Symptom
When an Azure user logs into Kepion and does not see their APPs, this issue potentially can be caused by an out of sync state between Azure AD and Windows AD.
Resolution
This Azure user has been previously deleted from Azure and then added back in. For example, user@corp.com (an external user) was deleted from Azure AD “CloudAD” using portal.azure.com and was then added back in.
Each time user@corp.com was added back through Azure portal, it received a new “object id”. However, the information about this user from the active directory server will returns a stale version of their object id.
To fix this, run the following command to initiate a connection to Azure Active Directory.
Connect-MsolService
Run the following commands to get all deleted users and their object id.
Get-MsolUser -ReturnDeletedUsers | Format-Table UserPrincipalName, ObjectId
Then use the following command to delete the target object id. Replace <ObjectId> with the Azure Object ID of the target user.
Remove-MsolUser -ObjectId <ObjectId> -RemoveFromRecycleBin -Force
Comments
0 comments
Please sign in to leave a comment.