Forum Discussion

philmaynard_wap's avatar
philmaynard_wap
Iron Contributor
Oct 04, 2019

Blocked accounts removed from Microsoft Teams even though they're still in the O365 Group!

We've recently spotted that when we block an account in Office 365, the account is removed from the Teams it's in with a 'XYZ has been removed from the team.' message. This is behaviour we did not ex...
microsoft teams
TonyRedmond's avatar
TonyRedmond
MVP
Apr 20, 2021
This continues to be a horrible situation. I have documented the issue and escalated it to the Teams engineering group as a formal bug. Hopefully they will do something:

Teams Processing Causes Problems for Disabled Azure AD User Accounts

Organizations often disable Azure AD accounts when users leave or for other reasons. What you might not know is that Teams then removes the account from membership of individual teams. A background process looks for disabled users and removes these accounts from team memberships. That doesn’t sound too bad, but what’s horrible is when you unblock an account. Teams takes a long time (at least 24 hours) to restore standard teams, it might not ever restore membership of org-wide teams, and private channel membership is removed too. It’s not a good situation.

https://practical365.com/disable-azure-ad-accounts-teams/
StefanHefele's avatar
StefanHefele
Copper Contributor
Apr 05, 2022

I am currently experiencing this situation after making a user account "cloud only" that was previously synced via AD Connect (done by removing the user account from synced OUs/groups, which deletes them in Azure AD, then restoring the account in AAD).

The user experiences very strange behaviour - from seeing two of is ~30 Teams, to seeing 15 of them later that day, back to seeing only 2 of them in the evening - even Teams that we removed and re-added him manually during the day are gone again!

Audit Logs show a wild history of multiple "MemberAdded" and "MemberRemoved" - adding happens in the Team's owner's name, removing in "Microsoft Teams Sync"'s name.

 

Thanks alot for your explanation post of this, TonyRedmond - do you have any insights on when this behavior normalizes itself? We are 24 hours in and I'm a bit scared because the customer cannot work like this - if Group Memberships we re-added after restoring the users are removed again by Teams Sync, there's nothing we can do to prevent this...?! 

  • TonyRedmond's avatar
    TonyRedmond
    MVP
    Apr 06, 2022
    Adding and removing users from Teams membership rosters sounds like a side-effect of turmoil in AAD. The Teams AAD Sync process is responsible for detecting change in AAD and replicating that to Teams, so if odd things are happening there, it's all to do with the underlying AAD. I think you need to have an AAD Connect expert check out the synchronization and what's happening to drive change in AAD (which then shows up in Teams).

Resources