You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md
+22-33Lines changed: 22 additions & 33 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,62 +30,51 @@ Use the following guidance to remove unmanaged Azure AD accounts from your Azure
30
30
* Use the sample application in [Azure-samples/Remove-unmanaged-guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests)
31
31
* Use PowerShell cmdlets in [AzureAD/MSIdentityTools](https://github.com/AzureAD/MSIdentityTools/wiki/)
32
32
33
-
After you run a tool, users with unmanaged Azure AD accounts access the tenant, and re-redeem their invitations. However, Azure AD prevents users from redeeming with an unmanaged Azure AD account. They’ll redeem with another account type. Google Federation and SAML/WS-Fed are not enabled by default. Therefore, users redeem with a Microsoft account (MSA) or email one-time password (OTP). MSA is recommended.
33
+
After you run a tool, users with unmanaged Azure AD accounts access the tenant, and re-redeem their invitations. However, Azure AD prevents users from redeeming with an unmanaged Azure AD account. They can redeem with another account type. Google Federation and SAML/WS-Fed are not enabled by default. Therefore, users redeem with a Microsoft account (MSA) or email one-time password (OTP). MSA is recommended.
Some tenants created as unmanaged tenants can be taken over and
40
-
converted to a managed tenant. See, [take over an unmanaged directory as
41
-
administrator in Azure AD](./domains-admin-takeover.md).
39
+
It's possible to convert some unmanaged tenants to managed tenants.
42
40
43
-
In some cases, overtaken domains might not be updated, for example, missing a DNS TXT record and therefore become flagged as unmanaged. Implications are:
41
+
Learn more: [Take over an unmanaged directory as administrator in Azure AD](./domains-admin-takeover.md).
44
42
45
-
- For guest users who belong to formerly unmanaged tenants, redemption status is reset and one consent prompt appears. Redemption occurs with same account as before.
43
+
Some overtaken domains might not be updated. For example, a missing DNS TXT record indicates an unmanaged state. Implications are:
46
44
47
-
- After unmanaged user redemption status is reset, the tool might identify unmanaged users that are false positives.
45
+
* For guest users from unmanaged tenants, redemption status is reset. A consent prompt appears.
46
+
* Redemption occurs with same account
47
+
* After resetting unmanaged user redemption status, the tool might identify unmanaged users as false positives
MSIdentityTools PowerShell Module is a collection of cmdlets and scripts, which you use in the Microsoft identity platform and Azure AD. Use the cmdlets and scripts to augment PowerShell SDK capabilities. See, [microsoftgraph/msgraph-sdk-powershell](https://github.com/microsoftgraph/msgraph-sdk-powershell).
See, [Get-MSIdUnmanagedExternalUser](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MsIdUnmanagedExternalUser). The tool returns a list of external unmanaged users, or viral users, in the tenant.
0 commit comments