件地址作为登录名。
$signInNames = (
(New-Object `
Microsoft.Open.AzureAD.Model.SignInName `
-Property @{Type = "email"; Value = "pstesta@fsdfsd.com"})
)