For instructions, see Reset redemption status for a guest user. You can reset the redemption status by using the Azure portal, Azure PowerShell, or the Microsoft Graph API. Then, you can keep the guest user object without having to delete and then re-create the guest account. Reset the redemption status of the guest user account in the resource tenant. Solution: Reset the redemption status of the guest user account The NetID of the user account in the home tenant changed when the account was deleted and re-created. ![]() In the resource tenant, convert the value of the key attribute within AlternativeSecurityIds to a base64-encoded string: ::ToBase64String((Get-MsolUser -ObjectId 01234567-89ab-cdef-0123-456789abcdefĬonvert the base64-encoded string to a hexadecimal value by using an online converter (such as ).Ĭompare the values from step 1 and step 3 to verify that they're different. In the home tenant, retrieve the value of the LiveID attribute using the Get-MsolUser PowerShell cmdlet: Get-MsolUser -SearchString tuser1 | Select-Object -ExpandProperty LiveID Compare the NetID value of the user account in the home tenant against the key value that's stored within AlternativeSecurityIds of the guest account in the resource tenant, as follows: Because the user account was deleted and created in the home tenant, the NetID value for the account will have changed for the user in the home tenant. When a guest user accepts an invitation, the user's LiveID attribute (the unique sign-in ID of the user) is stored within AlternativeSecurityIds in the key attribute. The MSOnline PowerShell module is set to be deprecated.īecause it's also incompatible with PowerShell Core, make sure that you're using a compatible PowerShell version so that you can run the following commands. The scenario is confirmed if the guest user was created before the home tenant's user account was created. Then, check the creation date of the guest user in the resource tenant against the creation date of the user account in the home tenant. When a guest user tries to access an application or resource in the resource tenant, the sign-in fails, and the following error message is displayed:ĪADSTS50020: User account from identity provider /createdDateTime ![]() This article helps you troubleshoot error code AADSTS50020 that's returned if a guest user from an identity provider (IdP) can't sign in to a resource tenant in Azure Active Directory (Azure AD).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |