Symptom
When an Azure user logs into Kepion but does not see their Apps. This issue could be due to an out-of-sync state between Azure AD and Windows AD.
Resolution
This Azure user has likely been previously deleted from Azure and then added back in. For example, user@corp.com (an external user) was deleted from Azure AD “CloudAD” using portal.azure.com and was then added back in.
Each time user@corp.com was added back through the Azure portal, it received a new Object Id. However, the information about this user from the AD server will return an outdated version of their Object Id.
1. Open Windows PowerShell.
2. Run the following command to initiate a connection to Azure Active Directory:
Connect-MsolService
3. Run the following commands to get all deleted users and their object Id.
Get-MsolUser -ReturnDeletedUsers
Format-Table UserPrincipalName, ObjectId
4. Run the following command to delete the target Object Id.
Note: Replace <ObjectId> with the Azure Object Id of the target user.
Remove-MsolUser -ObjectId <ObjectId> -RemoveFromRecycleBin -Force
5. Enter Y to confirm.