Symptom
When an Azure user logs into Kepion but does not see their Apps. This issue could be due to an out-of-sync state between Azure AD and Windows AD.
Resolution
This Azure user has likely been previously deleted from Azure and then added back in. For example, user@corp.com (an external user) was deleted from Azure AD “CloudAD” using portal.azure.com and was then added back in.
Each time user@corp.com was added back through the Azure portal, it received a new Object Id. However, the information about this user from the active directory server will return an outdated version of their Object Id.
To fix this:
1. Open Windows PowerShell.
2. Run the following command to initiate a connection to Azure Active Directory:
Connect-MsolService
3. Run the following commands to get all deleted users and their object id.
Get-MsolUser -ReturnDeletedUsers
Format-Table UserPrincipalName, ObjectId
4. Use the following command to delete the target Object Id. Replace <ObjectId> with the Azure Object Id of the target user.
Remove-MsolUser -ObjectId <ObjectId> -RemoveFromRecycleBin -Force
5. Enter Y to confirm.
Comments
0 comments
Please sign in to leave a comment.